The purpose of this questionnaire is to provide UC Davis (not including UC Davis Health) faculty, staff, or other affiliates answers (in the form of opinions) to questions regarding whether a specific data set or use case is appropriate for a specific cloud service when that question cannot be answered by using the main Data Sensitivity Guide itself (http://cloud.ucdavis.edu/data-types-list).
Frequently Asked Questions
Where is the Data Sensitivity Questionnaire?
The actual questionnaire can be found here: https://cloud.ucdavis.edu/form/data-sensitivity-guide-intake-su
What does the Information Security Office provide me with if I complete this questionnaire?
If you complete this questionnaire fully and provide all the information the Information Security Office further requests regarding your specific use case, then the Information Security Office will attempt to provide an opinion regarding whether the Information Security Office believes your use case is appropriate for the specific service. This opinion will normally incorporate the opinion of the Information Security Office as well as the Privacy Officer, the service owner (if any exists) and the campus data type authority (if any exists).
The Information Security Office reserves the ability to not provide an opinion if the inquiry does not provide a specific use case (for example, if an inquiry were to involve the general appropriateness of a data type for a service) or if there are other factors which make it non-feasible to provide a opinion. Whether an inquiry is considered general or for a specific use case is a determination made solely by the Information Security Office.
Who is this questionnaire intended for?
This questionnaire is intended for UC Davis staff, faculty, or other affiliates who are interested in using one of the services listed on cloud.ucdavis.edu (or a service that is not listed but that you use or plan to use to store or share data).
Is this questionnaire intended for my specific use-case/inquiry?
This questionnaire is for you if any of the following apply:
- You want to use a vendor cloud-based service that is already in use on campus to store UC Information or other sensitive information but that service does not appear on the Data Sensitivity Guide.
- You want to use an existing service that DOES appear on the Data Sensitivity Guide, but you want to use that service to store data that is marked by the Data Sensitivity Guide as “Request Additional Approval,” “Seek Further Guidance,” or your specific data type does not appear on the Data Sensitivity Guide.
- You would like to request that the Information Security Office add a data type or cloud service to the Data Sensitivity Guide.
How do I complete the questionnaire?
Simply answer all the questions in a complete manner, providing as much detailed information about your (or your Unit’s) specific use case as you can. Completing this questionnaire fully and with detailed answers will decrease the likelihood of the need for follow-up questions and can result in the Information Security Office providing a quicker opinion in response to your inquiry.
What do I do once I’ve completed the questionnaire?
After you complete this questionnaire, a ServiceNow ticket will be created in your name using the email address you provided. You will receive an email confirming this ticket creation soon (approximately 1 to 24 hours) after you complete the questionnaire. That ticket will serve as the primary means of further communication between you and the Information Security Office. Someone from the Information Security Office will contact you through that ticket soon regarding any further information or discussions that might be needed. The final opinion from the Information Security Office will be provided through this ticket as well. You can track the ticket through your email inbox or through https://ucdavisit.service-now.com/servicehub/?id=ucd_my_stuff.