Data Use Agreements (DUA)
A Data Use Agreement (DUA) is a contractual document used to govern the transfer and use of nonpublic data or data that is otherwise subject to restrictions regarding its usage. An example of nonpublic or restricted data may include human subject data from a clinical trial or a Limited Data Set as defined in HIPAA. A DUA is sometimes also referred to as a Data Transfer and Use Agreement (DTUA).
A DUA may be required by a 3rd party when Vanderbilt is accessing or receiving their restricted data. Often the contractual terms included in a DUA require that certain IT security measures are in place in order to protect the data while it is in Vanderbilt’s possession. This VUIT Security service is to assist the Vanderbilt customer with implementing the necessary IT controls to comply with the terms of the Agreement, Vanderbilt policies, applicable laws, regulations, and statutory requirements. It is available to Vanderbilt University faculty and staff.
Service Charges or Fees
There are currently no service charges or fees for this service.
Once initiated with SPA, VUIT Security (specifically the Policy, Risk, & Compliance team) assists the customer with implementing the necessary IT security controls to protect the confidentiality, integrity, and availability of the restricted data.
To inquire about the DUA workflow or if you have general questions about the process, please contact SPA at SPA@vanderbilt.edu.
What You Can Request
Multi-factor Authentication (MFA)
Privileged Account Management (PAM)
Threat Monitoring, Detection, and Response (TMDR)
IT Security Policy Development and Lifecycle
Vulnerability and Systems Posture Assessment (VASPA)
IT Risk Assessment
IT Security Awareness and Training
IT Security Consulting
IT Compliance Assessment
Security Policy and Compliance