When institutional data is to be shared, collected, or accessed by a third party (e.g., an information technology cloud provider), IU Policy DM-02 "Disclosing Institutional Information to Third Parties" requires the department involved to take proactive steps to be aware of and reduce the risks associated with sharing the information. The University Privacy and Security Offices at IU, offer a service which evaluates third parties and provides an assessment prior to sharing institutional data with the third party. To take advantage of this service and remain in compliance with IU policy, please submit a third-party assessment request form at the link below.
Submit the Third-Party Assessment (3PA) request form
To request an assessment, submit a third-party assessment (3PA) form. This allows the appropriate Data Steward(s) to review and determine whether a security review is required prior to releasing any IU data to the service. After you submit the request, a Data Steward will contact you with questions and issue a data decision with any conditions associated with the approval. For questions related to the third-party assessment, contact email@example.com.
Submit the Software & Services Selection Process (SSSP) form
If your request is associated with a new purchase, you must first submit a Software & Services Selection Process (SSSP) form. Requesters may be asked to submit additional information to the Data Stewards for a third-party assessment. For questions related to this process, contact firstname.lastname@example.org.
Please note: If you need to release institutional data that does not involve a purchase or renewal, please start with a third-party assessment (3PA) request form rather than the SSSP form.