Research Storage Matrix
Before using an IT service to compute large amounts of confidential or restricted data, be sure you are using the right computing environment for the job.
According to ITS Standard 02.3.0, there are five classification levels of data that require different levels of protection. ODU has several research computing environments, each with its own strengths and/or limitations where sensitive data is concerned. The matrix below lists the environments best suited to the type of data you collect as part of your research, based on your data’s classification level. Definitions of each class can be found in the footnotes.
Keep in mind, these are just guidelines. Contact the Office of Research Compliance and the ITS Information Security Officer to discuss your specific research circumstances.
How to access research computing environments
For access to HPC, CCI-R, ACCORD and Redcap, contact ITSResearchandCloudComputing@odu.edu.
For access to RRCE and MUSA, contact dflanaga@odu.edu.
How to interpret the Regulated Research Data Matrix
Acceptable It is ok to use this environment with data in this category.
Not Appropriate This environment is not equipped to handle this type of regulated data. Do not use this environment with data in this category.
Select One:
Public Data |
Confidential Data |
Restricted Data |
||||||
Data Types |
Non-Sensitive
|
Confidential: Intellectual Property3 (unregulated) |
FERPA2,3 |
PHI1,2,3,*,
|
IPI1,2,3,† |
HIPAA1 |
CUI1,‡/ITAR1,2 |
Classified |
| OneDrive for Business
An enterprise service that allows users to store, share and edit files within online Office apps as part of Microsoft Office 365.
|
b | b | ||||||
| Microsoft Teams/SharePoint
An online collaboration space that is part of Office 365.
|
a,b | a | ||||||
| HPC
HPC clusters offer substantial computational power to critical research projects in disciplines including cybersecurity, resilience and data-intensive science and engineering.
|
||||||||
| CCI-R
COVA CCI is southeastern Virginia's engine for research, innovation, and commercialization of next-generation cybersecurity technologies particularly in the areas of Cyber Physical Systems Security (CPSS), 5G, and Artificial Intelligence (AI) in the Maritime, Defense, and Transportation industries.
|
||||||||
| RRCE
The Regulated Research Computational Environment (RRCE) is built through a partnership between ODU, EVMS and Sentara. It provides a virtual lab environment for computation and storage of regulated data sets including CUI and HIPAA.
|
||||||||
| ACCORD | ||||||||
| MUSA | ||||||||
| REDCap
Research Electronic Data Capture (REDCap) is a web-based application is HIPAA–compliant, highly secure, and intuitive to use.
|
||||||||
Legend
| 1 | Class 1: Restricted (most sensitive; Examples: SSN, Driver’s License number, PHI, HIPAA, CUI, ITAR) |
| 2 | Class 2: Confidential, Moderate Sensitivity (non-restricted data regulated by state/federal laws; Examples: Human genomic data, FERPA non-directory data, EAR) |
| 3 | Class 3: Confidential, Low Sensitivity (Examples: FERPA directory data, intellectual properties) |
| 4 | Class 4: Confidential, Non-Regulated (Examples: non-public, non-regulated research data) |
| 5 | Class 5: Public |
| * | PHI is always classified level 1, unless it is de-identified for research purposes, in which case it could be classified at level 2 or 3, depending on data requirements and agreements. |
| † | IPI (Identifiable Private Information) is private information for which the identity of the subject is or may readily be ascertained by the investigator or is associated with the information. See more: Coded Private Information or Biospecimens Used in Research | HHS.gov |
| a | a In restricted folders with access limited to only ODU employees who have a need to know. |
| b | Temporary files or working copies that are non-authoritative and not source documents. |