The Information Security Office fulfills Data Usage Form (DUF) requests for software purchases where a party outside of the university would receive or otherwise process institutional data. The procedure below should be followed when a Data Usage Form (DUF) is needed.

Procedure

This procedure should be followed when a Data Usage Form (DUF) is needed.

1. A requestor completes and submits the Data Usage Form (DUF) in Qualtrics.
2. Once submitted, a confirmation email will be sent to the requestor and a ticket will be created in the ISO ticket queue.
3. An ISO member will review the submission for completeness and fill in any missing fields, if necessary.
4. The ISO member will then complete a risk assessment of the described data usage, vendor terms, and other available information.
5. The ISO member will then send the ticket to the Chief Information Security Officer for final review.
6. The CISO will review the DUF and the risk assessment. This step may be delayed if more information is needed.
7. The CISO obtains data steward approval for the described data usage, if necessary.
8. If approved, the CISO will submit the review and assessment to Purchasing for further action. The customer will also receive a notification that the DUF has been completed.

Getting DUF Status Updates

1. Once an ISO member begins processing your DUF request, you will be able to view your ticket in the ServiceNow portal.
2. The current status of your DUF will be noted within the Activity section of the ticket.

Further Reading

Data Usage Form (DUF) Process

Data Usage Form (DUF)

Data Usage Form (DUF) Qualtrics Form Instructions