IG in MSD: DSPT, Business Continuity, and Privacy guidance


The University’s Data Security and Protection toolkit submission has been completed ahead of the deadline of March 31, was published today. The toolkit submission is intended to host new research data application requests outside of departments and units with an existing toolkit in place.  You can find the list of current toolkits (and submission status) here.

The University generic toolkit, despite its name, will be restricted in scope, and will have an onboarding process which will ensure that the projects undertake activities (such as training, appropriate review of data privacy and security controls, and assignment of roles and responsibilities) in order to be included into the toolkit scope. The requirements for being added on to a University toolkit will be formalised and published in the next few weeks.

Business Continuity in Research:

It is good practice to embed business continuity plans into research data management at the earliest possible opportunity, in order to account for additional requirements for data continuity, and planning for an acceptable level of confidentiality, integrity, and availability of data for researchers.
IGO has made available the following template which can help you think about these questions with your research staff.

Useful resources:

I’d also like to flag up best practice guides from CUREC on Research data collection and management:

This should act as your guidance when tackling questions on research data management from researchers conducting research on human participants.

The Data Privacy champion for MSD have put together the following pages to support researchers learn more about privacy (Privacy by Design), and to help IG leads with compliance activities (Useful Information for Audits):

Privacy by Design: https://www.medsci.ox.ac.uk/support-services/teams/data-privacy/privacy-...

Useful Information for Audits: https://www.medsci.ox.ac.uk/support-services/teams/data-privacy/medical-...


Last but not least, the University’ Baseline Security assessment report has been sent to your departmental administrator or nominated delegate over the past week. Please work with your departmental or unit administrator to review the recommendations, and respond to the invite from Information Security Team or email baseline@infosec.ox.ac.uk  to sit down with the central team and understand our key recommendations.

wordcloud of IG support calls from MSD