Research Data Security Assessments

Overview

We offer assessment services to help the UCSF research community navigate and comply with various data security requirements. Our team will engage research staff and/or primary IT support staff to evaluate the IT environment according to data security requirements in data access requests, incoming data use agreements, contracts, or grants.

Some data requests, such as requesting personally identifiable data from California state agencies, require researchers to meet specific data security requirements before data can be released. When you host data from external entities or generate data for sponsored research, you may be asked to complete a security questionnaire. Compliance may require signoffs by principal investigators, the IT administrator, an appropriate campus official, and/or the campus Chief Information Security Officer (CISO).

The security assessment’s main objective is to ensure researchers and staff understand the data security requirements from state agencies, funders, or collaborators, and use/maintain a secure computing environment that meets those requirements.

Request a Research Data Security Assessment

Timing expectations

Assessment requests must be submitted at least 6 weeks prior to the deadline or as soon as possible. We can complete your request within 7 days if your data is stored and processed only on pre-approved secure compute environments (e.g. UCSF's RAE). For other systems, the time will depend on the complexity of the external data security requirements, where the research data is stored, and if system documentation is available.

You will need the following information:

  • Research Project Name
  • Unit/Department Name
  • Project ID Number
  • Principal Investigator’s Full Name & Email Address
  • Primary Research Contact’s Full Name & Email Address (if different from the PI)
  • Description of research project and types of data used and/or collected
  • Where research project data will be stored, processed, and transmitted
  • Deadline Date

If you have any questions about the Research Data Security Assessment process, email [email protected].