Best Practices
Data Security
The Data Enclave takes a portfolio approach to data security. A portfolio approach implies diverse security measures working in tandem to safeguard sensitive data. One key element of the Data Enclave security portfolio is internal system and personnel security, which includes employee security requirements, rules of behavior, non-disclosure agreements, and IT system security requirements.
Employee Security Requirements
All NORC Data Enclave employees must undergo annual IT security awareness training in DOC IT policies, procedures, computer ethics, and best practices, in accordance with DOC IT Security Program Policy, section 3.13.
Rules of Behavior Requirements
NORC is in compliance with DOC IT Security Program Policy, section 4.5 and the NIST IT Security Management Handbook, including section 8.3 regarding policy on rules of behavior. The NIST Policy on IT Resources Access and Use must be followed for rules of behavior for this system. Users must sign the rules of behavior prior to receiving authorization to access this system. All NORC employees must sign a Confidentiality/Professional Ethics statement.
Nondisclosure Agreements
In addition to internal NORC confidentiality and ethics statements, all NORC Data Enclave employees must sign project specific Non-disclosure Agreements as specified in Commerce Acquisition Regulation (CAR) 1352.209-72, Restrictions Against Disclosures. This also applies to all researchers.
IT System Security Requirements
NORC is its 5th year of operating under a NIST-approved System Certification and Accreditation (C & A) package, including IT Security Plan and a system certification test plan, as outlined in DOC IT Security Program Policy, Section 6.5.2. NORC's Data Enclave IT Security Plan is fully compliant with the Federal Information Security Management Act, provisions of mandatory Federal Information Processing Standards (FIPS), and meets all of NIST's IT, data, system and physical security requirements.
Virtualization
The Enclave offers a hybrid virtualization solution implementing both VMWare and Citrix.
VMware gives users the flexible access they demand while increasing desktop security, application and data management. It allows the Enclave to easily meet regulatory guidelines and ensure all desktops and applications are up to date and in compliance. It reduces help desk calls and provides higher levels of service to end users.
Citrix liberates users and IT service providers from the constraints of traditional computing, turning IT into an on-demand service, and putting people – not datacenters – at the center of gravity. Through Citrix’s virtualization, server, and security solutions, service providers gain more control over what really matters – delivering critical services, maintaining availability and limiting risk.
Confidentiality
One of the most critical components of the NORC Data Enclave training session is its heavy focus on methods to protect confidentiality as well as disclosure review. Confidentiality and non-disclosure have legal and ethical requirements that are fundamental to the development and implementation of a Data Enclave. The training program has been developed to provide users with a comprehensive understanding of confidentiality and disclosure issues.
Survey Design
Our staff has expertise in the full spectrum of public interest social science research development—including experimental and evaluation designs—from the development of research questions through literature review and assessment of existing and potential data sources, project design, sampling strategies, selection of data collection tools and approaches, validation and quality control, and data analysis.
Data Collection
The Data Enclave leverages NORC’s long history of conducting high quality data collection to support important social science research endeavors. Since the design and operations of a research study are crucial to reliability, validity, and credibility, the data collection team works closely with statisticians and methodologists, and quality assurance specialists to develop high quality data collection activities.
Data Documentation and Processing
The Data Enclave is a leader in the field of data documentation and processing. In conjunction with our partners at Metadata Technology North America and Integrated Data Management Services, we ensure that all data in the Data Enclave meets the most current standards in terms of documentation. In addition, the Data Enclave team has years of experience in data harmonization, linking and quality control.
Data Archiving
The Data Enclave maintains the highest standards in data archiving practices. Our archiving system brings together three core principles of the Data Enclave: the highest possible levels of security, easy access by credentialed researchers and high quality documentation so that the data is discoverable, usable, and replicable.
Data Dissemination
In addition to providing direct access to microdata, the Data Enclave provides a variety of dissemination options, including, but not limited to public use files (with aggregated, perturbed or synthetic data), pre-defined tables, and query based online tools (tables and remote processing).
Researcher Collaboration
In contrast to more traditional data access modalities that do not accommodate the need for research collaboration, the Data Enclave provides a variety of tools to facilitate collaboration. These include: an internal and external collaboration site, online discovery tools, and secure file sharing. In addition, the Data Enclave team strives to promote group identity within research communities.
Data Analysis
NORC researchers are skilled in conducting complex data analyses for evaluation and policy research in the areas of education, health, substance abuse, criminal justice and economics. NORC develops high quality reports that present methods and results and which discuss important policy implications. NORC often collaborates with clients to develop materials that translate research results into meaningful messages for the full spectrum of stakeholders.