Montana State University’s data associated with research activity is a vital asset to the University. As such, maintaining the confidentiality, integrity, and availability of University data is critical to the success of the University. The University expects all stewards and custodians of its research data to manage, access, and utilize research data in a manner in accordance with MSU’s Enterprise Data Stewardship Policy.

All MSU faculty, staff and students are responsible for safeguarding University resources and data, and complying with university policies and data protection laws and regulations.

It is important that information security be addressed in all research projects as early as possible to ensure appropriate security controls are addressed in the grant proposal and budget process.

Complying with Information Security Requirements

Researchers must ensure research data complies with all federal and state laws, regulations and industry standards. All information security requirements will be noted by the third-party providing data to the researcher. Some common standards are listed below.

  • NIST SP 800-171 - requirements for Controlled Unclassified Information (CUI) to ensure security of sensitive government information. 
  • Health Insurance Portability and Accountability Act (HIPAA) - privacy and security rules governing how protected health information (PHI) is collected, disclosed and secured.
  • Family Educational Rights and Privacy Act (FERPA) - governs release of and access to student education records.

Researchers with information security requirements identified in grant proposals should contact MSU Information Security Group at [email protected]or visit MSU’s Information Security Group webpage for proposal documentation review to ensure appropriate protections can be implemented for the research study.