How do I share IU data with a third party external to the university?

Before you begin

According to University Policy DM-02, you must ensure that any institutional information will be adequately protected from a contractual and a security standpoint prior to disclosure with a third party. Most third-party relationships will require a contract or data sharing agreement before any data is provided. You can start this process by consulting with the relevant Data Steward(s).

Other considerations

Once you have received approval from a Data Steward about the release of information to a third party in compliance with Policy DM-02, it is important to consider the following:

  1. Research: Is this sharing related to research or an initiative with another university? If so, please reach out to SecureMyResearch for appropriate products and services for storing and sharing data.
  2. IT Software or Service: Does this sharing involve a new IT software or service vendor? If so, see the process to go through the SSSP process and requesting a third party assessment. These services provide guidance to units on how data can be shared with the vendor in compliance with the law.
  3. Auditors or Contractors: Will this sharing involve services such as training, assessments, business process review, etc.? If so, please review how to hire consultants that will access IU data.