1. The MDH Unit will submit their data-related agreement to the SDI Team via the Cognito platform.: SDI Agreement Review Form

2. ​The SDI Team will have 15 days from submission to review the data-related agreement and request any additional information needed for review. The 15-day period begins once all requested information has been received. This may include requiring vendors to complete a  Security Controls Survey, submit proof of a SOC 2 Type II audit or Third Party Risk Assessment, or answer questions regarding data migration into an approved system.

3. The SDI Team will discuss and vote on the data-related agreement during the SDI Team weekly meeting or approve the submission by administrative review. Review by the SDI Team will result in one of the following potential outcomes: approval, provisional approval, denial,  or assessment completed.  ​

4. Once a determination has been made by the voting members or the administrative review committee, the SDI Team will send a memo to the MDH Unit with ​​​their determination.

5. If the agreement is approved by the SDI Team, the MDH unit may proceed with execution of the data-related agreement.​

What documents do I need to submit?

1. The Security Controls Survey is only for agreements that are NOT on a State-approved system and do not have HITRUST Certification. Vendors only need to complete the Security Controls Survey once per year (unless there are changes to the platform). ​
2. This applies to all submissions that are modifications, amendments, extensions, or renewals of a data-related agreement.
3. Documents that will assist the SDI Team with review of the agreement. May include scope of work (SOW), award letter, appendix, cover sheet, ba​ckground information, vendor information.​​

Ready for SDI Review?