Skip to main content

Third Party Data Transfer Procedure

Version 1.0.1

Purpose

This procedure standardizes the way data is transmitted/transferred between the University’s IT Resources and non-University controlled systems.

Scope

This IT policy, and all policies referenced herein, shall apply to all members of the University community including faculty, students, administrative officials, staff, authorized guests, delegates, and independent contractors (the “User(s)” or “you”) who use, access, or otherwise employ, locally or remotely, the University’s IT Resources, whether individually controlled, shared, stand-alone, or networked.

Procedure Statement

Transmission of data, to or from the University, and a third-party, must be reviewed and approved by the University Information Security Office (UISO), per the Third-Party Data Transfer policy.

The requestor must submit a service request on EasyVista from the My Apps tab on My.Fordham.edu to initiate a Third Party Data Transfer request.

EasyVista instructions:

  1. Type “Third Party Data Transfer” in the search field under “Search the service catalog:”
  2. Add “Third Party Data Transfer” to the cart.
  3. Click the “Create Request” button.
  4. To create the request, click on the red question mark.
  5. Complete all the required fields on the request form.
    • You may use the Additional Information text box to provide the processors' details that are not included in the form (e.g., additional contacts, specific instructions, notes).
  6. Click the “Next” button to continue.
  7. Click the “Next” button again to create the request.
  8. Make any necessary adjustments to the fields on the Create Request pop-up (i.e., change the Recipient name if you are completing the form on behalf of another person).
  9. Click the “Next” button.
  10. Click the “Finish” button.
  11. EasyVista notifies all related parties of the request via email.
  12. The University Information Security Office will have the opportunity to review the submission and either approve or reject the request.
  13. If the request is rejected, all parties mentioned in the request ticket will receive an email notification.

Note: If a request is rejected, you will need to modify your request and submit a new ticket.

Definitions

IT Resources include computing, networking, communications, application, and telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials and services.

Provisioning is the term used for providing specific account access.

Related Policies and Procedures

Implementation Information

Review Frequency Annual
Responsible Person Director, IT Security
Approved By CISO
Approval Date 03/11/2019

Revision History

Version Date Description
1.0 03/11/2019 Initial document
1.0.1 03/18/2020 Updated to statement

Policy Disclaimer Statement

Deviations from policies, procedures, or guidelines published and approved by the University Information Security Office (UISO) may only be done cooperatively between the UISO and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Willful failure to adhere to UISO written policies may be met with University sanctions.