Overview
The University of Oklahoma (OU) is a comprehensive research university, located on three campuses in Norman, Oklahoma City, and Tulsa, which encompasses a broad array of disciplines, ranging from the arts, architecture, chemistry, engineering to meteorology, medicine, microbiology and physics. OU is designated by the Carnegie Foundation as a Highest Research Activity institution, placing it in the highest tier of comprehensive research universities in the nation.
The Office of Information Technology (OU IT) offers a variety of services that can be used by researchers. Use this article to help you select the appropriate level of security needed for your project, based on the sensitivity of the data, and then use this document to help you select IT services that will enable your research project.
Step One: Data Classification
The results of classifying your data and system will help guide and inform the selection of appropriate security controls (i.e. safeguards and countermeasures) to adequately protect those information systems. See Data Classification for more.
| Data Type |
Confidentiality |
Integrity |
Availability |
| Category A - HIPAA, Identifiable Human Participant Research |
Y |
Y |
Y |
| Category B - Credit or Payment Card |
Y |
Y |
Y |
| Category C - FERPA, GLBA, or Student Information |
Y |
Y |
Y |
| Category D1 - Controlled Unclassified Information, ITAR, Export Control |
Y |
Y |
|
| Category D2 - Unpublished Research |
|
Y |
Y |
| Category E - Administrative and Financial |
Y |
Y |
Y |
| Category F - Public Information, Open Research, Published Research |
|
|
Y |
Step Two: Confidentiality Risks
Data confidentially is about protecting data against unintentional, unlawful, or unauthorized access, disclosure, or theft. Will your project involve any data that has restrictions on who can view or access it?
Do you have any data that...
- can only be disclosed to authorized parties (ePHI, FERPA, GLBA, PII, CUI, ITAR, IRR)?
- is required by law, regulation, or contract to remain confidential?
- may not be published or made public until authorized by a funding agency?
- is sensitive by nature and would have a negative impact if disclosed?
- would be valuable to hackers, corporate spies, foreign intelligence, etc.?
If you do, then...
Step Three: Integrity Risks
Data integrity is about protecting data against improper maintenance, modification, or alteration. It includes data authenticity. Will your project involve any data that, if not maintained with integrity, would significantly impact the accuracy or feasibility of the study?
Do you have any data that...
- must remain accurate and uncorrupted?
- must only be modified by certain individuals or in a controlled manner?
- must come from only trusted sources?
If you do, then...
Step Four: Availability Risks
Data confidentially is about the timeliness and reliability of access to and use of data. It includes data accessibility. Will your project involved any data that, if lost, stolen, or destroyed, would be irreplaceable or would significantly impact the feasibility of the study?
Do you have any data that...
- must remain available or accessible during the project?
- must remain available or accessible after the project is complete?
- cannot be easily re-obtained or re-created?
If you do, then...
Step Five: Select IT Services
SOFTWARE
| The Software Catalog provides a wide range of free and for-purchase software for your work and school use. See Software Catalog. |
| Software is critical for the processing publication of research. Security assessments help identify cybersecurity risks from the use of technology that could potentially cause loss or harm to OU. New software purchases must undgero an IT Security Assessment prior to use so that OU IT can monitor the environment for vulnerabilities and contact the appropriate personnel if software needs to be updated. See Security Consultation. |
ENCRYPTION
| Before saving any protected research data on a desktop computer or laptop, work with your IT personnel to install OU encryption software on these devices. OU encryption software provides automated reporting of compliance with encryption policies and will help protect any data stored on these devices, if they are lost or stolen, and help avoid a compliance penalty. Laptops order through the Computer Standardization Program will be encrypted automatically. |
MALICIOUS SOFTWARE PROTECTION (ANTI-VIRUS)
| The OU CrowdStrike Falcon software provides your research computers, laptops, and servers with next-generation anti-virus protection. CrowdStrike Falcon is a lightweight sensor, consuming less than 1% of CPU resources on all monitored devices and designed to prevent a variety of online attacks, including computer viruses, malware, and other security threats. The sensor operates in the background and all updates are performed automatically and silently without any user involvement. The sensor continuously gathers event data (primarily focused on process execution) and transfers it for monitoring. Work with your IT personnel to install OU CrowdStrike on computers, laptops, and servers. |
DASHBOARDS & DATA VISUALIZATION
|
Power BI (Free Edition) is part of Office 365 and is available for free to all active faculty and staff at OU. It allows uers to easily and quickly create interactive visualizations, dashboards, and reports.
- To access Power BI, go to https://powerbi.microsoft.com and log in with your OU email address and OU password.
- Learn how to use Power BI by visiting Microsoft's Learn Power BI section - https://powerbi.microsoft.com/en-us/learning/
|
SURVEYS
| Qualtrics is used within academic institutions for consumer research surveys, institutional research surveys, event registrations, assessments, experimental design projects, test and quizzes. The product has more than 100 question types and branching even for open-ended question types. Best of all Qualtrics is centrally funded, so there’s no cost to you. This service can be accessed at http://survey.ou.edu. |
| REDCap (Research Electronic Data Capture) is a secure, HIPAA-approved web-based application designed for data collection for research studies. REDCap provides an easy-to-use data entry system with data validation, ability to import data from external sources, automated exports to the most common statistical packages, audit trails for tracking data changes and exports, branching logic, calculations, answer piping to increase functionality and personalization, and a sophisticated survey tool for building and managing online surveys. Learn more at https://redcap.ouhsc.edu. |
VIRTUAL SERVERS
| OU Virtual Server hosting is ideal for protected and institutional research data, virtual server hosting offers server-based software on a scalable virtual server in OU IT’s private cloud. Your Microsoft or Linux server will exist in VMWare in one of OU IT’s state-of-the-art data centers on the Norman, HSC, or Tulsa campus. You can scale server resources like CPU, memory, and storage to meet the requirements of your research. Virtual servers are more flexible and cost efficient than traditional physical servers. In the event of technical issues, we provide automatic failover for your virtual server to other hardware. These servers can failover to hardware in multiple data centers to meet your availability requirements. Request OU Virtual Server Hosting. |
| OU Research Cloud (OURcloud) is ideal for scientific research without confidentiality agreements, OURcloud allows research teams to create new virtual servers without having to acquire, deploy, and manage physical resources themselves, not only simplifying the process of expanding computing resources but also professionalizing resource management. See https://www.ou.edu/oscer/resources/ourcloud--ou---research-cloud. |
COMPUTE/RAM
| OSCER is ideal for science research data and is a High Performance Computing (HPC) multi-processor environment that allows users to run jobs on several processors at once (also called parallel processing). This could mean running jobs capable of splitting itself across multiple compute nodes or running several jobs at once. The OSCER team is here to help ensure your success, to work with you, and make sure you are able to use the computing systems in the best way possible. See https://www.ou.edu/oscer/. |
FILE STORAGE, SHARING & COLLABORATION
| OneDrive is available to all faculty, staff, and students for storing individual data and includes 1TB storage. Data is encrypted at rest and in motion. Data is backed up regularly by Microsoft and available anywhere. Login to https://portal.office.com. |
| Dropbox for Business is available upon request and is ideal for storing and sharing regulated research data. Data is encrypted at rest and in motion. Data is backed up regularly by Dropbox and available anywhere. Request Dropbox for Business access. |
| SharePoint Online is available to all faculty, staff, and students is ideal for department or group storage and collaboration. Each SharePoint site provides 15GB of storage. Data is encrypted at rest and in motion. Data is backed up regularly by Microsoft and available anywhere. Request a SharePoint Online Site. |
| Network File Storage is available upon request and is ideal for department or regulated research data. Network file storage includes secure and state-of-the-art clustered hardware for availability. Data is available from on-campus, VPN, or VDI. Data is backed up nightly and support is provided by OU IT. Request Network File Storage. |
| GCC High SharePoint Online is available to faculty, staff, and students and is ideal for department or group storage of Controlled Unclassified Information (CUI) data. Each SharePoint site provides 15GB of storage. Data is encrypted at rest and in motion. Data is backed up regularly for Microsoft and available anywhere. Request SecureResearchOU access. |