By Carolyn Ellis. The Regulated Research Community of Practice (RRCoP) is a new community providing important resources for those administering research trials or engaging in defense research. This group represents an open community of research institutions from across the country who support one another in administering research that is subject to compliance regulations, such as biomedical health information or Department of Defense protected data.
Research data is widely sought out from our adversaries and these regulations help ensure that data is stored, processed, and transmitted with uniform security protocols. The biggest challenge that academia faces with the various regulations is keeping the time to science fast while reacting to new security compliance regulations. Historically institutions have grown local talent, which limits the growth to the expertise at that institution and puts smaller institutions at a disadvantage. RRCoP is means of sharing expertise, lessons learned, strategies, templates, or processes beyond a single institution. By leveraging distributed expertise, everyone from learners to leaders can get to science faster. This group is funded by the National Science Foundation and was founded just over a year ago in December 2021. Currently, there are 245 institutions participating from seven countries and 49 states, including most UC locations, for a total of about 800 individual members.
Together, members create efficiencies through:
1. Building community
2. Collecting and sharing resources
3. Advocating and negotiating with regulatory bodies
4. Managing change
Resources Available from RRCoP:
- Peer institutions lessons learned
- Trustworthy sources of cybersecurity frameworks
- Feedback & Knowledgeable sounding boards
- Training material
- Avenues to connect with similar roles facing similar challenges.
The community offers several resources to its members, including monthly webinars, along with workshops, a website, and an active online community on Slack. Recent webinars featured guest speaker Robert Smith, Systemwide IT Policy and Security Director at University of California Office of the President, who presented on how policy is developed and how this involves engaging a broad range of roles and audiences. Additionally Michael Corn, Chief Information Security Officer of UC San Diego shared updates as the Vice Chair of the Academic Advisory Committee over one of the regulations that is still forming, CMMC. By sharing these highly niche pockets of expertise, institutions can focus on something building instead of learning and advocating individually. In another recent online seminar, the community shared the journey of building a cost model for regulated research which is one of their most popular webinars since everyone seems to be struggling with “who pays?” Co-PI Erik Deumens, Research Computing senior director Information technology, “It’s been an absolute pleasure growing as the community has grown. I’ve really noticed a new maturity with our questions in the Slack channel and the topics of the webinars, which is the entire reason RRCoP exists.”
The team is happy to grow its membership across institutions as well as roles, as regulated research can impact a number of distinct roles. Today, the group includes members from various departments such as: Export Control, Research Computing, Research Administration, Government Relations, Legal, Policy, System Administration and Infrastructure, and Security and Compliance. The community is a valuable resource for higher education institutions to share and learn from others who have experienced similar compliance challenges, and welcomes members of all levels of experience.
Carolyn Ellis, Program Manager of the Cybersecurity Maturity Model Certification (CMMC) Program at UC San Diego, and Erik Deumens, Research Computing senior director, Information technology at University of Florida lead the program. For more information, please visit www.regulatedresearch.org or contact Carolyn Ellis at firstname.lastname@example.org.
Cybersecurity Maturity Model Certification (CMMC) Program at UC San Diego
January 2023 NIST guidance document for implementing controls on HPC systems [Meeting recording]
December 2022 Tales from the IT Policy Office at University of California [Meeting Recording]
November 2022 Impact of Cybersecurity on UCF Research Administration [Meeting Recording]
November 2022 The UChicago Security Research Data Strategy and Secure Data Enclave [Meeting Recording]
October 2022 Convenience vs Security [Meeting Recording]
October 2022 Debrief from Certified CMMC Professional course [Meeting Recording]
September 2022 NIST 800-171 Compliance Journey [Meeting Recording]
August 2022 Preparing and Engaging with Third Party Assessors [Meeting Recording]
July 2022 Biomedical Programs & HITRUST [Meeting Recording]
June 2022 Voices from Aligned Communities [Meeting Recording]
May 2022 Compliance & Researchers: Teamwork makes the dream work [Meeting Recording]
April 2022 Making FAQs & Documentation More User Friendly [Meeting Recording]
March 2022 System Security Plan Innovators [Meeting Recording]
February 2022Financials & Cost Model [ Meeting Recording]
January 2022 Overview of RRCoP and Planning [Meeting Recording]