Research Data Security


NIST SP 800-171 Compliance

Certain research projects sponsored by U.S. federal agencies, in particular the Department of Defense (DoD), are required to demonstrate compliance with the standards outlined in NIST SP 800-171. The University of Memphis has developed guidelines to assist research teams with achieving and maintaining compliance. Visit the IT Security NIST SP 800-171 webpage for more information.


HIPAA Hybrid Entity

The University of Memphis is a HIPAA Hybrid Entity with several designated components. For our researchers using HIPAA data (Protected Health Information), please be in contact with Ricky Tan to discuss your data security requirements.


Data Sharing Agreements

Data agreements that do not involve human subjects research data under IRB review, submission for review will start with CayuseSP and the Office of Sponsored Programs. OSP will coordinate with Research Compliance for ITS review.

The following is the procedure for review and signature approval of data sharing agreements where human subject data is being shared by another party with a University of Memphis Investigator:

1. When submitting a protocol to the IRB, Cayuse IRB will prompt the researcher to attach

2. IRB analysts will review materials for completion and ensure that the IRB protocol matches the terms of the data sharing agreement, and the data management plan.

3. IRB analysts will assign a protocol number and affix it to the Research Data Security Agreement. They will forward to the Director of Research Computing, the Research Data Security Agreement, the data sharing agreement, and the Researcher's data management plan.

4. Information Technology Services(ITS), the Director of Research Computing or a designated representative will review the data security requirements of the agreements, consult with the Researcher as needed, assist the Researcher, Research Compliance and the IRB with understanding the technical requirements of the agreements.

5. ITS will approve the final Data Management Plan by signing the Research Data Security Agreement, the data sharing agreement (if there is a required IT signature) and forwarding signed agreements to the IRB.

6. The IRB protocol will then be reviewed with the approved data management plan in place.

7. When the IRB protocol has received IRB approval, the IRB analysts will forward the Data agreement to the Executive Vice President for Research and Innovation (EVPRI) for Signature and return the signed document to the Researcher. IRB analysts will also forward a copy of the executed Research Data Security Agreement to the Researcher. If electronic authorization is required by the EVPRI, that notification of authorization will made by email to the EVPRI.


Research Compliance Training