A Research Security Plan is required when:
- Your project involves highly sensitive data and/or
- You must comply with Data Use Agreements, grant/contract requirements, or applicable laws/regulations.
Instructions
This internal document ensures your research team follows best practices for data security. Please email research-computing@uiowa.edu if you need assistance. Please note, the Research IT Security Plan template has been updated recently -
- Download the Research IT Security Plan.
- Identify your Technical Lead:
- Contact your local IT support administrator to assist with completing the plan.
- If you don’t know who that is, email research-computing@uiowa.edu for help.
- Describe the project and the data:
- List all data elements your project will collect.
- Determine the data classification (e.g., public, restricted, critical).
- List all users, systems, devices, & services involved:
- Include storage locations, collaboration tools, devices (university-owned or personal), analysis software, and any third-party or cloud services.
- Include storage locations, collaboration tools, devices (university-owned or personal), analysis software, and any third-party or cloud services.
- Technical Lead submits plan for review:
- Upload the document using this Workflow form: https://workflow.uiowa.edu/entry/new/21693
- Upload the document using this Workflow form: https://workflow.uiowa.edu/entry/new/21693
- Review, update, and resubmit the plan to UI Workflow:
- The Technical Lead and PI will be responsible for reviewing and updating the plan when changes occur or on a standard time period. While projects can specific their own timelines based on requirements, the standard is to review each plan yearly if nothing has changed in the meantime. If nothing has changed in that time period, simply testify to that by resubmitting the plan. Otherwise, update the plan to reflect any changes and then submit it for approval.
- The Technical Lead and PI will be responsible for reviewing and updating the plan when changes occur or on a standard time period. While projects can specific their own timelines based on requirements, the standard is to review each plan yearly if nothing has changed in the meantime. If nothing has changed in that time period, simply testify to that by resubmitting the plan. Otherwise, update the plan to reflect any changes and then submit it for approval.
Important Notes:
- The Principal Investigator (PI) and the Technical Lead must be different people.
- The Technical Lead should hold an IT job classification.