IT Security

Below you will find a quick overview of topics related to IT and Data Security.  For additional information, please see the provided links or submit a ticket to the ITSG.

Data Security Plan (DSP)

If your research involves sharing data with an entity outside Cornell, you may be asked engage in a Data Use Agreement with that entity.  This agreement will likely require a Data Security Plan that will be reviewed through the Office of Sponsored Programs and/or Institutional Review Board.

The PI (or their designated proxy) will be the individual custodians of the data (as per Cornell policy 4.12, Data Stewardship and Custodianship) and will be responsible for controlling access to the data.

If you have need of a Data Security Plan and haven’t developed one before, please submit an ITSG Help Ticket and we can assist you in creating one.

Policy 5.10 and 5.3

Policy 5.10: Cornell University expects all institutional information stewards and custodians who have access to and responsibilities for institutional information to manage it according to the rules regarding storage, disclosure, access, classification of information and minimum privacy and security standards as set forth in this policy.

Policy 5.3: Custodians or users of institutional administrative data who deploy software or algorithmic programs for encryption must establish procedures ensuring that the university has access to all such records and data.

Confidential Data Scanning

In keeping with Cornell policies, eliminating confidential data stored on Cornell and personal machines will reduce the risk that the data will be misused causing loss of reputation and financial liability to Cornell University.

Individual community members and departments are responsible for their own data security. The IT@Cornell provides the following tools and guides to assist in your scan: