Use of Third-Party Technology Services

What Are Third-Party Technology Services?

Third-party technology services are applications, software, or other web-based technologies not created by the manufacturer of your device or operating system. They are often accessed online for free or at low cost. Some examples include Grammarly, ChatGPT, Evernote, Slack, and Dropbox. While these services can be beneficial, it is important to ensure that UC Santa Cruz data is appropriately protected before using them.

Most third-party services are non-UC technology services, which means that no agreement exists between UCSC and the service provider. Therefore, non-UC technology services may not have the appropriate security protections in place that are required for university data.

Using a Non-UC Technology Service

Before using a non-UC technology service, it is important to:

  • Know your data and resource. If it is P3-P4 data and it is connecting to a P3-P4 resource, you must use a UC-approved service. Otherwise, you must purchase the service through our procurement process to guarantee inclusion of necessary security, compliance, and privacy provisions in the contract.
  • Know the terms and conditions of use. A third-party service provider can hold you to what you agree to, even if it is just a “click-to-accept” agreement. Note that ownership of data must remain with UCSC.
  • Review the service’s privacy and security policies to ensure that they align with UCSC's policies. Check with your Unit Information Security Lead (UISL) or Unit Head for risk-based decisions before moving forward.
  • Ensure accessibility. If use of an application or service will be required, you must make sure that it is accessible to users with disabilities. Ask the service provider whether their product is Section 508 compliant, and test it to make sure that it is.

Get Help