For Researchers

Safeguarding your research data protects your lab and projects by keeping it private until you are ready to publish. The amount of protection that should be applied depends on the data sensitivity. The greater the sensitivity, the greater negative impact inflicted if disclosed early or to unauthorized parties, and the greater the security should be to prevent that from happening. Become familiar with Vanderbilt's data classifications (Level 1 - 4) so that you know the sensitivity of your data. See the Data Classification Guidance below.

Data Classification Guidance

While all data, regardless of the classification level, should be protected at a baseline level, understanding your classification level will help you begin to understand its value and the amount of protection it needs. View this guide to learn more.


Common security resources that may be needed in the typical research lifecycle are listed below. As more resources are created, they will be added to the list.

Security resources that help protect research data:

  • Training

    Technical solutions will only secure your research so far. The people involved play a huge role in keeping the lab and its data secure. Be aware of the common risks and best practices to prevent becoming an attacker's avenue for access. The following online training courses are strongly recommended for all researchers:

    • Foundational Training covers red flags basics such as social engineering, phishing, and passwords. To request this training, submit a ticket.
    • Enhanced Training covers topics geared toward sensitive data access such as insider threat and data privacy. To request this training, submit a ticket.
  • Compliance Assessment

    If you are working with data that is regulated by federal law or controlled by a legal contract, seek a compliance assessment. It will help ensure that the computers, servers, and other IT assets used in your research workflow meet the requirements.

    The compliance assessment is built-in to the Data Use Agreement process but can be applied to any research project. Click here to learn more about compliance assessments and how to get started.

  • Computers

    Where possible, use Vanderbilt-owned and managed computers. This helps ensure that institutional security tools and configurations are in place for real-time threat prevention, detection, and incident response.

    • If you are using a VUIT issued and managed computer, the tools and configurations are already in place and you don't need to take additional action.
    • If you are using a computer that is supported by departmental IT, VUIT is working with your IT group to ensure protections are in place. If you have questions, contact your departmental IT.
    • If you are using a computer purchased with personal funds and/or that is not supported by VUIT or other technical group, you are responsible for its security. See the BYOD Standard to find out more about your responsibilities and what securities must be in place. Or consider contacting VUIT to onboard your device for central VUIT management.
  • Secure Research Cloud (SRC)

    If you need a secure computing environment, SRC may be for you. This is a scalable cloud server in AWS that can be customized to your specifications and has security already built in.

    SRC may be a good use case for labs that need to quickly comply with security requirements or that need the flexibility and dynamic nature of the cloud. It may not be a good use case if external collaborators need direct access or multiple users need simultaneous access. Learn more about SRC here.

  • Secure File Transfer

    One method of securely transferring files is by using portal download. Use OneDrive to securely exchange files with collaborators or sponsors by giving them login access to files in OneDrive. Find instructions here.

    Another method is by sending an encrypted email. Find instructions here.

  • Secure Destruction

    Secure destruction helps ensure that electronic equipment and/or the data on them are irrecoverable when no longer needed. This is sometimes required by sponsors at the end of a project (e.g., Data Use Agreement), but is recommended for all regardless of requirement. Learn more about destruction and sanitization here.

The Office of Cybersecurity is evaluating existing services and creating more to better support the research community. We are also working on creating lists of secure solutions based on data classification for common needs such as storage, transfer, and more. We will publish those here as they become available.

Question icon

Not sure how to start?

Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.

Get Security Help