Search UW System

UW System Home > Office of Learning and Information Technology

Use and Privacy Compliance of the Identification, Authentication, and Authorization (IAA) System

This memorandum of understanding between the University of Wisconsin -____ (UW-____) and the University of Wisconsin System Administration (UWSA) is for identity and access management services required for the deployment of applications at UW-_________ to be provided by the Identification, Authentication, and Authorization (IAA) system administered by UWSA.  IAA is managed and funded as a UWSA Common System, and is supported and sponsored by the University of Wisconsin Board of Regents.

UW-____ agrees to periodic electronic submission of demographic, role and contact data to the IAA system as reasonably required by UWSA after consultation with UW-____. These data may contain personally identifiable student and personnel records that are protected under federal or state law, such as FERPA, and/or university policy.  UW-____ is the custodian of UW-____ data that is submitted and stored in the IAA system. 

UW-_____ has appointed UWSA to act for UW-____ for purposes of administering identity and access management services provided by IAA.  For purposes of this agreement, UWSA is a "school official" of UW-____, and has been duly designated as such by UW-____.  UWSA agrees to adhere to federal or state law and/or university policy, such as FERPA, governing student and personnel records provided by UW-___ and is prohibited from unauthorized disclosures of personally identifiable information. 

IAA identity and access management services for approved applications include access to data in the IAA registry for user and account management, a centralized authentication service (the Authentication Hub), a centralized authorization service, and UW system-wide identity management.

The parties agree as follows:

UWSA may use information obtained from UW-___'s electronic data submission of education and human resources records for the sole purpose of providing the identity and access management services described in this agreement.  UWSA has no authority to make any other use or disclosures of such data.

UWSA is responsible for maintaining and protecting the integrity and security of data submitted by UW-___ while such data is maintained in the IAA system.

UWSA shall maintain data submitted by UW-__ in such a way that only software applications (not individual computer users) approved by the IAA Governance Working Group will have the ability to query, access or obtain data from IAA.