Skip to main content

Data Use Agreements (DUA)

Service Description

A Data Use Agreement (DUA) is a contractual document used to govern the transfer and use of nonpublic data or data that is otherwise subject to restrictions regarding its usage. An example of nonpublic or restricted data may include human subject data from a clinical trial or a Limited Data Set as defined in HIPAA. A DUA is sometimes also referred to as a Data Transfer and Use Agreement (DTUA).

A DUA may be required by a 3rd party when Vanderbilt is accessing or receiving their restricted data. Often the contractual terms included in a DUA require that certain IT security measures are in place in order to protect the data while it is in Vanderbilt’s possession. This VUIT Security service is to assist the Vanderbilt customer with implementing the necessary IT controls to comply with the terms of the Agreement, Vanderbilt policies, applicable laws, regulations, and statutory requirements. It is available to Vanderbilt University faculty and staff. 

Support Contacts 

Service Charges or Fees

There are currently no service charges or fees for this service.

Requesting Service

Vanderbilt University DUAs are managed by the Sponsored Programs and Administration (SPA) office. SPA is the primary facilitator. To initiate a DUA request, see the SPA website for instructions

Once initiated with SPA, VUIT Security (specifically the Policy, Risk, & Compliance team) assists the customer with implementing the necessary IT security controls to protect the confidentiality, integrity, and availability of the restricted data.

To inquire about the DUA workflow or if you have general questions about the process, please contact SPA at

What You Can Request

Data Use Agreement (DUA) Request

Related Services

Multi-factor Authentication (MFA)
Privileged Account Management (PAM)
Threat Monitoring, Detection, and Response (TMDR)
IT Security Policy Development and Lifecycle
Vulnerability and Systems Posture Assessment (VASPA)
IT Risk Assessment
IT Security Awareness and Training
IT Security Consulting
IT Compliance Assessment


Security Policy and Compliance 

Service Category