Data Security and Privacy

What data can be stored?

All ORCD current systems are only suitable for storing data with low-level security requirements. This means that they are not to be used to store sensitive data, such as personal information, financial information, or intellectual property. Additionally, they are not to be used to store data that is subject to use agreements that require security controls or audit tracking.

The following data types are suitable for ORCD systems:

• Anything in the low-risk category described at the MIT IS&T data risk classification pages
• Drafts of unpublished research papers and results that are based on low-risk data

Anything else in the medium-risk or higher risk levels of the MIT IS&T data risk classification pages should not be stored or analyzed on current ORCD systems.

If you have any questions about whether your data is appropriate for storing on ORCD systems please feel free to reach out to us at orcd-help@mit.edu.

Where can more sensitive data be processed and stored?

The ORCD team is currently developing a system for more sensitive data. If you have sensitive data and would like to learn about our plans please feel free to get in touch at orcd-help@mit.edu.

Support team access to ORCD system accounts and resources

Support staff may occasionally access accounts of other users to help debug and troubleshoot problems. All access will be limited to the minimum reasonably needed to address a problem. Staff will not share any data or contents beyond the needs for providing adequate systems support and ensuring stability and security of the systems.