California State CPHS Data Security Assessment


The Information Security Office (ISO) offers an assessment service to help the Berkeley research community comply with California State CPHS data security requirements. Our Analyst will engage research staff and/or primary IT support staff to evaluate the IT system according to State CPHS data security requirements.

In early 2012, California State CPHS started to mandate a new set of data security requirements for researchers who are requesting personally identifiable data (PID) from state agencies.  In addition to 33 data security requirements, the State CPHS also require researchers to report any personally identifiable data breaches within 48 hours of the event.  

Compliance requires Principal Investigators and an appropriate campus official, the campus Chief Information Security Officer (CISO), to certify that the applicable data security controls are implemented as prescribed by the state CPHS.

The assessment will establish roles and responsibilities in securing sensitive PID, as well as identifying technical measures to protect and monitor IT systems. 

The assessment will produce a data security letter, signed by CISO, to help the research team complete a required component of the online State CPHS application process. Without a signed data security letter, requests for PID will not be approved by CPHS. 

How to Get Started

All requests for Assessment requests must be submitted at least 6 weeks prior to the State CPHS application deadline.  
You will need the following information:

  • Research Project Name
  • Unit/Department Name
  • Project ID Number
  • Principal Investigator’s Full Name & Email Address
  • Primary Research Contact’s Full Name & Email Address (if different from the PI)
  • Description of research project and types of data used and/or collected
  • CPHS Application Deadline Date

Once you’ve gathered the required information, please submit it using this Google Form:

If you have any questions about CPHS data security assessments, you may create a ServiceNow ticket by emailing

Service Details and Additional Information

Service category