The Research Security Standards Technical Working Group is a sub-working group of the Information Security and Trust Advisory Board.
The Research Security Standards Technical Working Group’s (RSTG) mission is to identify and recommend processes, technology, and controls that can be implemented for research systems in order for the university to fulfill and maintain its compliance obligations to data security standards and regulations in a consistent, cost-effective manner based on an agreed upon university interpretation.
More specifically, the RSTG’s purpose will be to advise on the process, technology, controls and best practices that can be applied in order for the university to fulfill and maintain its compliance obligations with specific federal and industry data security standards and regulations that are contractually specified.
Procedures and Meetings
The following provides the standard operations and procedures the RSTG will follow to fulfill its purpose and mission.
- Regular meetings: The RSTG will meet at least once quarterly. It is anticipated the RSTG will generally meet on a more regular basis.
- Special meetings: When and if necessary, special meetings of the RSTG may be called by the STAB, the university Chief Information Security Officer (CISO) or other designee in order to perform its responsibilities of reviewing and making process, technical, and control recommendations with respect to a new or particularly impacting research data security standard or regulation in a timely manner.
- Organization: The director of Digital Security and Trust's Risk Management, or a designee, will act as the facilitator of the RSTG (the “Facilitator”). The Facilitator will be responsible for scheduling, logistics, presiding over meetings and assigning an individual to act as secretary of a meeting.
- Quorum: At all meetings, the presence of one half of the total membership will constitute a quorum for the transaction of business, and the act of a majority of the members present at any meeting at which there is a quorum will be the act of the RSTG.
- Presence at Meeting: In-person participation is preferred. Members may send designees to act on their behalf if they are not able to attend a meeting.
- Deliverables: Minutes, standards interpretations, technology and control implementation recommendations, and best practices will be documented and made available to the STAB for feedback and approval. At the direction of the STAB, the RSTG will share these deliverables with the university's technical and research community for comment, feedback, and information.
- Communication: The RSTG will establish a standard group email list and a shared location accessible by all RTSG and STAB members to store and collaborate on deliverables.
Responsibilities
The RSTG will have the following objectives and responsibilities:
- Evaluate and discuss the data security regulations and standards that are contractually applicable to research at the university per the direction of the STAB.
- Recommend and document an agreed-upon university interpretation regarding the implementation of processes, technology, controls, and best practices that meet the following objectives:
- Can be applied to fulfill university compliance obligations with the regulations and/or standards.
- Reasonably protect the applicable research data and systems from unauthorized access or data exposure.
- Consider and review the difficulties and cost researchers or their supporting staff will encounter in the implementation of said recommendations in (2) and propose, whenever possible, processes, technology, and solutions that are cost efficient, and as unobtrusive to research as possible while meeting the objectives in (2.a) and (2.b).
- Report status of deliverables to the STAB on a regular basis.