Increasingly, data sharing agreements and research funding agreements include cyber security requirements. Researchers working with protected data may be affected by the updates from the system-wide Information Security Policy (IS-3).
- If you’re conducting research on behalf of UC, you’re considered a Workforce Member and should follow the requirements for that role.
- Additionally, if you’re working with information classified at Protection Levels 2, 3 or 4, you’ll need to adhere to these extra responsibilities.
Examples of changes affecting research data:
Here are some example research data types that will be affected by the changes:
|Type(s) of data:||Old Classification||New Classification|
||UCB PL2||UC P4|
||UCB PL1||UC P3|
||UCB PL1||UC P2|
Follow this checklist to prepare for appropriate handling of data:
- Classify your research. Once you know which Protection Level your research data fall under, you can take the appropriate steps to meet campus policies for securing those data.
- Fill out a MSSEI Self Assessment Plan. This plan will identify the needed controls based on the classification of your data.
- Submit the MSSEI Self Assessment Plan. We will review the plan and provide recommendations and feedback.
Other items to consider:
- Invest appropriately. Be aware that bad things can happen to your data – anything from outright theft to the use of ransomware to encrypt it so you no longer have access. UC has lost research data that can’t be replaced because of ransomware … and UC researchers are often targeted. If you need help or have questions, email firstname.lastname@example.org.
- Manage suppliers responsibly. If you work with external Suppliers in any capacity, make sure they review the system-wide Information Security Policy (IS-3) and comply with all applicable requirements.
- See Section 15: Supplier Relationships for a list of specific tasks and considerations for external Suppliers.