Research Data Security
Our mission and charge
The Duke Research Data Security team supports the evolving computational and data needs of Duke faculty, staff and students using protected data in their research or academic capstone projects. (Protected data is data classified as Sensitive or Restricted by the Duke Data Classification Standard, and includes many types of identifiable or proprietary data, e.g., health records, internal business records, longitudinal studies, educational records, and data regulated by various laws and standards such as NIST 800-171, GDPR, or Export Controls.)
We assist researchers across the institution in developing project documentation and obtaining research approvals (including Data Use Agreements (DUAs), Data Management Plans (DMPs), and IRB protocols), to verify that the administrative and technical requirements of both the university and data providers are met.
The team also manages and supports the technical environment (the Protected Research Data Network, or PRDN) to ensure that the security controls in place are sufficient, appropriate, and consistent, and to monitor for unauthorized activity. Researchers securely access and analyze their data in the PRDN. Our administrative and technical security controls are based on Duke’s Data Classification and University IT Security Office standards and can meet a variety of security requirements including those for HIPAA, export controls, and NIST 800-171. We regularly consult and coordinate with the Duke entities that are involved in research governance and institutional approvals to provide up-to-date guidance to those we support.
Duke classifies data into three categories: Sensitive, Restricted and Public. Access to Sensitive and Restricted data typically involves the execution of a Data Use Agreement (DUA), which is approved and submitted by Duke on behalf of the researcher to the data provider. When the DUA is fully executed, the data provider distributes the data under the terms of the agreement. For research involving human data, this process often goes hand in hand with the Institutional Review Board (IRB) processes for either he University or Duke Health.
The Protected Research Data Network (PRDN)
For data with Duke or data provider security requirements, the PRDN leverages the OIT infrastructure to provide flexible and secure computation and storage.
Assist with IRB proposals and data security plans.
Navigate the data procurement process (Data Management Plans, Data Use Agreements, Memoranda of Understanding, template documents, legal authorization).
Review Duke’s storage/security/usage options and determine which best satisfies the data security needs.
Implement computational and storage solutions for research projects in conjunction with OIT and ITSO.
Manage access and curation of certain Duke licensed data sets.
Provide audit support and liaison work with the data providing agencies.
Technical services within the PRDN
Implement and support controls to secure protected data.
Windows and Linux systems with a standard set of analytical software that is site-licensed by Duke (e.g. R, R Studio, Matlab, anaconda).
Custom storage directories to comply with data use agreements project team needs.
Friendly and knowledgeable end user support.
We have supported researchers and programs across the institution, including
How do I begin?
We are happy to work with you to find the right solutions for your data needs. To begin the process, please complete our Qualtrics survey.