Guidance for WSU’s New Regulated Data Environment
We are please to announce the availability of a new centralized, Regulated Data Environment (RDE) and provide guidance regarding the implementation and utilization of this environment. The changes discussed below are essential to WSU as it continues to grow its research and scholarly enterprise.
The majority of grant dollars awarded to WSU researchers are federally funded, including from sponsors such as the United States Department of Agriculture, the Department of Defense, the United States Department of Health and Human Services, National Institutes of Health, National Science Foundation, and others. When specified by contract or regulation, these and other agencies, including state agencies, often require that data provided by the government or information that is gathered through sponsored research be stored securely and per regulated data policies or frameworks such as Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Modernization Act (FISMA), National Institute of Standards and Technology (NIST) SP 800-171, and the Cybersecurity Maturity Model Certification (CMMC). To meet these and other similar regulatory requirements, WSU is immediately moving forward with the launch of its centralized RDE Service offering. Initially, this service will be provided via Amazon Web Services (AWS), with the Microsoft Azure platform becoming available later this spring.
Going forward, it is required that all WSU researchers and personnel use the RDE in partnership with Information Technology Services (ITS) and your Area Technology Officer to meet regulatory and security compliance requirements. Planning for utilization of the RDE early in your proposal process will help to avoid delayed award acceptance and will ensure adequate resources are available to accommodate the regulatory needs of your project. We highly discourage the use of homegrown or “shadow” systems to collect and store regulated data because it will require security reviews to ensure those systems meet the proper university, state, and federal certifications. These additional security reviews will cause delays in the approval of projects and will involve additional costs. Utilizing the RDE service avoids that process, allowing projects to meet security requirements and start on time. Additionally, the RDE service can assist with accessing research data stored on external environments, which is often difficult to do in a compliant manner between separate infrastructures (see WSU BPPM 45.35 and Executive Policy 8).
There will be reasonable ongoing costs associated with this central service, since it will be hosted in both Amazon and Microsoft cloud infrastructure. However, researchers will only pay for the resources they actually consume.
We also would like to point out that RDE is equally capable of processing Confidential data as well.
Please let Dan Nordquist (Office of Research) or Tony Opheim (ITS) know if you have questions regarding this service offering or contact Bill Bonner (ITS) directly to schedule a consultation meeting to discuss pricing or other technical details.
Thank you for your support as we implement these changes.