Skip to main content

Research Cybersecurity Program


What we do

CU Boulder’s Research Cybersecurity Program is a division of the campus’s information security program and is dedicated to advancing CU Boulder research efforts. We provide training, security and compliance resources, consulting, and assessment services to assist researchers as they secure their research data and systems. Compliance requirements can be required by multiple governing bodies including the University’s data classifications, sponsor contracts and agreements, or state and federal regulations. We specialize in helping researchers identify the appropriate level of information security controls to secure their data and systems. The Research Cybersecurity Program also fosters partnerships with other industry organizations as we pursue more effective ways to support researchers in securing their data.


Specific service we provide are described below and if you don’t find one that fits your use case or scenario, feel free to reach out to us through the Information Security Review Intake form

IRB Security Reviews

Do you have IRB Level 3 data or are you working with data designated as Highly Confidential data by the University? During the IRB plan submission process, researchers find they have IRB Level 3 or University highly confidential data. If this is the case, the IRB requires an information systems security plan be created by the researcher and signed off on by the OIT information security team before a project receives or generates the highly confidential data. The research cybersecurity team provides researchers with templates and general guidance for creating system security plans; assesses completed plans; and approves those plans which meet the minimum security requirements the study is subject to. If a cybersecurity review is required for your IRB application, please contact us by completing the Information Security Review Intake form.

Contracts and Grants IT Security Review

The Office of Contracts and Grants (OCG) works with the Research Cybersecurity team to assist with interpretation of regulatory information security compliance requirements and assessment of a research team’s ability to comply with those requirements. The research cybersecurity team often contacts the principal investigator for an award to discuss the details of the information technology environment that will be utilized as part of a research project and determine if appropriate security controls are implemented to meet the regulatory requirements in the agreement. Complete our intake form to get started! 

Compliance Assessments

The Research Cybersecurity team is available to assist researchers in identifying and understanding information technology security compliance requirements they are subject to as part of their existing or planned research. The team can help researchers understand the sensitivity of the information they will utilize, identify which regulatory or University data protection standards apply, assess their information technology environments against the identified requirements, and can provide documentation templates required by the applicable standards. Fill out the Information Security Review Intake form to get started! 

Research Cybersecurity Program Compliance Resources

OIT Security provides compliance documentation packages to assist you in satisfying information security compliance requirements for your research project. Please complete the Information Security Review Intake form to request access. 

Contact us

Related Teams at CU Boulder