The Handbook is currently under development and may change at any point - it is not meant for production use
Skip to aside Skip to content Skip to footer

["Guidance"] IT security

Context

IT security is fundamental to responsible research data management. Robust IT security safeguards research data from breaches, loss, and misuse, protecting both sensitive information and institutional reputation. As research becomes increasingly data-intensive and collaborative, legal and IT security considerations are central to every stage of the research data lifecycle, from data collection and consent management to storage, sharing, and long-term preservation. Missteps can cause reputational damage, legal liability, or harm to study participants, while good practices foster trust, enable data reuse, and strengthen institutional resilience. Mature IT security emerges when policies are documented, staff are trained regularly, and protections extend beyond basic antivirus or firewall measures. Data stewards play a key role as a contact point between researchers, IT and ISO (information security officer) teams, translating organisational policies into practical guidance and helping researchers apply security measures in their daily work.

Guidance

Data stewards play a pivotal role in bridging the gap between researchers and IT professionals—helping to embed data security concerns into research culture and daily practice. The mission of a data steward is to facilitate adoption of data security practices while still enabling awareness, practical guidance, and embedding security into workflows. Furthermore, data stewards play a vital role in adapting institutional security policies to the realities of the research environment. This input is crucial, as Information Security Officers (ISOs) often come from business-oriented backgrounds that may not align with the unique workflows and openness required in a research institute.

1. Promote awareness and visibility of IT security support and guidance

✔ Promote presence at the institutional level

  • Include references to IT security policies and procedures into institutional RDM and DMP guidelines.
  • Include IT security guidance in onboarding and offboarding materials and general training portfolio.
  • Share reminders about security practices via newsletters or internal communications.

2. Foster a Security-Conscious Culture

Make it normal and safe to report potential vulnerabilities or mistakes.

  • Encourage staff to ask about risks, reporting incidents, or implementing security measures. As a data steward, researchers are more open to share their IT security questions and doubts in face-to-face meetings, e.g. project planning kick-offs or DMP review.

Offer simple checklists or templates for common tasks.

✔ Track issues and responses

  • Analyse data management help desk questions/requests for potential security gaps or incidents to identify areas for improvement
  • Use this information to refine guidance, training, or tools or notify IT security of problems.
  • Communicate updates to procedures, templates, or IT tools that result from staff input.

3. Integrate IT security into research workflows

✔ Position security guidance at key research milestones

  • Align security checks with research project registration, data collection, storage, sharing, or long-term preservation.
  • Ensure access controls, and risk assessments are applied at the right time.
  • Translate high-level policies into actionable steps for researchers (e.g., password management, MFA, secure file storage).

4. Establish collaboration with your information security office

Clarify roles and expectations in your relationship with information security office

  • Share domain specific requirements and standards.
  • Assess impact of new security measures on researchers and their activities.
  • Contribute to policy development and awareness campaigns.

Collaborate with IT security when introducing new tools for research data management

Establish a communication channel with information security office, ensuring regular exchanges

  • When a data steward notices a possible security issue, they should raise alarms and forward the issue to IT security contact.
  • To effectively identify areas for improvement, Data Stewards must collaborate with IT Security on a regular basis (e.g., every 3–6 months). These joint reviews of incident logs and recurring security questions ensure that the Steward is informed of real-world gaps and can adjust guidance accordingly.
  • Ensure your collaboration framework is documented and inform management about it.
AJ

Aina Jené

Diana Pilvar
Contributor

Diana Pilvar

University of Tartu

Hana Marčetić
Contributor

Hana Marčetić

Luxembourg Centre of Systems Biomedicine

Heleri Inno
Contributor

Heleri Inno

University of Tartu / ELIXIR-EE

Jana Martínková
Contributor

Jana Martínková

Marina Popleteeva
Contributor

Marina Popleteeva

Luxembourg Institute of Health

Saliha Zenboudji-Beddek
Contributor

Saliha Zenboudji-Beddek

French Institute of Bioinformatics (IFB -UAR 3601 - CNRS)

Vilem Ded
Contributor

Vilem Ded