Regulatory Compliance

RCC staff can assist researchers navigate the regulatory compliance issues associated with data storage and retention.

The Research Computing Center (RCC) will assist any research with curation, protection, and data workflow.  However, the final responsiblity for any software or research data is with the owner of the data.  Data stored on RCC resources may or may not fall under privacy, security, and data retention policies issued by FSU or other regulatory agencies.  Examples include PHI (e.g. medical records, patient data), personally-identifiable information (e.g. social security numbers, names and addresses), or FERPA-protected data (e.g. student records).

It is the responsibility of the PI to classify data stored on RCC systems.  This includes any data that might fall under HIPAA, NIST-80-171, or similar regulations.

RCC provides a number of security mechanisms to researchers to protected data from unauthorized access:

  • For data that resides on RCC shared filesystems, we create dedicated volumes.  These volumes are access-controlled using POSIX ACLs.  It is the responsibility of the PI to grant or revoke access to these volumes (via the RCC website or by requesting RCC staff make ACL changes).
  • For information that resides on dedicated storage nodes, in the form of regular files or database information, RCC staff will ensure that only users approved by the PI will be able to access this data.
  • RCC staff actively patch all storage system with the latest security releases.

RCC staff will help assist researchers with data protection, however it is the responsibility of the PI to maintain a list of authorized users that are allowed to access particular data.

For such data that cannot be stored on RCC resources due to regulatory restrictions, RCC staff will assist researchers in acquiring, configuring, and managing an alternative solution.  Examples of such services include commercial providers such as Amazon Glacier, or FSU-affiliated entities, such as Northwest Regional Data Center Backup-as-a-Service.