Data Resources for Researchers

Managing research data responsibly involves meeting a range of regulatory, institutional, and sponsor requirements. This page provides guidance and resources on data security, storage, sharing, de-identification, and compliance with federal policies. 

🔒 Security & Storage

📝Agreements & Governance

🏛️ Federal & NIH Policies

🏢 UCSF Resources

📁 Data Sharing

Data Security Risk Assessment and Data Transfer Agreement: A Data Security Risk Assessment by UCSF IT Security & Policy AND Data Transfer Agreement by the Office of Sponsored Research (OSR -- Industry Contracts Division) must be completed if your study involves: the collection, transmission, or storage of information when that data will be shared with or be accessible to any non-UCSF entity (e.g., pharmaceutical companies, UCSF Affiliated Institutions) or individual. This includes the use of third-party or vendor-hosted applications. UCSF or department-hosted applications may also need to be assessed in accordance with UCOP Policy IS-3 Electronic Information Security, particularly if they are new applications or have never been reviewed by UCSF IT Security & Policy.

  • Third-party or vendor-hosted applications include cloud-hosted applications and applications hosted by collaborating institutions
  • UCSF or department-hosted applications include any application managed by UCSF or developed by the department

These requirements apply for both identifiable and de-identified data for funded and unfunded research. Questions about these policies must be directed to UCSF IT and OSR, not to the IRB. 

Last updated: