Secure Data Rooms

HGSE researchers are frequently the recipients of highly sensitive or confidential information from their data providers. As such, these researchers are sometimes required to reserve a secure data room in which to perform and analyze their research due to 1.) Certain data classification levels assigned by their respective Institutional Review Board (IRB) (either Longwood Medical Area or University Area), 2.) Terms of Restricted-Use data licenses, or 3.) Terms of Data Use Agreements (DUAs) negotiated between HGSE’s Office of Sponsored Projects (HGSE-OSP) and data providers.

NCES/IES Secure Data Rooms (SDR)

NCES/IES Restricted-Use data Licenses impose significant restrictions on who can have a License, who can access the data, and where and how the data can be housed. One such restriction includes the use of an access controlled secure data room where the Restricted-Use data is stored and used by Licensed researchers on a stand-alone, non-networked desktop computer.

Those researchers looking to apply for an NCES/IES Restricted-Use data license (as users or as a PPO) are encouraged to contact HGSE's Director of Security Operations (DSO) and HGSE's Operations Department to begin the space review process. While some HGSE faculty members may have a preferred office space available they'd like converted into a secure data room exclusively for their/their students' use, often, this is not the case, and as such, other spaces at HGSE would need to be evaluated for availability and/or compliance with NCES/IES requirements.

Apply for a New NCES/IES Restricted-Use License

Please note, you must have a direct affiliation with HGSE as a faculty, student, or staff member to apply for a NCES/IES Restricted-Use License at HGSE. Similarly, applicants must read the NCES/IES Restricted-Use Data Procedures Manual. This manual outlines in full all required procedures and restrictions on Restricted-Use data and Licenses.

  1. Obtain IRB Approval: Researchers must have an approved Committee on the Use of Human Subjects (CUHS) (Longwood Medical Area)/Institutional Review Board (IRB) (University Area) protocol, be added to an existing one, or submit a new protocol for the project you plan use the NCES/IES Restricted-Use data for via Harvard's Electronic Submission Tracking and Reporting (ESTR) platform.
  2. Application Personnel: Applicants must designate the following three individuals on their application to qualify for and receive a Restricted-Use data License from NCES/IES, as these persons will sign the required and applicable documents in Step #3 for the License:
    1. Principle Project Officer (PPO): A PPO is responsible for the day-to-day operations involving the requested data. Academic applicants must have the rank of post-doctoral fellow or above to serve as the PPO (applicants unable to meet this standard must secure an HGSE faculty member willing to serve as PPO). Visiting professors or scholars cannot be a PPO, and applicants in research laboratories or analytic consulting firms must have the rank of research associate or above to serve as a PPO.
    2. Senior Official (SO): Each application must have the support of a SO who has the legal authority to sign the License (contract) on behalf of the institution to bind them to the terms of the License. At HGSE, applicants are asked to submit their proposed research to University-OSP within the Agreements-DUA Application, as an appropriate SO will will be assigned by University-OSP via that Application.
    3. Systems Security Officer (SSO): Each application must have a SSO to oversee the security of the data. At HGSE, applicants will list HGSE's Director of Security Operations (DSO) as the SSO on their Restricted-Use data License application: Sarah Bystran-Pruski, Director of Security Operations; Harvard Graduate School of Education, Information Technology, 6 Appian Way, Cambridge, MA 02138; Phone: 617-384-7859; Email: sarah_pruski@gse.harvard.edu
  3. Formal Request & Application: Step #3 includes both an online component, as well as a physical paper application component. The former includes the requirement for the PPO to submit a Formal Request for the Restricted-Use License to IES. An applicant may designate up to seven users who will access the Restricted-Use data on their License. Once IES receives the Formal Request online, the PPO must then submit the following three physical documents:
    1. A signed IES License Document (View IES Instructions)
    2. Executed Affidavit(s) of Nondisclosure for all intended users on the License (again and at a minimum, an affadavit is required from the PPO, SSO (Sarah Bystran-Pruski), and a support staff member of the ITSC/Infrastructure Technologies group (Beau Fujita). Please email the SSO and support staff member directly to request and collect their executed affadavits) (View IES Instructions) - Each affidavit must contain the following statement within the upper-right box labeled "NCES Database or File Containing Individually Identifiable Information": All NCES/IES Data. This statement clears each user on the License to view current or future NCES/IES Restricted-Use datasets on their PPO's License within the approved secure data room and forgo the execution of new affidavits for each user. Do not sign on the signature line until in the presence of a notary. Doing so in advance will nullify the affidavit, and you will be required to re-complete a new document before signing in front of the notary. Harvard University provides notary services to Harvard community members at select offices. Public notary services are also available through commercial businesses in the area. Please note the hours, required evidence of identity, and any applicable fees for notarization at each respective location:
      • Harvard Office of the General Counsel
      • Harvard University Employee Credit Union
      • The UPS Store
      • Bank Notaries: Most banks have a notary public on hand at all times. If you use a certain bank regularly, contact your bank or stop by to inquire about notary services, when they are available and how much they cost. Some banks will notarize documents free of charge if you have a bank account at that specific institution.
      • Courthouse Notaries: You can always get something notarized at the courthouse during business hours. Many courthouse clerks do double duty as notaries, but you can call ahead to find out which office to head to in order to get your document notarized, as well as what type of costs you should expect for the service. Generally, the county clerk’s office should be able to assist you with notary needs.
    3. A signed Security Plan Form (View IES Instructions) - Applicants must first consult with HGSE's DSO by contacting the IT Service Center in order to confirm the proposed space meets the minimum NCES/IES requirements and the applicant has procured a dedicated, stand-alone and non-networked desktop computer for Restricted-Use data.
    4. Certificates of completion from all intended users on the License (including HGSE's SSO/DSO (Sarah Bystran-Pruski), and a support staff member of the ITSC/Infrastructure Technologies group (Beau Fujita) for the NCES/IES Restricted-Use Data License Training. (Please note that this will be an annual requirement of your intended users in order to be in compliance with NCES/IES policies.)
  4. Duplicate & Submit: To complete the application, securely mail (tracking and/or certification strongly recommended) the signed IES License Document, the notarized affidavit(s) of nondisclosure for all users, the signed Security Plan Form, and training certificates to: IES Data Security Office; Department of Education/IES/NCES, 550 12th Street, SW, Room 4060, Washington, DC 20202; Phone: 202-245-7674. Prior to mailing your application, please make a photo/digital copy of the completed application package.
  5. If the application is approved, the PPO will receive the following information.

Non-NCES/IES Secure Data Room Request Process

HGSE has developed a secure data room request workflow and process to assist its researchers in determining whether or not they 1.) Require a secure data room for their research, and if so, 2.) How and where to begin the application process. Researchers are encouraged to request a security consultation with HGSE's Director of Security Operations (DSO) by contacting the the IT Service Center to help determine their specific needs for a secure data room.

Envelope icon with @ symbol

Email IT OneStop for Support

The IT Service Center functions as the "one-stop" resource for technology-related support and services. Reach out for support at it_onestop@gse.harvard.edu.

The HUIT logo and shield in a square formation.

Harvard-wide Tools & Services

Harvard University Information Technology (HUIT) provides access to many tools and services for the Harvard Community, which you can explore here.

five hexagon shapes with finger, eye, person, head, and ear inside

Digital Accessibility Services

Digital Accessibility Services (DAS) supports the Harvard community in making sure that everyone has the opportunity to access the university’s knowledge, ideas, and resources.

shield with lock inside

Privacy & Security Incident Reporting

Review or report common issues involving information security or data privacy. HGSE IT is here to help!