Data and Information Security
Export controls can extend to the data and electronic information researchers store, access, manipulate, and transmit electronically. As such, OEC works closely with ¶¶Òõ¶ÌÊÓƵ Boulder's Office of Information Technology (OIT) to identify and protect certain research-related electronic information that requires specific security measures per federal regulations, sponsor requirements, grant/contract clauses and/or institutional policies.
The data and information security needs of researchers are identified through existing compliance procedures. Once identified, OEC assists researchers by determining which regulations apply to the electronic information (EAR, ITAR, or ¶¶Òõ¶ÌÊÓƵI/NIST-800-171) and how to adequately implement controls through a Technology Control Plan (TCP) or use of one of ¶¶Òõ¶ÌÊÓƵ's available IT solutions (see below).
Data security now requires you to "know your cloud infrastructure", including where servers are located and how data is routed.
¶¶Òõ¶ÌÊÓƵ Boulder's CMMC Certified IT Environment for projects involving ¶¶Òõ¶ÌÊÓƵI and Export Controls