The University of Chicago

Secure Research Data Strategy

Charter of the Secure Research Computing Oversight Committee

Updated draft of December 13, 2018

Purpose

In supporting its research mission, the University of Chicago is obliged to accept and manage increasing levels of liability associated with research and technical services that entail processing datasets of private personal information obtained under contract from third parties, contracts with federal agencies that include substantial “flow down” security and privacy obligations, and primary collections of human subjects data. A variety of responses to these needs have given rise to a “secure research computing strategy” for the institution.

Responsibilities

The Secure Research Computing Oversight Committee (OC):

  • Oversees execution of the secure research computing strategy.
  • Recommends changes to enabling policies, processes, and services to the Privacy and Security Council for University Research after receiving the endorsement of the Research Computing Oversight Committee and the Board of Computing Activities and Services.
  • Ensures that the secure research computing strategy incorporates a standard of care consistent with the Medical Center’s security and privacy standards.
  • Incentivizes researchers to use appropriate data storage and processing facilities.
  • Identifies resources needed across key areas executing the secure research computing strategy,
  • Reviews funding proposals for consistency with the strategy, monitors changing regulations and practices at peer institutions.

Their work is supported by several standing working groups.

Membership

Members meet biweekly:

  • Director of the Research Computing Center (Chair)
  • Chief Technology Officer in IT Services
  • Representative of the Chief Information Security Officer
  • Representative from Office of Legal Counsel
  • Representative from University Research Administration
  • Secure Data Enclave Program Manager

Once per quarter the OC meeting broadens to include significant stakeholders:

  • Associate Deans for Research of Divisions, Schools, and Institutes
  • Directors of the Social and Behavioral Sciences and the Social Services Administration IRBs
  • Chief Information Officer
  • Associate Vice President for University Research Administration.

Authority and Relationship with Other Governance Bodies

The OC will often be the source of draft policies, other proposals, and information to be brought to the Privacy and Security Council for University Research for their consideration. The OC will only bring policy proposals to the Council that are endorsed by the Board of Computing Activities and Services and the Research Computing Oversight Committee.