Obtaining a Restricted-use License: FAQs
Below you will find some answers by IES Data Security Officers to questions about data IES/NCES's data security policy asked by users:
- Would I or my dissertation advisor serve as the Principal Project Officer (PPO)?
The PPO has to have a Ph.D., so your dissertation advisor (PPO) would have to sponsor you.
- Could my dissertation advisor (who is a Full-Time faculty member with a Ph.D.) serve as the Senior Official (SO) or do I need to solicit the assistance of a higher-level administrator at my institution?
The SO that signs the contract (License) has to have the legal authority to sign on behalf your university. This person has to have the legal authority to bind your university to the terms of the contract. Consult with your sponsored projects office or office of grants and contracts to find the SO.
- Regarding the System Security Official (SSO), I am likely to store the ELS data on my personal or work computer, not a computer owned by the college. Who could I get to serve as the SSO in this case? Does the fact that the data will be stored on a non-college computer present any problems for other stages/pieces of the licensing process?
The SSO has to be a full-time employee of the university (students cannot serve in this role). The computer has to be a desktop model and standalone (cannot be connected to a network or internet in anyway). The desktop, standalone computer has to be locked inside a secure room. The original data on CDs has to be under lock and key in the secure room. Only persons listed on the License can have access to the secure room. Since the university signs the License, the secure room has to be located within university owned facilities. The data and computer cannot leave the secure room. No data may ever reside on a laptop computer, external hard-drive, or USB memory stick.
- For the Professional Technical Staff...I am likely to be the only individual who works directly with the data; however, there will be members of my dissertation committee whom I might consult about data issues as I discover them in conducting my research. Would these individuals have to be represented somewhere in the license application (perhaps as signatures on the Affidavits)? At this point, I am not certain of all of the individuals who will be on the committee.
Any person with access to the data, in any form, has to be listed on the License and an notarized affidavit has to be on file with IES for that person(s).
- Would I have to submit my dissertation to the IES security officer before it can be defended and sent to the University of Michigan dissertation database? If so, how long does this part of the process take?
Yes. Allow up to 5 business days for its review; plan on having to revise the paper if IES identifies disclosure risks.
- Roughly how long does it take to obtain the dataset from the time that the application materials for the license are submitted?
Assuming that there are no problems with the online portion of the application and there are no problems with any of the submitted paperwork, the data would be received in less than three weeks.