Information Security

Information security (also known as data security) is one of the most important aspects of Research Data Management. Regardless of research information classification (sensitivity level), security safeguards should be in place to ensure it is not lost, stolen, or otherwise compromised. 

At UBC, researchers are responsible to ensure the information collected, processed, stored, and shared meets the university security and privacy requirements, as well as provincial, national, and international applicable regulations. 

Before reading this page 

Regardless of the information classification associated with a research project, it is strongly recommended that researchers consult an information security professional when planning a research project that will collect, process, store, and/or share research information. This page covers high-level concepts about information security and may not include all information applicable to specific research projects. 

For assistance, please contact arc.support@ubc.ca 

Classification 

Information classification (also known as data classification) is a crucial step in building a research projects’ security posture. It identifies the safeguarding requirements that should be in place for the project to be compliant with the university policies.  

To identify information classification: 

  1. Consult UBC Information Security Standard U1(ISS-U1) and our Research Information Classification page;
  2. Review the nature of the information; 
  3. Identify the elements collected, processed or stored that meet the highest risks in ISS-U1; 
  4. Assign an Information classification to all research information based on the results of step 3. 

Note 
Regardless of the amount of information collected, processed, stored, or shared, the most sensitive element identified should be the one defining the overall information classification. 

Processing 

Part of research project planning is usually to identify how Information will be processed, and which tools will be used. 

Before starting the procurement process, researchers must ensure the solution to be used meets UBC requirements of Policy SC14, and associated Standards. To facilitate this process UBC Advanced Research Computing (ARC) offers information security services, including self-service tools, consultations, and various types of security assessments 

Take a deeper dive 
To find out more about ARC security services, visit our Security and Privacy Services page.  
To find out more about UBC Information Systems Policy and Standards, visit the Office of the CIO website. 

Storage 

Information storage plays a central role in Research Data Management. Storage must be considered from the beginning to the end of a research project; and beyond when retention policies apply or when research information is deposited. 

Properly safeguarding stored information is one of the most important aspects of a robust information security plan. When planning for information storage, consider the following: 

Sharing 

When sharing information with external collaborators, researchers will need to consider information management, custody/ownership, and safeguarding requirements. 

For more information about sharing research information, visit our Sharing Research Information page. 


 

Additional Resources 

For more information about Information Security for research, you may also consult:  

Office of the CIO 
cio.ubc.ca  
Office of the University Counsel 
universitycounsel.ubc.ca  
Privacy Matters 
privacymatters.ubc.ca  

 


UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. External Link An arrow entering a square. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service.