Polytechnic, ITaP team awarded NSF grant to generate framework for working with regulated data
As researchers increasingly need to work with data governed by various federal regulations, ITaP is developing solutions the Purdue community can use in working with such data.
In recent years, ITaP Research Computing partnered with other campus units to develop the Research Environment for Encumbered Data (REED), for researchers with government contracts that require adherence to the NIST SP 800-171. ITaP also arranged a Purdue-managed instance of Box.com, a cloud and collaboration service that can be made compliant with regulations governing the storage of health care data, such as data governed by the Health Insurance Portability and Accountability Act (HIPAA).
And now, a project led by Baijian Yang, associate professor of computer and information technology, and Preston Smith, ITaP Research Computing director of research services and support, has been awarded a two-year, almost $600,000 grant from the National Science Foundation (NSF award number #1840043) to develop a regulated data research framework that builds on and extends REED.
The new framework, which will be known as REED+, will bring together staff from campus IT units, ITaP Security and Policy and ITaP Research Computing to develop best practices for working with regulated data and to make sure that compliance with regulated data requirements is achieved through every part of the research lifecycle. Yang and Smith are using undergraduate cybersecurity students to accomplish much of the work. The students will work with ITaP staff to developing training and educational materials, as well as an awareness campaign about the handling of regulated data.
As part of this project, ITaP Research Computing will also collaborate with research administration units, such as Sponsored Program Services and Export Controls and Research Information Assurance, to evaluate and synchronize the intake process for regulated data.
“With these new cybersecurity federal requirements, it’s becoming more important that the regulatory affairs office and the IT teams work together closely,” says Mary Millsaps, Purdue’s research information assurance officer. As a result of the start of this project, conversations between ITaP and her team “have already gotten more fluid.”
The REED+ framework will eventually be shared with the national IT and research administration communities and is likely to serve as a model for other universities. “This award was a real indication that Purdue has become nationally recognized for research data security,” says Millsaps.