JavaScript is required to use content on this page. Please enable JavaScript in your browser.
The SDI Team reviews data-related agreements for three key measures:
Is there secure transfer of electronic data?
Are the appropriate IT safeguards and access controls in place?
Does the agreement comply with IT security policies and privacy laws and regulations?
The MDH Unit will submit their data-related agreement to the SDI Team via the Cognito platform.: SDI Agreement Review Form
The SDI Team will have 15 days from submission to review the data-related agreement and request any additional information needed for review. The 15-day period begins once all requested information has been received. This may include requiring vendors to complete a Security Controls Survey, submit proof of a SOC 2 Type II audit or Third Party Risk Assessment, or answer questions regarding data migration into an approved system.
The SDI Team will discuss and vote on the data-related agreement during the SDI Team weekly meeting or approve the submission by administrative review. Review by the SDI Team will result in one of the following potential outcomes: approval, provisional approval, denial, or assessment completed.
Once a determination has been made by the voting members or the administrative review committee, the SDI Team will send a memo to the MDH Unit with their determination.
If the agreement is approved by the SDI Team, the MDH unit may proceed with execution of the data-related agreement.
Documents Required for Submission by Data-Related Agreement Type
1. Data Use Agreement (DUA)
2. Memorandum of Understanding (MOU)
3. Business Associate Agreement (BAA)
4. Interagency Agreement (IA)
5. Standard Grant Agreement (SGA)
Submit Your Agreement Now
Contact us
SDI TeamOffice of Internal Controls and Audit Compliance201 W. Preston StreetBaltimore, MD 21201
Submit Your Agreement Now
VIsit the IAC Website