Past Recordings and Presentations

Overview of RRCoP and planning

Presented By:

  • Carolyn Ellis, University of California, San Diego

  • Erik Deumens, University of Florida

January 12, 2022 | All Hands Meeting | Overview of RRCoP and planning discussions of topics for RRCoP to contribute towards the needs of the community [Presentation | Meeting Recording]

Financials & Cost Model

Presented By:

  • Erik Deumens, University of Florida

  • Preston Smith, Purdue University

February 9, 2022 | Established Institutional Showcase | Financials & Cost Model history of Purdue University and University of Florida. Presentations include: Preston Smith of Purdue University and the 7 years of cost models with the lessons learned. Erik Deumens discusses University of Florida's journey to their current cost model. [Presentation + Q&A | Meeting Recording]

System Security Plan Innovators

Presented By:

  • Eric Gill, Georgia Tech

  • Cal Frye, Case Western Reserve University

March 9, 2022 | Training Topic | System Security Plan Innovators Check out what Georgia Tech and Case Western Reserve University are doing to streamline their SSPs. Eric Gill of Georgia Tech shares how they process and track multiple SSPs in a highly distributed environment. Cal Frye of Case Western Reserve shares and request community feedback on their proposed plan to make their SSP a sustainable, living document. [Presentation + Q&A | Meeting Recording]

Making FAQs & Documentation More User Friendly

Presented By: Anurag Shankar, Indiana University

April 13, 2022 | Established Institutional Showcase | Making FAQs & Documentation More User Friendly Communicating security and compliance to campus researchers is a challenge for institutional cybersecurity. Anurag Shankar from Indiana University talks about how IU is meeting this challenge through its SecureMyResearch service which uses a new approach to weaving security and compliance into research workflows through online documentation and consulting. [Presentation + Q&A | Meeting Recording]

Compliance & Researchers: Teamwork makes the dream work

Presented By:

  • Karen Bell, University of Memphis

  • Jodi Ito, University of Hawaii

May 11, 2022| Researcher Focused Session |Compliance & Researchers: Teamwork makes the dream work |Karen Bell shares how departments at University of Memphis work together to support research compliance and encourage researchers to meet federal requirements. Jodi Ito shares how researcher focused workshops have resulted in stronger relationships through the entire workflow at University of Hawaii. [Presentation + Q&A | Meeting Recording]

Voices from Aligned Communities

Presented By:

    • Carolyn Ellis

    • Michael Corn

    • Sarah Schlagter

    • Jay Gallman

    • Erik Deumens

June 8, 2022 | All Hands Meeting | Updates and contributions from aligned communities Brief updates of the activities happening beyond RRCoP that have impact on this community.

        1. Assorted Updates: RRCoP Website / July Agenda / COGR / FDP

        2. CMMC-Academic Advisory Council (CMMC-AAC)

        3. Association of Export Control Officers (AUECO)

        4. EDUCAUSE 800-171 Compliance Community Group

        5. Coalition for Academic Scientific Computation (CASC)

[Presentation + Q&A | Meeting Recording]

Indiana University's HIPAA Journey & Introduction to HITRUST

Presented By:

  • Anurag Shankar, Indiana University

  • Michael Parisi, HITRUST

July 13, 2022| Training Topic

HIPAA and Protected Health Information (PHI) have been a presence within healthcare and medical schools since 2005. In the years since, they have been a leaking steadily into central IT and HPC centers as biomedical research computing needs have grown. This month Anurag Shankar from Indiana University talks about how IU implemented HIPAA for its central research cyberinfrastructure in 2007 and how its approach has evolved since then.

HITRUST presents the various resources, tools and solutions available for organizations to leverage in managing risk and compliance in the most efficient and effective way possible. They walk through how their programs allow organizations to “assess once, report many” as it relates to executed one validated assessment to provide assurances over compliance with multiple authoritative sources including HIPAA, NIST, CMMC, ISO, etc.

[Presentation + Q&A | Meeting Recording]

Preparing and Engaging in Third-Party Assessors

Presented By:

  • Erik Deumens, University of Florida

  • Damon Armour, North Carolina State University

August 10, 2022 |Training Topic

Erik Deumens, University of Florida, describes the general flow of the external assessment process by a company or by an Office of Internal Audit. UF has some experience because it has gone through a few of them and is going through one right now. This will be useful for many institutions as more compliance requirements will include assessment by a third party.

Damon Armour, North Carolina State University, presented on recent third party assessments by consulting firms on establishing a more formal IT risk management approach, meeting NIST 800-171 requirements for both DFARS and GLBA compliant environments and maintaining HIPAA Security Rule compliance for a non-academic medical institution. Each assessment resulted in commonalities that were foundational to have an effective compliance, cybersecurity and risk management programs.

[Presentation + Q&A | Meeting Recording]

Compliance Journey

Presented By:

  • Laura Raderman, Carnegie Mellon University

September 14, 2022 |Established Institutional Showcase & Discussion

Compliance Journey

      • Laura Raderman shared Carnegie Mellon University's journey to NIST 800-171 compliance including challenges, developing templates, setting up several enclaves, and the external audits they've participated in.

      • Community Check-in discussion. What should we focus on as a community? Opportunities for engagement. Note: portion was not recorded, but notes do exist following the slide deck.

[Presentation + Q&A | Meeting Recording]

Convenience vs Security

Presented by: Irene Kopaliani and Curt Hillegas, Princeton University

October 12, 2022 | Institutional Showcase

      • “Convenience vs Security” Irene Kopaliani and Curt Hillegas discusses how Princeton University strikes a balance between convenience and security.

[Presentation + Q&A | Meeting Recording]

Debrief from Certified CMMC Professional course

Presented by: Laura Raderman, Carnegie Mellon University

October 12, 2022 | Training Topic

      • “Certified CMMC Professional training key points” Laura Raderman shares her key take-aways and lessons learned after attending "Certified CMMC Professional" course. Are your scoping choices the same as the assessors? Is everything perfectly black and white?

[Presentation + Q&A | Meeting Recording]

Impact of Cybersecurity Compliance on UCF Research Administration

Presented By: Tammie McClellan, University of Central Florida

Wednesday, November 9th, 2022 | Institutional Showcase

[Presentation and Q&A | Meeting Recording]

The UChicago Research Data Strategy and Secure Data Enclave

Presented by: H. Birali Runesha and Steven Aldape, University of Chicago

Wednesday, November 9th, 2022 | Institutional Showcase

The UChicago Security Research Data Strategy (SRDS) and Secure Data Enclave (SDE): The journey and lesson learned.

[Presentation and Q&A | Meeting Recording]

Tales from the IT Policy Office at the University of California

Presented by: Robert Smith, University of California

Wednesday, December 14th, 2022 | Established Institutional Showcase


In this talk Robert Smith, University of California, will cover:

  • How policy is developed and approved at the University of California

    • This will include key roles and a process overview

  • How we engage the community and one really big success

  • Policy tension at UC today and probably at your institution too

  • IT Policy and others, no silos here

[Presentation and Q&A | Meeting Recording]

NIST Guidance Document for Implementing controls on HPC

Presented by: Erik Deumens, University of Florida

Wednesday, January 11th, 2023


  • 1) A debrief from the December Stakeholder Advisory Board presented by Carolyn Ellis, University of California, San Diego

  • 2) NIST Guidance for Implementing controls on HPC Erik Deumens will provide a short status report on CMMC and a preview on work done by NIST on a guidance document for implementing controls on HPC systems.

[Presentation and Q&A | Meeting Recording]