Wednesday, May 6, 2026

A research project does not have to be hacked to go off-track. Sometimes the problem starts with a fake document share, a suspicious vendor message, a rushed file transfer, or a missed requirement tied to travel or training.

To deter bad actors, compliance and security expectations for research are continually changing. At the University of Iowa, the Research Security Program is designed to protect the integrity, confidentiality, and strength of the research enterprise. Focus areas include cybersecurity, international travel security, export controls, protection of sensitive data, and research security training.

If you are involved in any research activity, what should you do? Pause early in the process, and ask a few simple questions:

  • What kind of data is involved?
  • What sponsor or regulatory requirements apply?
  • Are there travel, Conflict of Interested (COI), human subjects, export control, or cybersecurity obligations tied to this work?

Researchers may need training on topics such as responsible international collaboration, data protection, conflict of interest and commitment disclosures, and emerging threats to global research. Anyone traveling internationally for research-related purposes must complete the university’s pre-travel briefing annually.

The good news is that you don’t have to sort this out alone. The Office of the Vice President for Research supports responsible research and connects faculty, staff, and students with offices such as the Division of Sponsored Programs, COI in the Research Office, the Human Subjects Office, and the Research Integrity and Security Office. 

The Research Compliance Facilitation Office (RCFO), has transitioned to the Information Security and Policy Office to better help researchers with data classification, selecting appropriate software and storage services, implementing compliant technical solutions and assistance with System Security Plans (SSPs).

A five-minute check can prevent weeks of clean up later. If something feels off, whether it is a strange email, unexpected login request, an unusual data-access question, or an unsuspected IT security/compliance issue, report it right away. Campus partners should contact the Information Security and Policy Office and/or the ITS Help Desk to report incidents for timely investigation and mitigation. For research data security and compliance planning, engage the RCFO, early, ahead of any deadlines. Email its-rcfo@uiowa.edu.

Good research depends on good judgement and asking for help early is a strength, not a setback.

Related service(s)
IT Security Information