What should I have prepared before entering a DUR?
You should have the following information and documents ready before beginning the DUR form. You will NOT be able to save and return to the form:
- Security Design Review (SDR) number (vendor and on-premises applications)
- Cloud Addendum status (vendor applications only)
- Contract start and end dates (vendor applications only)
- What data attributes you will be requesting and for what population (i.e. Graduate School of Arts & Sciences, Yale College, Professional Schools)
What if I do not have a Cloud Addendum or Security Design Review (SDR) ?
-
SDR: All applications that consume student data are required to have a security design review. Applications that are deemed ‘low risk’ may receive provisional approval. You can work with information security to determine the classification of the application in question. Find out more at https://cybersecurity.yale.edu/SDR
-
Cloud Addendum: A Cloud Addendum is a contractual document that among other things, holds vendors accountable for the protection of Yale’s data under FERPA. Your procurement/vendor management contact should work with the vendor on this document. Requests will not be approved without this agreement.
I need staff and/or faculty data. How do I request that?
Through the People and Identity Data Access Request Form
What happens once I submit a request?
All new requests are routed to the University Registrar for initial review. Depending on the data attributes requested, additional approval may be required. Requests may be sent back with comments at which time you will have the opportunity to make changes and resubmit. Once a request is approved, a ticket will be created with Information Technology Services, who will follow up as needed with next steps. A pdf of the request will be provided for your records.
Where do I submit a DUR?
I am having technical issues with the form. Who should I contact?
Email reports.sis@yale.edu