California State CPHS Data Security Assessment

A service overview and catalog of California State CPHS Data Security Assessment provided by the UC Berkeley IT Service Hub.

Description

This service provides a structured evaluation of IT systems against data security requirements mandated by California state agencies for which the Committee for the Protection of Human Subjects (CPHS) serves as the primary Institutional Review Board (IRB).

Find additional details about the CPHS Data Security Assessment on the Security website.

Benefits & Features

Expert Partnership: Direct consultation with an Information Security Office (ISO) Analyst to guide system alignment.
Compliance Validation: Technical evaluation of security controls to ensure adherence to state mandates, protecting both the researcher and the University from liability.
Official Certification: Provision of the formal Chief Information Security Officer (CISO) signed letter required by state agencies for the release of Personally Identifiable Data (PID).

Getting Started

Submission Timeline

Important : To ensure a thorough review and CISO signature, all assessment requests must be submitted at least 6 weeks prior to your application deadline.

Step 1: Prepare Your Information

Before beginning the request form gather the following details:

Project Basics: Project Name, Unit/Department Name, and Project ID Number.
Contact Info: Full Name and Email for both the Principal Investigator (PI) and the Primary Research Contact.
Project Scope: A brief description of the research and the specific types of data being collected or used.
Technical Scope: A list/description of IT infrastructure used for data collection, storage, processing, and backup (e.g., workstations, lab servers, or Research IT services).
Compliance Requirements: Copies of State Agency Information Security Attestation Requirements. Any other external security requirements tied to the fund of your research project (e.g. CPHS, HCAI, CDPH, CDSS, etc).
Deadline: Your target CPHS Application Deadline Date.

Step 2: Submit Your Request

Once you have gathered the information above, submit your request via the secure intake form: Request a Research Data Security Assessment (form requires CalNet login).

Service Details

Eligibility	This service is available to Faculty, Students, and IT Providers.
Contact	Technical Support: Submit your request via the secure intake form: Request a Research Data Security Assessment (form requires CalNet login). If you have any questions during the preparation process, please open a ServiceNow ticket by emailing security-assessments@berkeley.edu.
Availability	Available 24/7. Support is provided Monday–Friday, 8:00 AM – 5:00 PM PT, excluding University holidays and curtailment periods.
Cost	There are no direct costs associated with this service.
Data Classification	This service is rated for P3, A2, and R1 data. Compliance: Users are responsible for ensuring data handled within this service complies with the Data and IT Resource Classification Standards.