When specified by contract or regulation, sponsors may require that research data provided by the government or information that is gathered through sponsored research be stored securely and per regulated data policies or frameworks such as Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST) SP 800-171, and the Cybersecurity Maturity Model Certification (CMMC). To meet these and other similar regulatory requirements, WSU IT has a centralized Regulated Data Environment (RDE) service available for use.
Planning for utilization of the RDE early in your proposal process will help to avoid delayed award acceptance and will ensure adequate resources are available to accommodate the regulatory needs of your project. We highly discourage the use of homegrown or “shadow” systems to collect and store regulated data because it will require security reviews to ensure those systems meet the proper university, state, and federal certifications. These additional security reviews will cause delays in the approval of projects and will involve additional costs. Utilizing the RDE service avoids that process, allowing projects to meet security requirements and start on time.
Additionally, the RDE service can assist with accessing research data stored on external environments, which is often difficult to do in a compliant manner between separate infrastructures (see WSU BPPM 45.35 and Executive Policy 8).
We also would like to point out that RDE is equally capable of processing Confidential data as well.
Please contact Bill Bonner (ITS) directly if you have questions regarding this service or to schedule a consultation meeting to discuss pricing or other technical details.