Revisions allow you to track differences between multiple versions of your content, and revert back to older versions.
At the Michigan Education Data Center, we know your goal as a researcher is to crunch the numbers and offer insights that will improve lives. We strive to support researchers throughout the life of their research project. Below are just some of the ways we strive to serve.
Research Proposal Development
Record Matching Overview
Data Security Guidelines
Data made available through the Michigan Education Research Institute describe Michigan's children. It is critical that researchers keep data security at the forefront during every stage. Before submitting a research application, researchers should review these guidelines and work with their institution's IT and data security experts to make sure best practices are followed.
- In most cases, the use of cloud storage (e.g., Box, Dropbox) or work computers will not be approved for data storage. Talk with your institution's IT staff and ask for secured network storage.
- Describe how account management will be used to ensure only approved users have access to the data. Group-based policies (vs. allowing access on a one-off basis) are preferred. Your institution should have a role in issuing accounts that requires personal information (e.g., date of birth, address) to confirm the identity.
- How often will data access be reviewed and updated?
- Describe how you plan to access and analyze the data. We recommend only using "work" computers or remote desktop that are monitored by your institution's IT staff.
- How will you access data from off-campus? Whatever the answer, it should include the use of a VPN or other means to ensure end-to-end encryption of data.
Authentication and authorization are two major components of data security. Authentication is the act of ensuring the person accessing the data is who they say they are. User IDs, passwords and two-factor authentication are all part of the authentication process. One reason we discourage the use of cloud storage solutions such as Box and Dropbox for storing and accessing MERI data is anyone with an email can create an account. Universities and NGOs have rigorous standards to meet before accounts are issued. This ensures each person has one (and only one) account. Without this, account-sharing or switching becomes a concern because it defeats the purpose of authentication! A strong research application may look something like this:
All project team members will access data with a University of Florin user account. The University of Florin uses Windows Active Directory to track and manage user accounts and requires a two-factor authentication step when logging onto U of Florin servers. When off-campus, users will connect to the U of Florin virtual private network (VPN) to access data.
Authorization is the act of ensuring the authenticated person has permission to access the data. The vast majority of authenticated users at an institution are not authorized to access the MERI data because they are not listed on the approved research application! Folder permissions are commonly used as an authorization mechanism. Researchers need to enlist IT staff to development an authorization (permissions) scheme before finalizing a research application. These plans should address the following questions. Who will be responsible for adding and revoking user access? How often will user access be reviewed and updated? What procedures will be followed when a project member departs? A strong research application may look something like this:
U of Florin IT staff will establish a limited-access project directory on network servers to hold MERI data. Only users identified in our research application and the necessary U of Florin systems administrators will have access to these directories. Access requests for new users will managed and requested by the principle investigator and lead project manager. Access for departed team members will be revoked within a week of departure. Access lists will be reviewed quarterly for omissions.