It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Data Classification For Your Research Data: Risk Calculation (bèta versie)

Risk Calculation (bèta versie)

Data Classification For Your Research Data

This tool is intended as a quick scan of 4 main security aspects. You can separately check any of the security aspects to get an idea of possible risks related to your research. If the outcome results in medium or high risk level, you are advised to contact RDM Support Desk.

Print Form Reset Form Feed Back

The security risks for your data can vary depending on the form and nature of your data (e.g. raw data, processed data, video data, physical measurements). Therefore, it is recommended to carry out this data classification for every data asset described in your data management plan.

Data asset

(How to Define Data Assets)

Do you collect data from human subjects?

No Yes

Privacy Risk Assessment

Availability Risk Assessment

How readily do your data need to be available to you or your research team?

24/7 Frequently, but not 24/7 (e.g. 9-5, Mon-Fri or always available unless system maintenance is required) Anything less frequent than typical work hours

How long would data need to be unavailable for your research project to suffer serious harm (i.e. not just minor inconvenciences)?

Examples of harm include:

inability to move forward with the research project;
inability to provide data to a third party or grant provider;
breach of contract/legal requirements, such as contractual or legal requirements to share data;
reputational damage to the researcher(s) and the VU, e.g. inability to provide data upon request can lead to retraction of research articles;
inability of temporary staff, such as PhD candidates, to complete work in timely manner, which could damage their professional development;
financial costs due to delays

Up to one hour Up to one day Up to one week Up to one month

Additional information:

Are there specific situations where access to the data absolutely MUST NOT be lost? (e.g. during long computations or during scheduled batch processing)

Yes No

Additional information:

How severely would the research project be harmed if the data are lost? Consider the worst possible scenario, i.e. at the start of data collection, data loss may not be a major issue, but loss of the data is most definitely an issue once data collection is complete

Loss of the data would be a disaster; no recovery is possible Loss of the data is undesirable, but the loss would only mildly impact the research goals, budget or reputations of the researcher and/or the VU Loss of data is not an issue; data can be easily reproduced as needed

Additional information:

How long will the data need to be stored and maintained?

10 years after the last research publication is published 15 years after the last treatment is administered to the participants 25 years after completion of the trial Indefinitely

Additional information:

Integrity Risk Assessment

Do multiple users need to be able to access, utlize and/or edit the data simultaneously, thereby increasing the risk of data corruption and/or unauthorized changes?

No Yes

In what way do the multiple users need to be able to access the data?

All users can access the data concurrently, but the data doesn't need to be edited simultaneously Data must be accessible and editable for multiple users simultaneously

How many users need to access, utilize and/or edit the data on a regular basis?

10 or more 4 to 9 3 or fewer

Additional information:

Have measures to account for data entry error, data cleaning, measurement error, bias and so forth already been addressed in your data management plan and/or research proposal?

Yes No It is not possible to account for these issues

Pro-tip: write a data management plan and make sure to describe how you will address these issues

Additional information:

How severe would the impact on your research be if data become corrupted during storage or unauthorized changes are made to the data after collection?

Examples of harm include:

incorrect research conclusions that result in retractions of published articles, reputational damage and/or erroneous influence on public policy and future research;
financial impact and delay of completion of the research project due to time required to correct the corruption or unauthorized changes

Minimal to none Moderate Severe

Additional information:

If data become corrupted in storage or unauthorized changes are made after collection, could this have a negative impact on your research participants (e.g. inappropriate questions are posed in a follow-up questionnaire; participants need to be contacted repeatedly to correct mistakes etc.)

Yes and the impact is serious Yes, but the impact is minimal No, there is no impact on participants

Additional information:

Confidentiality Risk Assessment

Note that confidentiality risks related to you and your research team's obligations to keep your data confidential. This applies whether or not you are working with data from human subjects and may relate to legal, ethical and/or contractual obligations

If the data in question are not kept confidential, how severely would the VU’s reputation be harmed?

Examples of reputational harm include:

loss of public trust;
loss of trust from external partners; damage to third party relationships
reputational damage to individual researchers

Severely Moderately Minimally

Additional information:

If the data in question are not kept confidential, how severe would the legal and/or contractual liabilities be for the VU (e.g. fines, legal action by third party partners)?

Very severe Moderate severely Minimally to not at all severe

Data Classification For Your Research Data: Risk Calculation (bèta versie)

Risk Calculation (bèta versie)

Data Classification For Your Research Data

Data asset

Do you collect data from human subjects?

Privacy Risk Assessment

How would you describe your participants (multiple answers possible)?

Is the nature of the research something where pregnant women may be judged on their behaviours/health-status, e.g. smoking during pregnancy?

Which of the following best describes the data you are collecting (multiple answers possible)?

What kind of health-related/physical data will be collected (multiple answers possible)?

What kind of experimental data will be collected (multiple answers possible)?

What kind of experimental data will be collected (multiple answers possible)?

Are audiovisual recordings made of the observation?

Could the subject matter addressed in the audiovisual data be considered sensitive (i.e. if a person’s answers were made known to others, could it harm the individual)?

Can the participant be directly identified in the audiovisual recoding (i.e. names are stated, faces are recorded etc.)?

Could topics addressed in the questionnaire be considered sensitive (i.e. if a person’s answers were made known to others, could it harm the individual)?

Does the questionnaire collect special types of data (health-related, race/ethnicity, religion/philosophies, sexual preferences, criminal history, union memberships, political opinions) or socio-economic information?

Are there open text fields in the questionnaire?

Is the interview recorded on an audiovisual medium?

Could the subject matter addressed in the audiovisual data be considered sensitive (i.e. if a person’s answers were made known to others, could it harm the individual)?

If the data in question are leaked to the public, could this have a negative impact on the participant(s) (e.g. physical, mental, social or financial harm)?

Additional information:

Availability Risk Assessment

How readily do your data need to be available to you or your research team?

How long would data need to be unavailable for your research project to suffer serious harm (i.e. not just minor inconvenciences)?

Additional information:

Are there specific situations where access to the data absolutely MUST NOT be lost? (e.g. during long computations or during scheduled batch processing)

Additional information:

How severely would the research project be harmed if the data are lost? Consider the worst possible scenario, i.e. at the start of data collection, data loss may not be a major issue, but loss of the data is most definitely an issue once data collection is complete

Additional information:

How long will the data need to be stored and maintained?

Additional information:

Integrity Risk Assessment

Do multiple users need to be able to access, utlize and/or edit the data simultaneously, thereby increasing the risk of data corruption and/or unauthorized changes?

In what way do the multiple users need to be able to access the data?

How many users need to access, utilize and/or edit the data on a regular basis?

Additional information:

Have measures to account for data entry error, data cleaning, measurement error, bias and so forth already been addressed in your data management plan and/or research proposal?

Additional information:

How severe would the impact on your research be if data become corrupted during storage or unauthorized changes are made to the data after collection?

Additional information:

If data become corrupted in storage or unauthorized changes are made after collection, could this have a negative impact on your research participants (e.g. inappropriate questions are posed in a follow-up questionnaire; participants need to be contacted repeatedly to correct mistakes etc.)

Additional information:

Confidentiality Risk Assessment

If the data in question are not kept confidential, how severely would the VU’s reputation be harmed?

Additional information:

If the data in question are not kept confidential, how severe would the legal and/or contractual liabilities be for the VU (e.g. fines, legal action by third party partners)?

Additional information: