Skip to Main Content

Data Management Plan (DMP) Guide

Learn how to write a data management plan!

Step 4. Data Storage and Security

Where research data is kept and how it is secured during the research process is very important. However, most DMP requirements are more concerned with where the data will be kept after the research project is complete and how others will be able access it. In other words, data preservation and data sharing should take precedence in a DMP.

So, while a very important process of data management, the details of data storage and security are usually only a short portion of a DMP. However, there are exceptions. When security and access to the data is an important concern then it may be appropriate to provide more information.

Another thing to remember is that you don't have to do this alone. IT staff at ISU are experts who know the campus, state, and federal policies. They can help with security and storage, provide cost estimates, set up backup systems, and more. You may already know who to contact, but if you don't, email to get started.

Writing prompts

Who is responsible for the machines and equipment?

Data responsibilities include: physical and virtual security, data backups, hardware failures, data integrity checks, etc.

It is best to have experts support your research IT needs. There are a variety of experts on the Iowa State campus that offer expert and affordable services including data storage, security, website hosting, and more. It is highly suggested that you consult with them to work out details and costs before a grant proposal is submitted.

Example machine and equipment statement of responsibility:
Iowa State University's IT department will assist the PIs in setting up a project server on a centrally managed system. They will also make sure the appropriate amount of security is in place to prevent unrestricted access to the data.

Where will the data be stored?

Regardless of how much data your research will generate you should have a storage system in mind that will meet the needs of the project. While USB drives, hard drives, and disks are cheap and easy solutions they are not secure and can be easily lost or destroyed. It is a good idea to use multiple methods to backup and copy research data.

Example data storage services:

  • Cloud services: CyBox (is the only ISU contracted cloud service at this time).
  • Centrally managed services from ISU ITS: CyFiles, ResearchFiles, CyBox etc.
  • Local storage solutions: PI workstations, lab/project server, CDs, USB drives, portable hard drives, etc.

What level of security does your research project require?

Consulting with an ISU IT professional for this section is highly recommended. Running a local server in your office or lab is not a good solution. It may seem cheaper and easier but accidents and incidents do happen and can have devastating results. Campus IT professionals can help you set up and manage data security and make sure the right safeguards are in place if the worst happens.

Consulting ISU' Data Classification Policy can help you determine the appropriate level of security needed for your research data.

Example of non-research data that should be secured:
Computer and database access logs should be secured as they can contain potentially sensitive information such contact information as well as user id and passwords.

Example of research-data that does not need to be secured:

A spreadsheet with word frequency counts from a corpus of old English texts.


  • DMP requirements are usually more concerned with post-project data storage which ties into data preservation and data sharing.
  • Campus IT professionals can help you set-up and maintain data storage and security. They can also provide cost estimates to help with budget planning.
  • Storing data on a hard drive or a server is neither "data archiving" or "data preservation" (see next section).

decorative image
Need help?

Data Management Questions

IT Questions

Quick Access
Iowa State University DataShare