The document summarizes the proceedings of a panel discussion held during the June 2017 COGR (Council on Governmental Relations) Meeting, focused on the challenges faced by research universities in managing, ensuring compliance for, and controlling costs within their data and IT enterprises. The panel comprised senior leaders from noted research institutions, each providing insight into the complexities of adhering to federal regulations such as NIST 171 and the evolving requirements of DFARS, draft FAR, as well as agency-specific mandates. Key concerns included the management of Controlled Unclassified Information (CUI), HIPAA, student records, and sensitive research data, with particular attention to faculty awareness and effective communication among university stakeholders.
The discussion also addressed how compliance obligations influence institutional decisions on which research to pursue, highlighting the risks and financial burdens associated with high-security requirements. The panel explored models for cost reimbursement, strategies for developing robust security plans, and effective practices to balance regulatory compliance with research missions. Overall, the summary reflects a landscape where universities must navigate regulatory uncertainty, escalating costs, and the necessity of fostering institutional collaboration to safeguard data while supporting vital research activities.
