The Principal Project Officer (PPO) and the System Security Officer (SSO) are responsible for ensuring that access to the restricted-use data is limited to authorized users and that these users only use and access the data in the secure project office that is listed on the Security Plan form. In addition, the original version of the restricted-use data shall be set to read-only. The original version of the restricted data should not to be modified or changed. Only extrapolations and reading of the data are permitted.
The PPO shall retain the original version of the subject data and all copies or extracts of the data at the secure project office listed on the Security Plan form and shall make no copy or extract of the subject data available to a non-Licensed person.
The PPO shall not permit removal of any subject data from the secure project office without first getting approval from IES via the amendment process. The data must not be used at a home or provided to a sub-contractor for off-site use. The data must not be used or saved on a laptop computer, network server, external hard drive, or USB/memory stick.
The PPO will ensure that all draft documents containing restricted-use data are sent to IES for a disclosure review prior to disseminating them to non-Licensed persons. All users on the License are responsible for following the IES policy on submitting research publications for IES review.