When institutional data is to be shared with a third party (e.g., an information technology cloud provider), Policy DM-02 "Disclosing Institutional Information to Third Parties" requires the department involved to take proactive steps to be aware of and reduce the risks associated with sharing the information.

Submit the Software & Services Selection Process (SSSP) form

The first step is to submit a Software & Services Selection Process (SSSP) form. Requesters may be asked to submit additional information to the Data Stewards for a Third-Party Assessment.

Submit the Data Handling Request (DHR) form

The next step is to submit a Data Handling Request (DHR) form.  This allows the appropriate data steward(s) to review and determine whether a security review is required prior to releasing any IU data to the service.  After you submit the data handling request, a data steward will contact you with questions and issue a data decision with any conditions associated with the approval. 

Please note: If you need to release institutional data that does not involve a purchase or renewal, please start with a data handling request (DHR) rather than the SSSP form.