Data Management is an effective strategy for ensuring that data will be usable, preserved, maintained and accessible throughout the life cycle of a research project and for future generations of scientific research. As a greater number of federal funding agencies implement public access mandates, it has become clear that universities must take an active role in ensuring that researchers make their data accessible. Additionally, the University recognizes the importance of systematically preserving and retaining research data. As such, the University has implemented a Research Data Management policy to ensure that principal investigators and researchers understand their responsibilities in maintaining, preserving and making public their research data. This policy establishes broad principles for research data management. These policies are intended to be supplemented by applicable policies established by funding agencies and other relevant University and departmental policies.
Research Data Management Policy (7A-26)
FSU Libraries' Data Management site provides resources and information about data management planning, data storage, funding agency requirements, data curation tools, and options for sharing, licensing of publishing data sets.
DMPTool provides guidance and resources for your Data Management Plan. The goal is to provide a "flexible, online tool to help researchers create data management plans."
Because of the complexity of identifying authors of research reports and importance of ensuring scholarly integrity and the responsible reporting of research, an Authorship and Research Integrity Policy (see below) has been created to provide basic guidelines for authorship assignments and a means to resolve disputes that may arise.
U.S. Office of Science and Technology Policy (OSTP)
On February 22, 2013, the OSTP issued a policy memorandum entitled “Increasing Access to the Results of Federally Funded Scientific Research.” The intent of the policy is to ensure that results of federally funded research are made available to the public. This includes peer-reviewed publications and data. A portion of the policy states:
The Office of Science and Technology Policy (OSTP) hereby directs each Federal agency with over $100 million in annual conduct of research and development expenditures to develop a plan to support increased public access to the results of research funded by the Federal Government. This includes any results published in peer-reviewed scholarly publications that are based on research that directly arises from Federal funds, as defined in relevant OMB circulars.
Federal Agency Policy Matrix A table summarizing the Federal public access policies resulting from the US Office of Science and Technology Policy memorandum of February 2013.
Definition and Purpose
Data Use Agreements (DUAs) are contractual documents used for the transfer of non-public data that is subject to some restriction on its use. Broadly speaking, DUAs can be either Incoming (FSU receives data from an outside entity) or Outgoing (data housed at FSU are shared with an outside entity).
If you request to receive data from an outside institution or organization, it is the responsibility of that organization to determine whether a DUA should be executed prior sharing. Some governmental organizations (Federal and State) have an application process that must be completed prior to the start of negotiations. Please contact the FSU’s Research Legal Counsel when starting this type of application process so that they can assist you with identifying and managing compliance issues. Incoming DUAs are negotiated by FSU’s Research Legal Counsel and signed by the Vice President for Research. When the data is associated with human subjects research, follow the Human Subjects Office protocol application guidelines on what information to include about data use.
When sharing FSU-housed data with an outside organization, the University must consider multiple security and compliance criteria. Outgoing DUAs are negotiated by FSU’s Research Legal Counsel and signed by the Vice President for Research. While FSU maintains and uses several standard DUA templates, outgoing DUAs may need to be highly customized and therefore require additional time to negotiate. Please allow for this by contacting FSU’s Research Legal Counsel for assistance well in advance of any related deadlines.
Questions about DUAs may be addressed to FSU's Research Legal Counsel, Betty Southard, at (850) 644-8632, or email@example.com.
- NIH Genomic Data Sharing (GDS) Policy
- Data Repositories
Public Access (PA) literature is freely available online but subject to standard copyright and licensing restrictions. It is free to view and download, but readers have limited rights to reuse the material without permission.
Open Access (OA) literature is freely available online and free of most copyright and licensing restrictions giving readers broad rights to reuse the material without permission (Peter Suber, Open Access Overview).
Open Data (from the Open Data Handbook) is data that can be freely used, reused and redistributed by anyone - subject only, at most, to the requirement to attribute and share alike.
To be considered "open," the data must have the following three characteristics:
- Availability and Access: The data must be available as a whole and at no more than a reasonable reproduction cost, preferably by downloading over the internet. The data must also be available in a convenient and modifiable form.
- Reuse and Redistribution: The data must be provided under terms that permit reuse and redistribution including the intermixing with other datasets.
- Universal Participation: Everyone must be able to use, reuse and redistribute - there should be no discrimination against fields of endeavor or against persons or groups. For example, ‘non-commercial’ restrictions that would prevent ‘commercial’ use, or restrictions of use for certain purposes (e.g. only in education), are not allowed.
Florida State University’s information security and privacy policies and procedures effectively addresses the need to protect confidential and sensitive information that is maintained in the various spheres of University activities. The research setting poses particular information security risks and challenges, including regulatory and contractual constraints that require additional policy provisions and protective measures. To protect research data appropriately and effectively, FSU’s researchers, research oversight bodies, and information technology staff must understand and carry out their responsibilities related to data security.
Controlled Unclassified Information (CUI) is information the federal government creates or possesses or the university creates or possesses on behalf of the government to which access or distribution controls have been applied in accordance with laws, regulations, or government-wide policies. CUI does not include classified information nor information the university possesses and maintains in its own systems that did not come from, nor was created or possessed by or for a government agency. A full list of controlled unclassified information types (categories & subcategories) is available at the CUI Registry.
Some agencies require that CUI be protected consistent with The National Institutes of Standards and Technology (NIST) Special Publication 800-171 (NIST 800-171), which outlines specific controls which must be met while handling CUI. These controls already apply to some research being conducted at FSU, and will be required by more contracts as the University’s research portfolio grows and as federal agencies increasingly adopt these heightened security frameworks. For a more detailed overview, please see An Introduction to NIST Special Publication 800-171 for Higher Education Institutions.
The Department of Defense was the first to enact specific requirements for the protection of CUI. Other federal agencies are expected to adopt comparable regulations over the next year or two. The Offices of Research and Information Technology Services are committed to providing solutions to meet requirements for protecting CUI in compliance with its Federal or contractual obligations.
Code of Federal Regulations
32 CFR Part 2002, "Controlled Unclassified Information" established the policy for agencies on designating, safeguarding, disseminating, marking, decontrolling, and disposing of CUI; self-inspection and oversight requirements; and other facets of the CUI Program. This rule affects federal executive branch agencies that handle CUI and all organizations (sources) that handle, possess, use, share, or receive CUI—or which operate, use, or have access to federal information and information systems on behalf of an agency.
Department of Defense (DOD)
When CUI may be shared with FSU, a DOD contract or subcontract may include DFARS Clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. This clause requires that the researcher and the university meet specific National Institute of Standards and Technology (NIST) standards (NIST 800-171 Rev. 1) to safeguard CUI.
FSU’s Compliance Plan
There are multiple components required for compliance with the NIST standards. The regulation allows the contractor to self-attest to compliance if it can demonstrate implementation or planned implementation of the security requirements with a system security plan and associated plans of action documentation. FSU has developed the following documents which may be submitted with the proposal as required by the solicitation or the funding agency's contracting officer.
- System Security Plan (SSP) – A document that is periodically updated to describe system boundaries, system environments of operation, how security requirements are implemented and the relationships with or connections to other systems. This Plan is the university-wide IT platform for securing research-based CUI. Operational details for individual research contracts (e.g., Principal Investigator, department, contract number, computing requirements) will be prepared as supplements to this Plan.
- Plans of Action & Milestones (POAMs) – A document used to describe individual, isolated, or temporary deficiencies and the management plan designed to correct the deficiencies and reduce or eliminate vulnerabilities in the University’s systems utilized by the researcher.
Federal agencies may consider the University’s SSP and POAMs as critical inputs to the evaluation factor in the contract selection process. How and if this will be used in the proposal evaluation must be stated in the solicitation.
FSU has contracted with Amazon GovCloud to satisfy NIST 800-171’s infrastructure requirements. This secure enclave is branded for FSU as: NEST – Noles Environment for Secure Technology
- Diana Key, Director
Office of Research Compliance Programs
- Michael Boll, Research Data Security Specialist
Office of Information Technology Services
See additional information on securing human subjects research data on the Human Subjects website.
Secure Data Storage on OneDrive for Business & SharePoint Online Microsoft uses an industry standard encryption solution to protect data between the user’s device and the receiving server, internal server-to-server communications, and Bitlocker disk and file storage encryption which meets the federal FIPS 140-2 requirements for encryption strength. FSU's Information Technology Services published a matrix that identifies what types of data are approved for storage on FSU’s OneDrive for Business and SharePoint Online.
The Office of Digital Research and Scholarship (DRS) in University Libraries provides expertise and consultations on fulfilling funding requirements for public access to publications and data. DRS also offers data management planning services, assists researchers in the writing, editing and enactment of data management plans, and provides resources and information about data storage, funding agency requirements, data curation tools, data repositories, and the licensing or publishing of data sets.
Data Services University Libraries works in partnership with the Office of Proposal Development and the Research Computing Center to provide resources and information about data management planning, data storage, funding agency requirements, data curation tools, and options for sharing, licensing of publishing data sets.
Faculty Senate Open Access Resolution October 19, 2011 (excerpt from Faculty Senate Library Committee – Task Force on Scholarly Communications: Final Report)
DigiNole Commons, FSU’s Research Repository
Association of Research Libraries, Open Scholarship