Instructions for Filling out IDS Checklist

How do I complete the IDS checklist?

  1. System technical owner should download and make a copy of the Institutional Data Standards checklist.
  2. Keep the column that represents the highest level of data classification for the system that should be certified.
  3. Delete or hide the other three data classification columns in the checklist.
  4. As each safeguard and associated policy is reviewed, enter a comment in the “Application Owner Response” column. This may be as simple as:
    • Completed
    • In-Progress
    • Included in Procedures
    • Not Included due to xyz
    • Planned (along with a bit of explanation)
    • And more
  5. As each safeguard is reviewed also enter a value in the “Compliance Indicator” column. This is a quick reference to help summarize % of compliance. Values are:
    • C=Compliant
    • NC=Not Compliant
    • NA=Does not apply to this service
    • IC-A=Incomplete Compliance; we are implementing a change to become compliant; the change is Administrative in nature
    • IC-T=Incomplete Compliance; we are implementing a change to become compliant;the change is Technical in nature
    • SLA=Included in the Customer Service Agreement as part of their responsibility
    • ? = Need more information from CDS
  6. After completing the checklist, open the Institutional Data Standards Checklist Submission Form and fill out the required information. NOTE: The IDS checklist should be completed before this step, as you will be asked to upload the completed checklist as part of this form request.
  7. Questions about the process or associated policies can be sent to iudata@iu.edu

Why do I need to fill out the IDS checklist?

The Institutional Data Standards (IDS) checklist is used to certify a service, platform, environment to be used for institutional data classified at specific levels of sensitivity. In some cases, additional sector-specific requirements may also apply (ex. HIPAA, PCI-DSS, etc.)

About institutional data at IU

Data Examples

When do I need to complete the checklist?

This checklist should be completed in the following situations:

  • when implementing a new service, platform, environment that will host institutional data;
  • when existing functionality has changed significantly since the last certification;
  • when data at a higher level of sensitivity is being added to the service;
  • when the last certification is more than 3 years old; and/or
  • when an existing service contains critical data and has not yet been certified.

Who needs to complete the IDS checklist?

The IDS checklist should be completed by one of the following individuals:

  • The application or system technical owner should complete the checklist.
  • If necessary, the system technical owner should involve the functional system owner.
  • The system's technical owner may consult with the University Information Policy & Security Offices (UIPO and UISO) if needed, as well as other system administrators.
  • The Committee of Data Stewards and UIPO will review the completed checklist to provide certification and/or make suggestions on any missing safeguards.

Site Navigation

Contact US

University Data
Management Council