UCSB > OIT > Security > Final signoff process for Government Licensed Datasets

Interim Director
Projects & Initiatives
Contact Information
Formation of the OIT

Departmental Directory
UCSB Directory Service
Directory Assistance
UCSB Website Directory
UC Directories

Network Description
Report Trouble
Policy & Procedures
DMCA Reporting

Monitoring and Statistics
Network Time Services
SSL Certificates
VPN Service
Organizations
Report Trouble

Datasets Signoff Process
Computer Security Guide
Securing & Protecting
News, Advisories, & Alerts
Report an Incident
Recover from Intrusion
Other Security Sites
Mailing Lists
Policies

For Students
For Faculty & Staff

Email
Supercomputing
Software

EduCause

IT Board (ITB)
IT Planning Group (ITPG)
Campus Network (CNC)
Acad. Technology (ATWG)
Backbone Engineering (BEG)
DECAF
UC Committees

Current Openings
How to Apply

OIT Home > Security > Final signoff process for Government Licensed Datasets

Final signoff process for Government Licensed Datasets

This is the process for obtaining Information Security Officer (ISO) signoff and Senior Official (SO) final institutional sign-off for government licenses to use datasets with personally identifiable information (PII) or personal health information (PHI). Example sources of these data sets include the Institute for Education Sciences and federal or state Departments of Health. All licenses that require security signoff must use this process. The office of Technology and Industry Alliances facilitates this process. Most license signoffs do not require a meeting with the ISO or the SO.

First determine if you have special requirements for handling sensitive information. Generally the license documents will specify a range of security controls that must be met in order to qualify for the license. These controls must be in place before the dataset is received, and the controls must be maintained until all sensitive data is disposed of in accordance with the license.
Arrange for security controls required by the license with your department. Depending on the dataset these may include door locks off of master, locked storage, PC with required software not connected to the network, and other controls.
Complete the required security plan document reflecting the controls that you have established.
Obtain all signatures on the license document, the security plan and if required notarized affidavits, within your department. For most licenses this will be the signature and affidavit from the researcher, the faculty sponsor, and all people with access to the locked office that will house the data.
Complete the UCSB MTA Incoming form from the Technology and Industry Alliances web site at http://tia.ucsb.edu/wp-content/uploads/2012/11/MTA-Incoming-Form.pdf
Most licensors require wet (ink on paper) signatures and original notarizations. Scanned or faxed documents are not acceptable. Send the original signed license, security plan, MTA incoming form, and notarized affidavits to Jenna Nakano in the Office of Technology and Industry Alliances at Campus mail code 2055.
The TIA office will verify that all documents have been properly prepared and forward the license, security plan and affidavit to the ISO for final signoff.
ISO may contact the researcher, faculty sponsor and/or department IT staff to review or audit security controls before signoff. The ISO reserves the right to inspect or audit security controls at any time during the term of the license to ensure that required controls are maintained.
ISO will sign the license, security plan, and complete the notarized affidavit. These original documents will be returned to the TIA office for final processing and transmission to the government agency supplying the dataset.

CIR



	Copyright © 2003-2024 The Regents of the University of California, All Rights Reserved Web contact • Terms of Use • Accessibility Last modified: 4/29/2014