Quick Start

Available to: Faculty, Researchers, Staff, Departments

Cost: No charge

Researchers are increasingly required to conduct their research in secure environments. It is becoming more common for grant applications to require detailed System Security Plans, Data Management Plans, and other detailed documents describing data protections. For more heavily regulated research these requirements can be quite complex. BU Information Security helps researchers identify options for conducting research in a secure manner and assist in the creation of required documentation.

Benefits

Information Security can save researchers time and effort by:

  • Assisting the researcher in navigating the cybersecurity components of the Research Lifecycle, providing guidance to expedite the approval process, and avoid common pitfalls.
  • Maintaining expertise in compliance requirements, enabling the quick translation of complex legal language into specific administrative, technical, and physical controls that need to be implemented.
  • Maintaining knowledge of BU Service Offerings that can meet the requirements of research, as well as a list of externally vended applications and services that may be appropriate.
  • Assisting researchers with navigating IS&T resources to ensure their needs are met.
  • Providing resources to review applications and services for applicability to particular research requirements.
  • Working directly with the Office of Sponsored Programs, Industry Engagement, and other research contracting offices to revise language in agreements on behalf of the researcher.
  • Providing templates and documentation to support attestations to sponsors.

Key Features

Information Security is skilled in interpreting the language used in Data Use Agreements and can translate these requirements into a selection of research environments that can be used that are appropriate to the research needs, saving time and effort while ensuring we meet sponsor’s expectations.

Information Security has pre-identified a number of secure solutions for storing and processing research data. Some of these options are provided directly by BU, but when more complex requirements exist the best solution may be to use external resources.  We can help navigate the process of identifying the right solution to fit researcher’s needs.

Information Security has templates for much of the documentation required as part of the grant application, such as a System Security Plans or Data Management Plans that can save researchers time and effort.

Consultation with Information Security is always free.

What to Expect

Consultations are arranged at a mutually agreeable time and generally involve multiple meetings with the research project team or Principal Investigator and Information Security to understand requirements, address questions, and provide guidance. Depending on the complexity of the question, the process may take a very short time or may extend over a period of weeks.

Requirements

None

Getting Started

The first step is identifying the specific needs of the research project.  Often when research contracts have specific requirements, Office of Sponsored Programs, Industry Engagement, and other research contracting offices will reach out to Information Security to verify that the research group can comply with them.  Researchers are also welcome to reach out at any time to discuss their concerns in advance.

In many cases, research cybersecurity requirements can be met through standard offerings.  For researchers working with data that is highly regulated, such as data requiring compliance with NIST 800-53, NIST 800-171 (Controlled Unclassified Information, ITAR), or Department of Defense Cybersecurity Maturity Model Certification, different solutions will be needed.

Standard Offerings

  • Most research, including identifiable human subject health data and HIPAA data can be stored and analyzed on BU network file storage and systems. Which solution is right for you depends heavily on your storage and computation needs and the type of data you are working with. Standard offerings include:
    • Conducting research through a mixture of BU-managed and/or approved personal devices may be appropriate for research with minimal cybersecurity concerns.
    • Working with hardened BU-managed devices and BU-managed Network File Storage Services may be appropriate for working with many types of data, including HIPAA data
    • Utilizing only specific BU-managed or BU-approved services such as the BU Shared Computing Cluster (SCC), for some more stringent requirement like working with HIPAA limited data sets or data from the database of Genotypes and Phenotypes (dbGaP).

Highly Regulated Data

  • Some research agreements specify compliance requirements that are impractical to meet in the open, collaborative university environment. For these research projects we will need to specify an environment that can meet those requirements.

As meeting these requirements on-premise can often be both time-consuming and expensive, the university has partnered with the San Diego Supercomputer Center (SDSC) at University of California, San Diego to make use of Sherlock Cloud Solution Solutions available to BU researchers. Sherlock is used by many universities working with highly regulated data.