• Jun 25 2024

Comprehensive Audit Shows UK Research Data is Secure

Stock image showing hands working at a laptop, and a stethoscope is on the desk. The image is overlaid with digital imagery of bar graphs and iconography.

LEXINGTON, Ky. (June 24, 2024) — A comprehensive audit shows that research data at the University of Kentucky is secure.

“This audit shows our dedication to ensuring that data housed within our data center is secure and that privacy protections of research data is of upmost importance to our team,” said Tamela Harper, director of operations for the Institute for Biomedical Informatics (IBI) and biomedical informatics project director for the UK Center for Clinical and Translational Science.

IBI facilitates data-intensive, multidisciplinary team science to improve the health of patients and populations, in Kentucky and beyond.

An external audit was performed by the Centric Consulting Group on UK’s Research Enterprise Data Center (R-EDC).

The group measured UK’s data security up against guidelines from the National Institute of Standards and Technology (NIST). NIST is a federal agency within the U.S. Department of Commerce that develops standards, guidelines and best resources for cybersecurity.

The assessment includes review of policies and procedures covering a range of cybersecurity requirements including cryptography, education and workforce development, risk management, privacy and incident response efforts among many other standards.

The audit included assessment of 274 controls and determined that the R-EDC is in line with NIST 800:53 Moderate Standards, which are a set of security controls that are appropriate for systems with a moderate impact level.

Harper and Will Overstreet, UK network engineer and systems security officer, thanked their small team of technical professionals for undertaking such a large project.


The CCTS is supported in part by the NIH National Center for Advancing Translational Sciences through grant number UL1TR001998.  The content is solely the responsibility of the authors and does not necessarily represent the official views of the NIH.


by Lindsey Travis