A comprehensive audit shows that research data at the University of Kentucky is secure.

“This audit shows our dedication to ensuring that data housed within our data center is secure and that privacy protections of research data is of upmost importance to our team,” said Tamela Harper, director of operations for the Institute for Biomedical Informatics (IBI).

IBI facilitates data-intensive, multidisciplinary team science to improve the health of patients and populations, in Kentucky and beyond.

An external audit was performed by the Centric Consulting Group on UK’s Research Enterprise Data Center (R-EDC).

The group measured UK’s data security up against guidelines from the National Institute of Standards and Technology (NIST). NIST is a federal agency within the U.S. Department of Commerce that develops standards, guidelines and best resources for cybersecurity.

The assessment includes review of policies and procedures covering a range of cybersecurity requirements including cryptography, education and workforce development, risk management, privacy and incident response efforts among many other standards.

The audit included assessment of 274 controls and determined that the R-EDC is in line with NIST 800:53 Moderate Standards, which are a set of security controls that are appropriate for systems with a moderate impact level.

Harper and Will Overstreet, UK network engineer and systems security officer, thanked their small team of technical professionals for undertaking such a large project.