Skip to Main Content

Data Security: Policies and Regulations Impacting Research Data: IRBIS

Security considerations in managing sensitive data.

Library Data Services

Library Data Services caters to researchers interested in working with data, mapping, texts, visualization, and technology. Many of these services are available online. Davis Library Data Services, located on the second floor of Davis Library, offers:

  • A computing lab with specialized software for GIS and data visualization & analysis.
  • Walk-in assistance provided by knowledgeable student consultants during set hours
  • Consultations with specialists for more in-depth inquiries (by appointment).
  • Spaces for collaboration and presentation, complete with white boards and external displays.
  • Technology short courses and programs that promote digital scholarship.

What Is IRBIS?

First, IRB stands for Institutional Review Board, which is the committee formally designated to approve, monitor, and review research involving humans. IRBIS, the Institutional Review Board Information System, is the online form for submitting approvals to UNC's IRB.  Studies involving humans may contain sensitive data and IRBIS explains clearly various levels of data sensitivity as outlined below, established by the IRB.  These are the concrete requirements for data protection.  If your data as described in your IRB application meets the standards for Level 3 data, you will be referred to seek help from your appropriate IT office.

Levels of Data Security Requirements

Level I
The study collects data that does not require additional security measures.

Recommended Measures

  • Access to data should be protected by a username and password.
  • Data should be accessed over a secure network.
  • Computers storing data should have anti virus software.
  • Users should be given the lowest necessary level of access to data.

Level II

The study collects data that requires additional security measures in order to ensure there is no inadvertant disclosure.

Required Measures

  • Access to data must be protected by a username and password.
  • Data must be accessed from within a secure network.
  • Computers storing data must have anti virus software (Symantec Endpoint Protection).
  • Users should be given the lowest necessary level of access to data.
  • The senior IT official in the school or department may contact those running the study to discuss data security questions and concerns.

Level III
The study collects data that requires additional security measures in order to ensure there is no inadvertant disclosure. Any computers storing or accessing data collected for the study are required to implement these measures.

Required Measures

  • Access to data must be protected by a username and password that meets the complexity and change requirements of a UNC Onyen.
  • Data must be accessed from within a secure network.
  • Computers storing data must have anti virus software (Symantec Endpoint Protection).
  • Study data must be encrypted where technologically feasible.
  • Computers used to store study data must be scanned regularly for vulnerabilities.
  • Users should be given the lowest necessary level of access to data.
  • The senior IT official in the school or department may contact those running the study to discuss data security questions and concerns.

Continue...

  • Last Updated: Jul 26, 2022 3:07 PM
  • URL: https://guides.lib.unc.edu/datasecurity