Research Data Safety Statement to use on Grant Submissions
- Basic Science/ Clinical Science Research Data
- UNMC research data can be stored on on-site Enterprise storage servers, Box Cloud Enterprise storage environment, and Microsoft OneDrive cloud. All three storage environments are HIPAA compliant and have data backup
- Data Safety on Onsite Enterprise Storage (RITO storage) System
- Data is stored behind firewall and has additional protective safeguards to protect the data
- ACL (Access Control List)
- Data in motion is encrypted while replicating to remote site
- Data at rest is not encrypted
- Data is replicated to remote disaster recovery site
- External and Internal Inner Firewalls guard the storage servers
- Intrusion Prevention System is in place on Firewalls
- Locked, electronically monitored, security approved access controls to Data Center
- UNMC Data Center Storage Environment is approved by Information Security, Privacy, Compliance, and IRB
- Data is stored behind firewall and has additional protective safeguards to protect the data
- Data Safety on Box Cloud
- UNMC has Business Associate Agreement (BAA) with Box cloud vendor to store HIPAA and basic science data in the cloud.
- Researchers who are setup through Research IT Office are primary owners of the allocated storage space. These permitted users can log into Box using their UNMC Net ID and password.
- A researcher can invite other internal and external researchers/users to share the storage space. These other users do not use their UNMC Net ID / Password, but instead use their personal Box account credentials.
- Secure data centers: User data is stored on enterprise-grade servers that undergo regular audits and are monitored 24/7.
- Redundancy: Files are backed up daily to additional facilities.
- All files uploaded to Box are encrypted at “rest” using 256-bit AES encryption.
- For files in transit, AES 256 is a supported cipher, however, the Box default is to use RC4-128 encryption. Box does this to mitigate a known vulnerability in SSL called the BEAST attack, which an attacker could use to hijack someone's web session when other ciphers (including AES 256) are used. 128-bit encryption is currently considered safe and secure for data in transit.
- Box is SAS70 Type II and Safe Harbor certified, ISO27001 certified (a globally recognized security standard) and supports RC4 encryption.
- Box physical infrastructure is designed not only for disaster recovery, but true disaster avoidance, building in advanced measures for N+1 redundancy for all components, geographical diversity, physical security, and environmental controls. Access to systems are monitored around the clock by onsite monitoring and guards, and access to cages are restricted to only top-level clearance Box employees, managed by keys and biometric scanning.
- UNMC has Business Associate Agreement (BAA) with Box cloud vendor to store HIPAA and basic science data in the cloud.
- Microsoft OneDrive Data Storage and Safety
- Contact the ITS Help Desk at 402-559-7700