Standalone Computer for Restricted-use Data

Select this plan if you intend to store and work with restricted-use data on a dedicated standalone computer that will not be used for activity other than the storage and analysis of restricted-use data for the duration of the Restricted Data Use Agreement. Security requirements include a secure, locked location, full-disk encryption, and disabling all network access for the duration of the project. All system and software updates must be made manually, without connecting the computer to the internet. Further requirements: 

  • Data will be stored directly on a standalone, non-networked computer. All network cables will be physically disconnected from the computer, wireless network access will be disabled, and computer network ports will be disabled. The computer will not be connected to any networks nor the Internet for the duration of this research project. 
  • Restricted data files will not be copied or moved out of the secured directory on the computer’s internal hard drive for any reason. 
  • FIPS 140-compliant encryption software will be used for full-disk encryption of the computer used to store and access the data. Note: Folder- or file-level encryption is not sufficient. ICPSR recommends the use of Windows BitLocker or Mac OSX Disk Utility. 
  • The operating system of the local computer will remain in support by its manufacturer for the duration of the project. As of September 2022, Windows 7 is no longer supported, nor is macOS 10.14 (Mojave). The system should be kept up-to-date with all applicable system and application security patches.
  • Data will remain stored in a secure, locked location and will only be accessed by approved researchers from a private room or office. Computer monitor(s) will be oriented to prevent eavesdropping. The computer screen will be set to auto-lock after 15 minutes (or less) of inactivity and all users agree to manually lock the screen or log off from the desktop when stepping away. All users will utilize all applicable security features available within their local computer’s operating system to prevent unauthorized data access, including password-protected user accounts and NTFS permissions. Login credentials will not be shared with others. 
  • Should any security incidents or breaches of this plan occur, the Investigator will notify ICPSR within the time frame specified in the Restricted Data Use Agreement by contacting
  • The Investigator will either renew their Restricted Data Use Agreement or destroy all data at or prior to the conclusion of the Restricted Data Use Agreement.
  • Restricted data will be completely removed from all storage and backups at or prior to the conclusion of the Restricted Data Use Agreement. Use of secure multi-pass erasure software meeting or exceeding DoD 5220.22 M standards is recommended. 
  • Any printed copies of the data will be destroyed (e.g., shredded rather than recycled or placed intact in a waste receptacle) at or prior to the conclusion of the Restricted Data Use Agreement.