Institutional Data Standards Checklist for System Providers

What is the IDS Checklist?

This checklist is used to "certify" a service, platform, environment to be used for institutional data classified at specific levels of sensitivity by comparing practices and procedures with policies, standards and best practice guidelines.  Completion of this checklist is recommended for services, platforms, systems, environments hosting institutional data at any level of classification.  It is, however, required for those hosting critical data and may, at the data stewards discretion, be required for some systems hosting restricted data.

Local UITS support staff should complete or re-review this checklist in the following scenarios:

  1. when implementing a new service, platform, environment that will host institutional data;
  2. when existing functionality has changed significantly since the last "certification";
  3. when prompted during the IRB submission process due to collection and/or storage of electronic Protected Health Information (ePHI) for research purposes;
  4. when data at a higher level of sensitivity is being added to the service;
  5. when the last "certification" is more than 3 years old; or
  6. when an existing service contains critical data and has not yet been "certified".