Data security is of utmost importance to the integrity of research. There are two ways in which to secure your data. If data is kept in a physical manner (i.e. lab notebook, paper surveys, etc.), then physical security is needed. Examples of physical security include lockable filing cabinets to hold the physical copies of data. If data is stored in an electronic manner (i.e. laptop, electronic database, cloud storage), then information security is needed. Examples of information security include the use of encryption and/or the secure enclave.
Although these are best practices, some sponsors may require additional physical and information security practices dependent upon nature and sensitivity of the research and data.
Controlled Unclassified Information
What if my contract calls for CUI, but I believe it is not?
If clauses are in an agreement, our office can go back to the prime contracting officer and ask if portion of the work is fundamental in nature. If we receive confirmation in writing from the prime contracting officer that the university’s work is fundamental then a CUI plan is not necessary.
Controlled Unclassified Information (CUI) is defined as information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. CUI was established by Executive Order 13556 and 32 CFR § 2002. These documents establishes a uniform program for managing information that requires safeguarding or dissemination controls across the Federal Government and appointed the National Archives and Records Administration (NARA) as the CUI Executive Agent, respectively
CUI does NOT include classified information.
ISAAC Secure Enclave
The High Performance and Scientific Computing (HPSC) group provides resources and support for research involving sensitive information through the Secure Enclave. The Secure Enclave protects Protected Health Information, Controlled Unclassified Information, and other protected information. The Office of Information Technology provides support, documentation, training, and support services for the Secure Enclave. Contact the OIT Help Desk for more more information.