Sharing institutional data with third parties

Protect data shared with cloud services and other third parties.

When institutional data is to be shared, collected, or accessed by a third party (e.g., an information technology cloud provider), IU Policy DM-02 "Disclosing Institutional Information to Third Parties" requires the department involved to take proactive steps to be aware of and reduce the risks associated with sharing the information. The University Privacy and Security Offices at IU, offer a service which evaluates third parties and provides an assessment prior to sharing institutional data with the third party. To take advantage of this service and remain in compliance with IU policy, please submit a third-party assessment request form at the link below.


Submit the Third-Party Assessment (3PA) request form

To request an assessment, submit a third-party assessment (3PA) formThis allows the appropriate Data Steward(s) to review and determine whether a security review is required prior to releasing any IU data to the service.  After you submit the request, a Data Steward will contact you with questions and issue a data decision with any conditions associated with the approval. For questions related to the third-party assessment, contact


Submit the Software & Services Selection Process (SSSP) form

If your request is associated with a new purchase, you must first submit a Software & Services Selection Process (SSSP) form. Requesters may be asked to submit additional information to the Data Stewards for a third-party assessment. For questions related to this process, contact

Please note: If you need to release institutional data that does not involve a purchase or renewal, please start with a third-party assessment (3PA) request form rather than the SSSP form.