Secure My Research
Consulting, tools, and guidance to help TC researchers protect data, meet compliance requirements, and build security into every stage of their research.
The TCIT Information Security team partners with faculty, staff, and student researchers to reduce cybersecurity burdens — so you can focus on what matters most: your research. Whether you are just arriving at TC, launching a new project, or supporting a research initiative as a student, we have resources tailored to your needs. Select your role below to get started.
- Request a security consultation. Meet with the Information Security team to review your research data types, compliance obligations (FERPA, HIPAA, DOE, federal grant requirements), and recommended tools.
- Use this page as your researcher pathway. We'll guide you through the right steps, in the right order, with the right people.
- Review data classification guidelines. Understand how TC classifies data (Public, Internal, Confidential, Sensitive) so you can store and share research data appropriately.
- Check out our templates. The Information Security team has prepared templates for the most common research security needs, including data use agreements and data security plans.
- Review your research devices. Laptops must be TC-managed and encrypted. All other internet-connected devices must meet TCIT's data security standards. Contact the Service Desk for more information.
One-on-One Security Consultation
Schedule a private meeting with the Information Security team to discuss your specific research data and compliance needs.
Request a consultation →Grant & Sponsor Cybersecurity Requirements
Federal sponsors like NIH, NSF, and DoD increasingly include specific cybersecurity clauses in awards. We can help you interpret and fulfill those requirements before and after award.
Talk to InfoSec →Security Awareness Training
Complete your required annual training and explore additional modules on phishing, secure data handling, and remote work security.
Access training →Applications Approved for Research
The Information Security team has conducted data security reviews on all applications listed here.
View Approved Applications →- Identify your data types and sensitivity. Will your project involve human subjects data, health information, federal data, or other regulated content? This determines your compliance obligations.
- Review grant or contract cybersecurity clauses. Many federal sponsors (NIH, NSF, DoD, DoE) include specific cybersecurity requirements. The Information Security team can help you interpret and fulfill these.
- Request a data security plan review. For IRB submissions and grant applications, we can review or co-develop the data security section of your protocol or proposal.
- Design a secure workflow. Before data collection begins, work with us to design storage, access control, sharing, and retention workflows that comply with your data use agreement or sponsor requirements.
- Document your compliance posture. We can help you generate documentation of the security controls in place — essential for audits, IRB renewals, and sponsor reporting.
Data Security Plan Review
Submit your IRB protocol or grant data management plan for a confidential security review before submission.
Request a review →Compliance Guidance
Get help interpreting cybersecurity language in grants, contracts, and data use agreements — including HIPAA, FERPA, CUI, and FISMA requirements.
Ask a question →Secure Workflow Design
Work with our team to design data collection, storage, sharing, and disposal processes that meet your regulatory and sponsor requirements.
Start a conversation →Applications Approved for Research
The Information Security team has conducted security reviews on all applications listed here, so you can focus on your research with confidence.
View Approved Applications →- Understand what data you are working with. Talk with your faculty advisor about the sensitivity classification of your project's data and your specific access and handling obligations.
- Complete required training. If your project involves human subjects, you likely need CITI training through the IRB. You may also be required to complete TC's security awareness training.
- Use only approved tools and storage. Do not store research data on personal cloud services (Google Drive personal, Dropbox, etc.). Ask your advisor or the TCIT Service Desk about approved platforms.
- Protect your devices. Enable encryption and screen lock on any device used to access research data. Report lost or stolen devices to the Service Desk immediately.
- Know how to report an incident. If you suspect a data breach or security incident, contact the TCIT Service Desk right away.
Security Awareness Training
Access TC's required security awareness training and learn how to recognize phishing, handle data safely, and protect your accounts.
Access training →Applications Approved for Research
The Information Security team has conducted security reviews on all applications listed here.
View Approved Applications →Device Security Guidance
Learn how to encrypt your laptop, set up remote wipe, and configure secure settings on devices used for research.
Get device help →Working Remotely or in the Field?
Collecting data off-campus — whether at home, abroad, or in the field — introduces unique risks. Learn how to protect your data and devices when working outside the TC network.
Talk to InfoSec →- Can you help me design a secure data workflow for my project?
- Can I use AI tools to analyze or process my research data?
- Can TC support the cybersecurity requirements in my contract or data sharing agreement?
- Can you review my proposal or IRB protocol for security compliance?
- Are there new data security regulations coming that may affect my research area?
- How do I report a potential data breach or security incident involving research data?
- I collaborate with researchers outside TC — how can we share data securely?
Email the InfoSec Team
Send your question directly to the TC Information Security team. We respond to all research security inquiries.
infosec@tc.columbia.edu →Submit a Support Ticket
Open a ticket through ServiceNow for any IT or security-related request. Our team monitors all incoming tickets.
Open a ticket →Call the Service Desk
Reach the TCIT Service Desk by phone for urgent security concerns: 212-678-3300, Option 2.
Visit TCIT →TCIT Home
Explore the full range of IT services, teams, and resources available at Teachers College.
Go to TCIT →Questions? We're here to help.
TCIT Service Desk · 212-678-3300 · servicedesk@tc.columbia.edu