Overview
Increasingly, data sharing agreements and research funding agreements include cyber security requirements. Researchers working with protected data may be affected by the updates from the system-wide Information Security Policy (IS-3).
- If you’re conducting research on behalf of UC, you’re considered a Workforce Member and should follow the requirements for that role.
- Additionally, if you’re working with information classified at Protection Levels 2, 3 or 4, you’ll need to adhere to these extra responsibilities.
- See our guides for Key Responsibilities for specific roles that overlap with Researchers:
Examples of changes affecting research data:
Here are some example research data types that will be affected by the changes:
| Type(s) of data: | Old Classification | New Classification |
|
UCB PL2 | UC P4 |
|
UCB PL1 | UC P3 |
|
UCB PL1 | UC P2 |
Follow this checklist to prepare for appropriate handling of data:
- Classify your research. Once you know which Protection Level your research data fall under, you can take the appropriate steps to meet campus policies for securing those data.
- Fill out a MSSEI Self Assessment Plan. This plan will identify the needed controls based on the classification of your data.
- Submit the MSSEI Self Assessment Plan. We will review the plan and provide recommendations and feedback.
Other items to consider:
- Invest appropriately. Be aware that bad things can happen to your data – anything from outright theft to the use of ransomware to encrypt it so you no longer have access. UC has lost research data that can’t be replaced because of ransomware … and UC researchers are often targeted. If you need help or have questions, email security@berkeley.edu.
- Manage suppliers responsibly. If you work with external Suppliers in any capacity, make sure they review the system-wide Information Security Policy (IS-3) and comply with all applicable requirements.
- See Section 15: Supplier Relationships for a list of specific tasks and considerations for external Suppliers.