Charter of the Secure Research Computing Oversight Committee

Purpose

In supporting its research mission, the University of Chicago takes seriously its obligation to protect University research and safeguard the security of research data. The University is increasingly required to accept and manage higher levels of liability and risk associated with research and technical services that entail processing datasets of private personal information obtained under contract from third parties. In addition, contracts with federal agencies increasingly include substantial “flow down” security and privacy obligations, and some data generated or collected by University researchers is subject to a similar level of security and privacy protection. To effectively manage these liabilities and risks, the University has developed a secure research computing strategy that features a Secure Data Enclave (SDE) and the associated security and privacy policies, services and processes to support its operations and the operations of CISO-certified secure local unit environments.

Responsibilities

The Secure Research Computing Oversight Committee (OC) executes the secure research computing strategy by:

  • developing enabling policies, processes, and services and recommending them to the Privacy and Security Council for University Research after receiving the endorsement of the Board of Computing Activities and Services;
  • implementing the policies approved by the Privacy and Security Council and ensuring the provision of all related communication and training;
  • ensuring that the execution of the secure research computing strategy is cognizant of and to every appropriate extent possible reflects security and privacy standards consistent with the Biological Sciences Division’s and UChicago Medicine’s security and privacy standards;
  • incentivizing researchers to use compliant secure data storage and processing facilities;
  • identifying resource needs across areas to the Privacy and Security Council that are necessary to ensure successful execution of the secure research computing strategy;
  • reviewing funding proposals for consistency with the strategy and monitoring changing regulations and practices at peer institutions;
  • discussing and as necessary following up on security incidents and breaches, including near misses, and developing and using appropriate reporting protocols to inform leadership of incidents.

The work of the OC will be supported by several standing working groups.

Membership

Members meet biweekly:

  • Director of the Research Computing Center (Chair)
  • Chief Technology Officer in IT Services (Co-Chair)
  • Representative of the Chief Information Security Officer
  • Representative from Office of Legal Counsel
  • Representative from University Research Administration
  • Secure Data Enclave Program Manager

Once per quarter the OC meeting broadens to include significant stakeholders:

  • Associate Deans for Research of Divisions, Schools, and Institutes (nominated by Deans)
  • Directors of the Social and Behavioral Sciences and the Social Services Administration IRBs
  • Chief Information Officer (CIO)
  • Associate Vice President for University Research Administration
  • Executive Director for Compliance and Internal Audit
  • Chair, Board of Computing Activities and Services (BCAS)
  • Chair, Research Computing Oversight Committee (RCOC)

Jurisdiction and Relationship with Other Governance Bodies

The OC will be responsible to the Privacy and Security Council for the successful execution of the secure research computing strategy. The OC will often be the source of draft policies, other proposals, and information to be brought to the Privacy and Security Council for consideration. The OC will recommend only those policy proposals to the Council that are endorsed by the Board of Computing Activities and Services and the Research Computing Oversight Committee.