Our Goal

Boston University Information Security helps researchers conduct their research efficiently and securely. We engage researchers throughout the research lifecycle to assist with navigating Data Use Agreements and regulatory requirements. We also provide support and resources to solve common use cases, such as sharing with collaborators or closing out a study.

Our goal is to reduce the security and compliance burden, letting you do what you do best – groundbreaking research.

Ways We Can Help

Here are some of the most common questions we hear:

    Getting Started

    We offer the following services to help you succeed:

      Self Help Resources

      Please check out our resources, or reach out to buinfosec@bu.edu, and we’ll help you understand how to comply with security requirements in grants, contracts, and data use agreements:

      CRC Institutional Review Board Guidance

      As part of the Institutional Review Board's (IRB) role in protecting the rights and welfare of human subjects, researchers must identify which electronic platforms, data transfer methods, data/document storage plans etc. are being proposed in the research. This information can be documented in the Confidentiality of Data section of the IRB application.

      BUMC Institutional Review Board Guidance

      We are working with the Institutional Review Board to provide guidance and will publish it here soon.


      BU Reviewed & Cleared Apps

      These apps have been reviewed by the BU Information Security team and cleared for individually identifiable human subject data classified as Restricted Use or HIPAA data.

      Paper Record and Media Management

      These record management companies have been cleared for management and destruction of individually identifiable human subject data.


      Data Classification & Services

      Here we outline what services are approved for each data classification.

      Data Use Agreement Security Language

      Start with these examples answers for research applications that require information on our security practices.


      Apps Not Managed by BU

      These apps have been reviewed for research purposes at various classification levels by the BU Information Security team. These apps are not managed by BU and accounts must be managed by the research team.

      Transcription Services Not Managed by BU

      These services have been reviewed by the BU Information Security team for the transcription of human subject data, as well as patient data, at BU HIPAA Components . These services are not managed by BU and accounts must be managed by the research team.