April 2025

 

To everyone who rolled up their sleeves and helped make the April 2025 Secure Destruction Event a success—thank you! It’s events like these that help remind folks about sensitive information that sits on systems and the importance of secure disposal! On that topic, the University will be hosting a one day paper and e-waste destruction event called UChicago Community Shred Fest.

 

We were initially informed that hard drives were not being accepted for disposal, so we took the initiative to sponsor a secure collection bin specifically for hard drive destruction. Eduardo Martinez will be on-site to collect and document hard drives and will also have equipment available to physically damage the drives for added data security and peace of mind for those who request the need. More information regarding this event can be found here:

Spring Shred Fest | The University of Chicago

Regarding destruction of hard drives…. For those interested in what R4 does with hard drives once they’re received, here’s a video showcasing one of the machines they use in their destruction process: https://www.youtube.com/watch?v=QkHD2qd7icM

This month, we’re turning the spotlight on the BSD IT Teams. Let’s be honest: a lot of people don’t know who the BSD IT teams are or what they do behind the scenes. So, we’re pulling back the curtain a bit to give everyone a better look at the teams and the services they offer that folks might not even know they have access to. Ensuring that this information is shared with everyone helps us all comply and demonstrate our efforts of awareness and shared responsibilities across all teams.

BSD Information Security Office

The BSD Information Security Office (ISO) is dedicated to protecting the confidentiality, integrity, and availability of BSD’s data, systems, and technology resources. The BSD ISO serves as strategic partners to departments across the organization—offering guidance, tools, and oversight to help reduce risk, ensure compliance, and foster a culture of security awareness. The BSD ISO team works behind the scenes (and sometimes front and center) on everything from incident response and risk assessments to security training, policy development, and the evaluation of new technologies. They also partner closely with IT teams, leadership, researchers, and administrative staff to ensure that security is not a barrier but a built-in part of everyday work. Whether you're navigating a new system, handling sensitive data, or simply have a question about best practices, the BSD ISO is here to help. The BSD ISO is committed to supporting the principles of academic freedom and the free exchange of ideas and to empower our colleagues to work securely, confidently, and collaboratively in today’s evolving digital landscape.

What services does the Information Security Team provide?

  • Risk Management and Compliance

The ISO will provide guidance and tools for implementing process controls on IT-related activities to meet compliance requirements, including support for internal or external audit inquiries related to BSD IT security controls.

Request Risk Management and Compliance Consulting

  • BSD Security Assessment and Authorization (SAA)

The BSD Information Security Office (ISO) can assist you with identifying security requirements with your project and ensure that these systems are protecting your data through the Security Assessment and Authorization (SAA) service.

The goals of the SAA processes are to provide a consistent approach for identifying and quantifying security risks to information systems supporting academic and research activities, and to provide the BSD with a better understanding of the security risks within the BSD network. Click here for more information on the BSD SAA process.

Request Security Assessment and Authorization (SAA)

  • IT Security and Risk Consulting

The ISO will provide consultation to help BSD units respond to security assessment findings; resolve information technology risks, threats, and vulnerabilities; and implement adequate risk mitigation measures. This includes working with departments to establish the security components of projects at any phase of implementation, including security hardware and software to help safeguard data.

Request IT Security and Risk Consulting

  • IT Policy & Standards

The ISO will create, review, and maintain documentation to support information security policies, standards, and guidelines that align with appropriate regulations and industry best practices. Click here for more information on Policies and Standards.

  • Vulnerability Management

The ISO will coordinate access to application scanners and allocate licenses and user accounts to designated business units where there is a demonstrated need for vulnerability scanning. Implementation and support include system scanning of servers, network devices, or workstations. This can be done for individual devices or for whole departments.

Request Vulnerability Management Consulting

  • IT Security Incident Response

The ISO will assist departments in investigating and coordinating appropriate responses for IT security incidents, in collaboration with ITS and UCMIT information security offices, General Counsel, and the HIPAA Program Office.

Report a security concern

  • Security Monitoring

The ISO will automate aggregation, correlation, and analysis of log data from departmental systems, BSD infrastructure, and other key assets. This includes providing real-time analysis of logs and alerts from security devices, network infrastructure, servers, and other key assets by certified security experts.

The Security Event Monitoring system is available to customers 24/7, excluding planned outages, maintenance windows, and unavoidable events.

Request Security Monitoring Consulting

  • Security Awareness and Training

The ISO will provide security awareness educational materials, including printed materials, online learning modules, presentations, and security product demonstrations for faculty, staff, and researchers. Click Here for Phishing awareness.

BSD Technology Solutions & Services

BSDIS - Technology Solutions & Services (TSS) provides specialized end-user support through a team of tech experts embedded directly within departments, offering personalized IT assistance that drives service excellence. These embedded professionals have a deep understanding of the faculty, staff, and the specific clinical or research functions within their departments. TSS delivers both in-person and remote support, working in close collaboration with UCM IT and UChicago ITS to provide a seamless user experience. Acting as a single point of contact, TSS coordinates multiple teams behind the scenes to ensure reliable and efficient service. The team primarily supports basic science and medical researchers based at UChicago and the BSD, with a strong focus on administrative and laboratory needs.

What services does the Technology Solutions & Services Team provide?

  • Solutions Consulting

Leverage our team's collective 200+ years of IT experience. We can connect the right teams to address and resolve your IT-related work and research queries. Request Solutions Consulting

  • Hardware and Software Support

We assist with computing devices like Windows and Mac, along with other endpoint devices such as mobile devices, printers, and IoT devices. Request Endpoint Device Support

  • Software Support

Assistance is available for numerous commercial and BSD software and applications. Contact us for a comprehensive list of supported applications. Request Software Support

  • Audio Visual Services

We directly support 250+ AV-enabled spaces on the UChicago campus. See the list of supported spacesRequest Audio Visual Services

University Trusted Agent Services including:

    • Collaborator Accounts
    • Temporary CNET accounts
    • Guest Wi-Fi access 

Request Additional Support

  • Device Standards

Current device standards for BSD. Last updated, May 2024. Standards are revisited every six months to ensure compliance with industry standard frameworks. 

BSD IT Infrastructure & Operations

The BSDIS IT Infrastructure Team delivers comprehensive IT infrastructure services, including server virtualization, data storage and backup, and expert technical support. The infrastructure equipment is housed in the 6045 and 1155 data centers on The University of Chicago campus. Over the years, infrastructure services have evolved to meet the expanding needs of the BSD user community with a commitment to providing state-of-the-art IT solutions and services within a secure and HIPAA-compliant environment. This ensures that end-users receive robust support and seamless access to essential computational resources.

What services does the BSD IT Infrastructure and Operations Team provide?

  • Secure Departmental/Administrative Data Storage (BSD FS)
    • 507TB of storage for departmental and administrative data

With centralized, automated, encrypted backup and restore

  • Secured and HIPAA-compliant
  • SMB/CIFS Access
  • Backed up nightly with 30 days retention
  • No Transfer Fees
  • $225/TB per year, billed quarterly

Request Secure Departmental/Administrative Data Storage

  • Server Virtualization

Provisioning application, web, and database servers

The infrastructure team supports Microsoft Windows and Red Hat Enterprise Linux (RHEL) Servers in different configurations.

  • OS options: Windows, Red Hat Linux
  • DBMS options: MySQL, PostgreSQL, MS SQL
  • Web server options: Apache, NGINX, Oracle, IIS
  • Backed up nightly with 30 days retention
  • Pricing is based on CPU, memory and storage options

Request Server Virtualization

  • Data Archiving

The storage management solution for moving data that are no longer actively used but still need to be retained for future reference or compliance purposes from primary storage systems to cheaper storage (tape and Azure Blob storage). Data archival service is currently an add-on service for existing CRI Lab Share (RSS) users.

  • IT Solutions Consulting

Expert advice, guidance, and support to BSD researchers regarding their information technology needs. Request IT Solutions Consulting

  • Capacity Planning and Optimization

IT infrastructure management involves forecasting future capacity requirements based on business growth and technological trends. Capacity planning ensures that infrastructure can accommodate increasing demands without performance degradation or significant downtime. Optimization efforts focus on maximizing resource utilization, improving efficiency, and reducing costs through techniques such as virtualization, consolidation, and automation.

  • Disaster Recovery and Business Continuity

Planning and implementing strategies to mitigate the impact of disasters or unexpected events on business operations. This involves creating backup and recovery procedures, implementing redundancy and failover mechanisms, and establishing business continuity plans to minimize downtime and data loss in the event of a disaster.

Solution Delivery Services

The Solution Delivery Services team (SDS) falls under the Office of the Dean for BSD and provides a broad array of services to BSD in the form of project management and business analysis services, database administration, data warehousing, business intelligence and reporting, SaaS management, and custom application development. 

 What services does the Solution Delivery Services Team provide?

  • The Project Management and Business Analysis team provides project management and business analysis services to BSDIS for incoming and ongoing projects supported by BSDIS. This includes working with business owners and stakeholders to gather and document requirements, manage the distribution of tickets to the appropriate technical owners for developing and delivering or managing solutions meeting the requirements of the business. This team also includes application administration (for instance: Advarra’s OnCore Clinical Trial Management System, Academic360, and others).
  • The Database Administration (DBA) and Business Intelligence (BI) team supports the databases that serve the applications, reporting, and business intelligence solutions developed or managed by the SDS team for the BSD. Included in this area is the Academic and Administrative Data Warehouse (AADW), which consolidates data and identifies relationships between that data that exists in many disparate data sources. This area also includes support for developing reports in Tableau as well as empowering the business to explore creating their own reporting. The DBA and BI team also supports a number of integrations where data are both flowing into and out of BSD (for example, integrations with UCM to facilitate provisioning email as well as access to UCM systems [i.e. Absorb, Epic, ServiceNow, etc.], integrations with Workday to ingest BSD-specific personnel data for inclusion in various BSD systems.)
  • The Application Developer team creates custom solutions as needed for requirements that have no third-party solution or where a custom solution is simply preferred and viable. A few applications of note produced by this group are: Collaborator Accounts, BSD HR Forms, Academic360, OGPADb (Office of Graduate and Postgraduate Affairs Database), Argos, and many more. 

Request Solution Delivery Services

Center for Research Informatics

The Center for Research Informatics (CRI) supports biomedical and biological research at the University of Chicago and beyond by providing secure, standards-compliant technologies for data acquisition, storage, analysis, and sharing. CRI’s 35+ member team provides expertise in clinical research informatics, bioinformatics, machine learning, natural language processing, software engineering, custom application development, scientific computing, and scalable research storage. CRI resources are available to all members of the Biological Sciences Division (BSD) and their collaborators. Key partners include the BSD Dean’s Office, the Institute for Translational Medicine, Data for the Common Good, the Institute for Population and Precision Health, the Office of Clinical Research, the University of Chicago Medicine, and other academic and industry collaborators involved in advancing clinical and translational research. Please note that most services come with associated costs as the CRI operates as a federal recharge center. For full details, including current rates and service descriptions, visit the price guide here: CRI Price Guide

What services does the Center for Research Informatics provide?

  • Bioinformatics Core
    • Analysis of high-throughput biological data using standardized pipelines; custom consulting for advanced studies such as GWAS; and development of research-specific software tools.
  • Scientific Computing
    • Access to the Randi HPC cluster, secure data storage, server virtualization, and technical support for rapid, compliant analysis of clinical, translational, and basic science data.
  • Application Development & REDCap
    • Custom software development for research and operational needs.
    • REDCap: Secure, self-managed web platform for electronic data capture; supports the management of studies, surveys, and databases. Educational resources are also provided.
  • Administrative Services
    • Project Management: Oversight and coordination of CRI-supported projects.
    • Consultation: Assistance with grant and IRB writing, cost analysis, letters of support, service level agreements, and manuscript preparation. Ongoing support for REDCap and external hardware integrations.
    • Custom Solutions: Collaborative development of tailored services for research needs not covered by standard offerings.

 

Understanding the full range of services that are offered is more than just helpful—it’s essential. Whether it’s navigating compliance requirements, securing sensitive data, or simply knowing where to turn for support, being informed empowers everyone to work smarter, stay protected, and reduce unnecessary risk. When folks know what’s available to them, they can tap into resources more effectively, avoid reinventing the wheel, and collaborate more efficiently across departments. We’re here to help you succeed, not slow you down!

As we continue to support the organization’s mission, we encourage you to reach out, ask questions, and stay connected with our teams. We're not just here to enforce policies or troubleshoot issues—we’re here to partner with you to create a secure, streamlined environment that supports collaboration and helps everyone succeed.

If you have any topics you would like us to write about in our newsletter, please feel free to drop us a line and let us know by e-mailing security@bsd.uchicago.edu