Researcher Pathway

Information Security · Teachers College

Your Researcher Pathway

Not sure where to start — or who to talk to first? Select your role and your situation below. We'll walk you through the right steps, in the right order, with the right people.

I am a…

Select your role to see your personalized pathway.

What describes your situation?

Choose the scenario that best matches where you are right now.

Starting a new funded research project

You have a grant award or are preparing a proposal involving data collection.

Received a data use agreement

An external organization has sent you a DUA to sign before sharing data.

Need to share data with another institution

You want to collaborate with researchers at another university or organization.

Just arrived at TC

You're new to Teachers College and want to set up secure research practices.

Starting a new funded research project

Follow these steps in order — the sequence matters, especially if human subjects are involved.

Information Security
IRB
Office of the General Counsel
You
  • 1
    IRB

    Determine if IRB review is required

    If your project involves human subjects, IRB review must begin before data collection. Contact the TC IRB office to confirm whether your project qualifies and what level of review is needed.

    Visit the TC IRB office →
  • 2
    Information Security

    Schedule a consultation with Information Security

    Meet with the InfoSec team to review your data types, storage plan, and any sponsor cybersecurity requirements. We can also help you draft the data security section of your IRB protocol or grant proposal.

    Schedule a consultation →
  • 3
    You

    Create a data security plan

    Document how your research data will be stored, accessed, shared, and destroyed. InfoSec can review and co-develop this with you. Many sponsors require this as part of the award.

    Download the template →
  • 4
    Office of the General Counsel

    Submit any contracts or agreements to OGC

    If your grant comes with a sponsored research agreement, data use agreement, or other contract, submit it to the Office of the General Counsel for review before signing.

    Contact the OGC →
  • 5
    IRB

    Complete your IRB submission

    Submit your full IRB protocol, including the data security plan reviewed by InfoSec. Do not begin data collection until IRB approval is received.

    Visit the TC IRB office →

Received a data use agreement

Do not sign a DUA until OGC and InfoSec have both reviewed it.

Information Security
Office of the General Counsel
You
  • 1
    Office of the General Counsel

    Submit the DUA to OGC first

    OGC must review and approve all data use agreements before they are signed. Do not sign anything until OGC has cleared it. Send them the full agreement along with a description of the data involved.

    Contact the OGC →
  • 2
    Information Security

    Schedule a consultation with Information Security

    Once OGC is reviewing, bring InfoSec in to assess the cybersecurity requirements in the DUA. We'll help you understand what controls are required and confirm whether TC's systems meet them.

    Schedule a consultation →
  • 3
    You

    Create a data security plan

    Most DUAs require a documented plan for how the data will be handled. InfoSec can help you create one that satisfies both the DUA requirements and TC's own policies.

    Download the template →
  • 4
    Office of the General Counsel

    OGC executes the agreement

    Once all reviews are complete, OGC will sign the DUA on behalf of TC. Faculty members cannot sign DUAs in their individual capacity.

    Contact the OGC →

Need to share data with another institution

Data sharing with external partners requires both legal and security review before any transfer occurs.

Information Security
Office of the General Counsel
You
  • 1
    Office of the General Counsel

    Contact OGC to initiate a data sharing agreement

    A formal data sharing or transfer agreement is required before any data leaves TC. OGC will draft or review the agreement and negotiate terms with the receiving institution.

    Contact the OGC →
  • 2
    Information Security

    Consult with Information Security on transfer method

    InfoSec will advise on the approved method for transferring data to the external institution — including encryption requirements, approved platforms, and any restrictions on the data type being shared.

    Schedule a consultation →
  • 3
    You

    Transfer data using the approved method

    Once OGC has executed the agreement and InfoSec has confirmed the transfer method, you can proceed with sharing. Do not use personal email, Dropbox, or other unapproved tools.

    View approved platforms →

Just arrived at TC

The first few months are the best time to establish secure habits. Here's where to start.

Information Security
You
  • 1
    Information Security

    Schedule a new faculty security consultation

    Meet with the InfoSec team to discuss your research plans, data types, and any compliance obligations you're bringing from a prior institution. We'll help you get set up correctly from day one.

    Schedule a consultation →
  • 2
    You

    Complete required security awareness training

    All TC faculty must complete annual information security awareness training. Access it through the TC Portal — it takes about 30 minutes and covers phishing, data handling, and remote work security.

    Access training →
  • 3
    You

    Review TC's data classification guidelines

    Understanding how TC classifies data (Public, Internal, Confidential, Restricted) will help you make the right decisions about storage and sharing throughout your research.

    View the data classification guide →
  • 4
    Information Security

    Register and encrypt your research devices

    Laptops and other devices used for research must be encrypted and registered with TCIT. Contact the Service Desk or your InfoSec consultant to get this done.

    Contact the Service Desk →

What describes your situation?

Choose the scenario that best matches where you are right now.

Working on a faculty research project

You've been brought onto a faculty member's existing research project as a research assistant or collaborator.

Conducting independent research

You're running your own study — dissertation research, a course-based project, or independent work involving data collection.

Working on a faculty research project

Your faculty advisor leads the compliance process — but you have responsibilities too.

Information Security
IRB
You
  • 1
    You

    Talk to your faculty advisor first

    Your advisor will tell you what data you'll be working with, what your access permissions are, and what security and compliance requirements apply to the project. This is always your first step.

  • 2
    IRB

    Complete CITI training if working with human subjects

    If the project involves human subjects data, you will need to complete CITI training before you can access data or interact with participants. Your advisor can confirm whether this applies to you.

    Visit the TC IRB office →
  • 3
    You

    Complete TC security awareness training

    You may be required to complete TC's security awareness training before accessing research data. Check with your advisor or the Service Desk to confirm.

    Access training →
  • 4
    Information Security

    Contact InfoSec if you handle sensitive data directly

    If you'll be storing, processing, or transferring sensitive research data on your own devices or accounts, reach out to InfoSec for guidance on approved tools and device security.

    Contact Information Security →

Conducting independent research

When you're leading your own study, the compliance responsibilities rest with you — but you don't have to figure it out alone.

Information Security
IRB
You
  • 1
    IRB

    Determine if IRB review is required

    If your research involves human subjects — including surveys, interviews, observations, or existing datasets about people — you likely need IRB review before you begin. Contact the TC IRB office to confirm.

    Visit the TC IRB office →
  • 2
    Information Security

    Schedule a consultation with Information Security

    InfoSec can help you plan how to store and protect your data, select approved tools, and draft the data security section of your IRB protocol. This is especially important if you'll be handling sensitive or identifiable data.

    Schedule a consultation →
  • 3
    You

    Complete your IRB submission

    Submit your IRB protocol — including your data security plan — and wait for approval before beginning data collection. Your faculty advisor or sponsor must be listed on the protocol.

    Visit the TC IRB office →
  • 4
    You

    Use only TC-approved tools for data collection and storage

    Do not use personal cloud accounts, personal email, or consumer apps to collect or store research data. Ask InfoSec or the Service Desk for the current list of approved platforms.

    View approved software →

What describes your situation?

Choose the scenario that best matches your relationship to the research project.

Continuing on a faculty member's project

A TC faculty member is sponsoring your continued access so you can assist with their ongoing research.

Completing your own research project

You graduated before finishing your own research (e.g. dissertation or independent study) and a faculty member is supervising your continued work.

Continuing on a faculty member's project

Access is granted for a default of 4 months. Extensions up to 12 months require InfoSec approval. HR processes the request first — InfoSec is the final sign-off.

Information Security
IRB
HR
You / Faculty Sponsor
  • 1
    You / Faculty Sponsor

    Confirm your faculty sponsor and initiate the request

    Either you or your faculty sponsor can start this process — you both have a TC email address. Confirm with your sponsor that they are willing to vouch for your access, the scope of your role on the project, and an expected end date. Default access is 4 months.

  • 2
    HR

    Submit the affiliate request to HR

    The temporary research affiliate request goes to HR first. HR will process the affiliation and confirm the employment and access basis before passing it along for security review.

    Submit request to HR →
  • 3
    Information Security

    InfoSec reviews and approves resource access

    Once HR approves, InfoSec reviews the request and determines what TC resources and data the affiliate may access. InfoSec is the final sign-off. If you need access beyond 4 months (up to 12 months maximum), that request must be approved by InfoSec at this stage.

    Contact Information Security →
  • 4
    IRB

    Confirm IRB protocol covers your continued involvement

    If the project involves human subjects data, confirm with the faculty sponsor that the IRB protocol still covers your role. If your student status was listed on the protocol, an amendment may be required to reflect your affiliate status.

    Visit the TC IRB office →
  • 5
    You / Faculty Sponsor

    Establish an offboarding plan upfront

    Before access is granted, agree with your faculty sponsor on what happens at the end of the access period: what data you will return or delete, which TC systems you will be removed from, and what happens to any research outputs you've contributed to.

Completing your own research project

Access is granted for a default of 4 months. Extensions up to 12 months require InfoSec approval. HR processes the request first — InfoSec is the final sign-off.

Information Security
IRB
HR
You / Faculty Sponsor
  • 1
    You / Faculty Sponsor

    Confirm your faculty supervisor and initiate the request

    Either you or your faculty supervisor can start this process. Confirm that your supervisor is willing to serve as your sponsor, document the scope of the remaining research work, and agree on an expected completion date. Default access is 4 months.

  • 2
    IRB

    Confirm or amend your IRB protocol

    Confirm with your faculty supervisor that your existing IRB protocol remains active and covers your continued work as an affiliate. If your student status was a condition of the protocol, an amendment may be needed before data collection or analysis can continue.

    Visit the TC IRB office →
  • 3
    HR

    Submit the affiliate request to HR

    HR processes the temporary research affiliate request first, confirming the affiliation basis and access period before routing to InfoSec for final review.

    Submit request to HR →
  • 4
    Information Security

    InfoSec reviews and approves resource access

    InfoSec reviews what TC systems and data you need access to and gives final approval. If your project will take longer than 4 months to complete, request an extended access period (up to 12 months maximum) at this stage — extensions require InfoSec approval.

    Contact Information Security →
  • 5
    You / Faculty Sponsor

    Establish a data and offboarding plan upfront

    Agree with your faculty supervisor on what happens when the access period ends: what data stays at TC, what you may take with you, what gets deleted, and which systems you'll be removed from. Clarifying data ownership now avoids disputes later.

Still not sure where to start?

The Information Security team is happy to help you figure out your next step. · 212-678-3300 servicedesk@tc.columbia.edu

Schedule a consultation
Back to skip to quick links