Office of the CISO

Data Security Agreement

Data Security Agreement (DSA) FAQs

1. When should I use the Data Security Agreement?

2. How and when do I incorporate the DSA into contract negotiations?

3. What are my responsibilities in regards to the DSA?

4. What information should be included in the Disclosure of University Data section?

5. What information should be included in the Use or Storage of, or Access to, University Data section?

6. How do I address the Safeguarding University Data section?

7. What responsibilities are required by the Oversight clause?

8. What should be addressed in the Data Breach section?

9. What does "No Surreptitious Code" mean?

10. Can the University control Compelled Disclosure?

11. How should I address Termination Procedures?

12. What does “Survival; Order of Precedence” mean?

13. What definitions are used in the DSA?

14. What if I have a question regarding acquisition, materials management or contracting?

15. What if I have a question of a legal nature i.e., “Can I do this under the law?”

16. What if I have a question regarding requirements for information security?

17. Does the DSA mean I don’t need a Business Associates Agreement (BAA)?

18. What is the difference between a DSA and a BAA?

19. Why do I need both a BAA and a DSA?

20. What happens after a contract is signed?

21. Can I use the DSA for exploration/testing of software and services?

22. If the DSA is modified, who should review it?