What is the IDS Checklist?
This checklist is used to "certify" a service, platform, environment to be used for institutional data classified at specific levels of sensitivity by comparing practices and procedures with policies, standards and best practice guidelines. Completion of this checklist is recommended for services, platforms, systems, environments hosting institutional data at any level of classification. It is, however, required for those hosting critical data and may, at the data stewards discretion, be required for some systems hosting restricted data.
The IT People should complete or re-review this checklist in the following scenarios:
- when implementing a new service, platform, environment that will host institutional data;
- when existing functionality has changed significantly since the last "certification";
- when prompted during the IRB submission process due to collection and/or storage of electronic Protected Health Information (ePHI) for research purposes;
- when data at a higher level of sensitivity is being added to the service;
- when the last "certification" is more than 3 years old; or
- when an existing service contains critical data and has not yet been "certified".
Once you have completed your IDS checklist, please be sure to also complete the new IDS checklist submission form. This form will be gathering more detailed information about the type of system being reported, to better help with the review process. Please be sure to complete the IDS checklist before starting this form as you will be asked to upload the completed checklist as part of this form request. Questions about the process or associated policies can be sent to firstname.lastname@example.org