On IRB applications, we recommend the following response to the question "Describe in detail the methods/systems used to collect and store these data and the security methods that will be used when electronic records are being transported, transferred or stored. This should include both logical (IT) and physical protections in place for any computer systems used.":
Research Data Storage Service (RDSS) is managed by ITS Research Services at the University of Iowa and has been approved by the IT Security Office to store highly sensitive data. The RDSS systems follow NIST 800-171 system security requirements as well as UI policies surrounding the protection and storage of highly sensitive data when CIFS mounted. Study team members must request RDSS access by navigating here: https://workflow.uiowa.edu/form/RDSS-request. The RDSS request form asks about the study data in order to ensure appropriate security controls are put in place. Access to the share is controlled by the University of Iowa Study PI. HawkID/HealthcareID is required for access and HawkID/HealthcareID passwords follow the University of Iowa Password Policy: https://its.uiowa.edu/hawkid/password. UI VPN is used to access the share off-campus. RDSS systems are scanned regularly by ISPO tool Nexpose. RDSS logs are shared with Splunk and stored at least 60 days. All data is stored in LC and ITF Datacenters.