Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Risk Assessment Mitigation

advertisement 
Protection Against and Minimization of Risks (45 CFR 46.111(A)(1)
Please complete the entire table.
PI Name:
Study #
Security Classification:
(Use VCU data classification survey to determine classification)
go.vcu.edu/dataclassification
Are all computing devices associated with this study encrypted? _________
Are you using an thumb drive for any data storage? _____________
If so, is it an “Iron Key”? _______________
Describe the potential risks associated with participation in the study, the procedures to
protect against or minimize potential risks and asses the likelihood of the risk occurring,
and if it were to occur the seriousness to the subject.
Type of Risk
Physical Risks:
Psychological
Risks:
Economical
Risks (include
insurability,
employment,
etc.):
Social Risks:
Legal Risks:
Breach Risks:
Community
Risks:
Other Risks:
Comments:
Potential Risks
Procedures to
Protect Against/
Minimize Risks
Likelihood of
Occurrence
Seriousness to
Subject if Risk
Occurs.
Protection Against and Minimization of Risks (45 CFR 46.111(A)(1)
Breach/Data Security policies regarding Research DATA
Research Data: Category I Data
Sensitive research data is required to be confidential (high) due to various factors, including
human subject data, intellectual property rights, large grant funding, etc. Integrity of the
research is recommended (high) because the data must be accurate and free from errors.
Availability is recommended (medium), because the university is not necessarily in any danger
or in violation of any law if the data is unavailable for a period of time.
Summary of sensitive research data:
• Need for Confidentiality is required (high)
• Need for Integrity is recommended (high)
• Need for Availability is recommended (medium)
Since the Need for Confidentiality is high, the controls to protect this data are required.
www.ts.vcu.edu/.../askit/mc-docs/VCUDataClassificationGuidelines.pdf
You can also reference the School of Medicine's Data Classification policy http://ts.som.vcu.edu/docs/infosecuritystandard.pdf
It's list of "sensitive data" begins with "Proprietary research data"
Under the VCU Security Standard for Electronic Academic Research Data and Intellectual
Property, it states:
Requirements of Standard:
R1. Risk Management
• R1.1 Data Sensitivity Classification – each data owner shall identify the sensitivity
requirements of all types of data being handled using the criteria of confidentiality, integrity and
availability (see VCU’s Data
Classification Guidelines) and determine whether each type of data may also be subject to other
regulatory requirements. It is assumed that research data has a high degree of integrity and
availability. A sensitivity rating of high on the criteria of confidentiality should be used to
classify the data as sensitive.
Related documents
The Plight of the Syrian Refugees
The Plight of the Syrian Refugees
Virginia Commonwealth University placement profile
Virginia Commonwealth University placement profile
Appeal Form
Appeal Form
Teaching and Studying Global Health and Social
Teaching and Studying Global Health and Social
November 26, 2015 Dear Faculty and Students, Please read the
November 26, 2015 Dear Faculty and Students, Please read the
Greta D`Antonio
Greta D`Antonio
Sample Nursing Resume_with Comments_010511
Sample Nursing Resume_with Comments_010511
Education - felixavenue
Education - felixavenue
minutes11-20-13 - MCV Campus Student Government
minutes11-20-13 - MCV Campus Student Government
Assessment and administrative burden:
Assessment and administrative burden:
Digital Control System for Traction Applications (VCU)
Digital Control System for Traction Applications (VCU)
CreateAthon at VCU 12
CreateAthon at VCU 12
Download
advertisement