All University of Houston faculty, staff and students are responsible for safeguarding university resources and data, and complying with university policies and data protection laws and regulations.
It is important that information security be addressed in all research projects as early as possible to ensure appropriate security controls are addressed in the grant proposal and budget process.
Research Data Classification
University of Houston System policy SAM 07.A.08, Data Classification and Protection, classifies certain research data as Level 1 data, specifically Mission-critical information.
Section 4.3 [...] Mission-critical information includes all research data obtained from third parties pursuant to an agreement or grant and/or other data necessary to substantiate research results or to satisfy grant-funding requirements, regardless of whether such data was developed by the university or obtained from third parties.
Research data that meets the mission-critical information definition must meet Level 1 data protection requirements in Section 6 of SAM 07.A.08.
Complying with Information Security Requirements
Researchers must ensure research data complies with all federal and state laws, regulations and industry standards. All information security requirements will be noted by the third-party providing data to the researcher. Some common standards are listed below.
- NIST SP 800-171 - requirements for Controlled Unclassified Information (CUI) to ensure security of sensitive government information.
- Health Insurance Portability and Accountability Act (HIPAA) - privacy and security rules governing how protected health information (PHI) is colelcted, disclosed and secured.
- Family Educational Rights and Privacy Act (FERPA) - governs release of and access to student education records.
Researchers with information security requirements identified in grant proposals should contact UHS Information Security for proposal documentation review to ensure appropriate protections can be implemented for the research study.
|University of Houstonemail@example.com|
|University of Houston - Clear Lakefirstname.lastname@example.org|
|University of Houston - Downtownemail@example.com|
|University of Houston - Victoriafirstname.lastname@example.org|