Skip to main content
SDUnet

Search

Dansk
Menu

Data protection and information security

Approved IT systems

Systems for centralised use at SDU must be security approved. This also applies to free systems. Below you can see which systems are already approved for use at SDU. Do you need to purchase a new system? Read more about the security authorisation process below.

Which systems can you use at SDU?

  • You can read more about which systems you can use on the list of approved IT systems. Even if your system is not on the list, there will often be another system that can do the job.

    The list of approved IT systems

  • If you need to use a system that is not already on the list, it must be approved. The procedure depends on how the system will be used and procured.

    • If the system is developed internally at SDU, through SDU IT, the system approval is done as part of the development process. If you would like to have a system developed, please contact SDU IT, Service Desk.

      Contact Service Desk

    • In most cases, new system purchases will require joint approval. The approval process depends on the size of the system. If it is to be procured through a project in SDU's project portfolio, the assessment will be part of the project plan. If not, the system will be assessed by technicians and lawyers before you receive feedback.

      If the approval process includes legal documents, the approval time may be longer than usual. Approvals usually happen within 1-2 weeks.

      Report a system for assessment

      The IT system reporting form (Forms)

      When submitting the system, you will be asked to state how the system will be used. Among other things, you must state what types of data will be stored in the system. You may therefore need knowledge of SDU's data classification.

      You should also consider how many people's personal data will be processed in the system and how many users will have access.

      We recommend that you contact  your local GDPR or information security coordinator if you have any questions about the authorisation of systems or the specific completion of the form.

    • A system that is only to be used for limited research projects or other local purposes can be approved locally. However, this requires that the system is not aimed at students (e.g. teaching).

      If the system is approved locally, the person who approves the system locally is responsible for ensuring that the system can be used safely for the type of data processed in the system and for documenting the approval.

      Please note that:

      • systems used in relation to students must always be authorised centrally.
      • if the system processes personal data beyond pure user administration (i.e. name, email, etc.), a data processing agreement must be signed. The data processing agreement must be entered into by SDU RIO. If you need a data processing agreement, please  contact SDU RIO.
  • IT system reporting form

Why do we perform security authorisations of IT systems?

In connection with the security authorisations, we check that the systems meet the requirements of GDPR and that they are safe to use - both for SDU and for the people who are registered in them. In addition, we assess whether there is a technical risk of data loss, for example in the form of vulnerabilities that hackers can exploit.

The full version of the guideline

You can read the full version of the guideline for security authorisation of IT systems in procurement and development here.

Do you have any questions?

The GDPR and Information Security Coordinators are your local contact and advisor for day-to-day data protection and information security at SDU.

See also