Safeguarding your research data protects your lab and projects by keeping it private until you are ready to publish. The amount of protection that should be applied depends on the data sensitivity. The greater the sensitivity, the greater negative impact inflicted if disclosed early or to unauthorized parties, and the greater the security should be to prevent that from happening. Become familiar with Vanderbilt's data classifications (Level 1 - 4) so that you know the sensitivity of your data. See the Data Classification Guidance below.
While all data, regardless of the classification level, should be protected at a baseline level, understanding your classification level will help you begin to navigate required and recommended security practices. Click the link above to learn more.
Common security resources that may be needed in the typical research lifecycle are listed below. As more resources are created, they will be added to the list.
Security resources that help protect research data:
Technical solutions will only secure your research so far. The people involved play a huge role in keeping the lab and its data secure. Be aware of the common risks and best practices to prevent becoming an attacker's avenue for access. The following online training courses are strongly recommended for all researchers:
If you are working with data that is regulated by federal law or controlled by a legal contract, seek a compliance assessment. It will help ensure that the computers, servers, and other IT assets used in your research workflow meet the requirements.
The compliance assessment is built-in to the Data Use Agreement process but can be applied to any research project. Click here to learn more about compliance assessments and how to get started.
Where possible, use Vanderbilt-owned and managed computers. This helps ensure that institutional security tools and configurations are in place for real-time threat prevention, detection, and incident response.
- If you are using a VUIT issued and managed computer, the tools and configurations are already in place and you don't need to take additional action.
- If you are using a computer that is supported by departmental IT, VUIT is working with your IT group to ensure protections are in place. If you have questions, contact your departmental IT.
- If you are using a computer purchased with personal funds and/or that is not supported by VUIT or other technical group, you are responsible for its security. See the BYOD Standard to find out more about your responsibilities and what securities must be in place. Or consider contacting VUIT to onboard your device for central VUIT management.
Secure Research Cloud (SRC)
If you need a secure computing environment, SRC may be for you. This is a scalable cloud server in AWS that can be customized to your specifications and has security already built in.
SRC may be a good use case for labs that need to quickly comply with security requirements or that need the flexibility and dynamic nature of the cloud. It may not be a good use case if external collaborators need direct access or multiple users need simultaneous access. Learn more about SRC here.
Secure File Transfer
Secure destruction helps ensure that electronic equipment and/or the data on them are irrecoverable when no longer needed. This is sometimes required by sponsors at the end of a project (e.g., Data Use Agreement), but is recommended for all regardless of requirement. Learn more about destruction and sanitization here.
The Office of Cybersecurity is evaluating existing services and creating more to better support the research community. We are also working on creating lists of secure solutions based on data classification for common needs such as storage, transfer, and more. We will publish those here as they become available.
Below is a curated view of available security policies, services, and guidance documents that are directly relevant to research. These resources can be found in other sections of this site, but have been organized here for your consolidated view. For full listings, use the navigation bar at the top of this page.
Not sure how to start?
Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.