OSC's Protected Data Service (PDS) is designed to address the most common security control requirements encountered by researchers while also reducing the workload on individual PIs and research teams to satisfy these requirements.
Protected Data at OSC
The OSC cybersecurity program is based upon the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 requirements for security, and reflects the additional requirements of established Information Technology (IT) security practices. Additionally, OSC has performed a gap analysis to identify deficiencies within NIST 800-171 Revison 3 and developed a Plan of Action and Milestones (POA&M).
OSC currently supports the following protected data types:
- Personal Health Information (PHI)
- data covered by Health Insurance Portability and Accountability Act (HIPAA)
- Research Health Information (RHI)
- Export Control data
- International Traffic in Arms Regulations (ITAR)
- Export Administration Regulations (EAR)
- Personally Identifiable Information (PII)
- NIH Controlled-Access Data
- Proprietary Data
If you need support for a data type that is not listed, please contact OSC Help to discuss.
Getting started with the Protected Data Service at OSC
OSC's PDS was developed with the intent of meeting the security control requirements of your research agreements and to eliminate the burden placed on PIs who would otherwise be required to maintain their own compliance infrastructure with certification and reporting requirements.
In order to begin a project at OSC with data protection requirements, please follow these steps:
Contact OSC
Send an email to oschelp@osc.edu and describe the project's data requirements.
Consultation
You will hear back from OSC to set up an initial consultation to discuss your project and your data. Based on your project and the data being used, we may request the necessary documentation (data use agreements, BAA, MOU, etc).
Approval
Once OSC receives the necessary documentation, the request to store data on the PDS will be reviewed, and if appropriate, approved.
All PDS projects require multi-factor authentication (MFA). MFA will be set by OSC when the project is created.
Get started
OSC will help set up the project and the storage used to store the projected data. Here is a list of useful links:
- Getting started documentation: the guidance on how to start research for all new users
- PDS acceptable use and guidance document: Users are expected to comply with the guidelines in this document when working with PDS at OSC
- Manage the protected data and its access: the guidance on how to manage the projected data in the location with right permissions, as well as the access to the data
- Securely transferring files: the guidance on how to transfer protected data
