New Federal Regulations Related to Cybersecurity
Recent changes to federal regulations, including the Federal Information Security
Modernization Act of 2014 (FISMA 2014), have necessitated a different approach to
information security at Purdue for certain sponsored projects.
Contracts for research and other sponsored projects funded by the federal government are including, with greater frequency, specific cybersecurity controls and incident reporting requirements. Projects that have limitations on dissemination of the
results or publication approval by the sponsor are more likely to have these increased
cybersecurity requirements. When these additional security requirements apply, it
is no longer sufficient to simply have good IT security for information systems. In
order to meet the terms and conditions of these contracts, specific controls related to
assessing and managing the risk to information systems must be implemented.
Compliance with these new requirements will, in many cases, also require the inclusion, within the project budget, funds for the increased IT security measures. In
order to identify and address these requirements, Sponsored Programs Services
Pre-Award and Contracting, in consultation with the Office of the Executive Vice
President for Research (EVPRP) and Partnerships and ITaP Security and Policy, are
already reviewing both solicitations and contracts for triggers. When flagged, the
principal investigator may be asked to add IT security costs to the budget and, with
the assistance of personnel from the EVPRP and ITaP Security and policy, draft
and implement an information security plan that meets the increased cybersecurity
ITaP and the Office of Research and Partnerships are currently funding a pilot
program that will provide a compliant environment and develop chargeable rates for
projects impacted by these new requirements. If you have questions about
how these new regulations may impact your research, please contact Mary Duarte
Millsaps, research information assurance officer, at firstname.lastname@example.org.
Online Submission of IRB
Protocols Now Required
The Purdue Human Research Protection Program, known as IRB, announces
that beginning Jan. 4 all requests for an
exempt determination or an expedited
or full committee IRB review need to be
submitted online through the Coeus-Lite grant submission system at https://
No paper or email submissions will be
accepted as of Jan. 4.
Researchers will need to log in with their
career account credentials. Expedited
and full committee protocols are required
to upload a narrative file, in addition to filling out the online questionnaire. General
questions about the online process should
be directed to IRB-Questions@purdue.
For technical questions, use the help
function within the Coeus environment.
Additional information also is available
at the IRB website at https://www.irb.
Any specific feedback should be sent to
EVPRP Announcements and Resources