When institutional data is to be shared with a third party (e.g., an information technology cloud provider), Policy DM-02 "Disclosing Institutional Information to Third Parties" requires the department involved to take proactive steps to be aware of and reduce the risks associated with sharing the information.
Submit the Software & Services Selection Process (SSSP) form
The first step is to submit a Software & Services Selection Process (SSSP) form. Requesters may be asked to submit additional information to the Data Stewards for a Third-Party Assessment.
Submit the Data Handling Request (DHR) form
The next step is to submit a Data Handling Request (DHR) form. This allows the appropriate data steward(s) to review and determine whether a security review is required prior to releasing any IU data to the service. After you submit the data handling request, a data steward will contact you with questions and issue a data decision with any conditions associated with the approval.
Please note: If you need to release institutional data that does not involve a purchase or renewal, please start with a data handling request (DHR) rather than the SSSP form.