PI Responsibilities at FAS RC

Overview

PIs have a variety of responsibilities at Harvard University.  This document will cover a small subset of these, specific to FAS Research Computing.

WHAT IS A PI? – A PI is someone who has had Continuous or Limited PI rights conferred on them by the university. A PI has and controls their own funding strings in a school that FASRC supports. Co-Investigators are not considered PIs.

This should not be interpreted as a comprehensive list of PI responsibilities at Harvard University or even at FAS Research Computing, this is oriented around information security and reducing risk.

Responsibilities

• PIs are responsible for following all applicable Harvard University policies, including but not limited to Harvard Research Data Security Policy and Harvard Information Security Policy, as well as any requirements in data use agreements (DUAs) or contracts that impact them.
• PIs are responsible for ensuring all accounts they sponsor follow all applicable Harvard University policies, including but not limited to Harvard Research Data Security Policy and Harvard Information Security Policy, as well as any requirements in data use agreements or contracts that impact them.
• PIs are responsible for creating and maintaining accurate Data documentation in the Harvard Compliance System, as required by University policies, and complying with approved data security and management plans.  Guidance on which applications are needed for your data.
• PIs are responsible for submitting FASSE project requests for any data security level (DSL) 3 data they plan to use at FAS RC and keeping associated data in the specific FASSE storage provided for these projects.
• PIs are responsible for informing FAS RC of any changes to Research Administration applications (e.g. DAT12-1234, DUA12-1234, IRB12-1234) governing data they plan to use for their FASSE projects, before moving new data to FAS RC storage for these projects.  This includes informing FASRC before adding data from a new application (e.g. DUA12-1234) to an existing FASSE project.
• PIs are responsible for ensuring that any access they approve complies with all applicable Harvard University policies and DUA or compliance regimes.  For example, among many other scenarios:
  • If a DUA requires informing or obtaining approval from the data provider before providing access to the data, the PI must ensure this is done before they approve the associated FAS RC access
  • If a DUA states that only Harvard staff may have access to the data, the PI is responsible for ensuring they never approve access to non-Harvard members to that data (e.g. external collaborators)
• PIs are responsible for informing FAS RC when an account they have sponsored should be disabled (i.e. if they sponsor the account and the person has left or should otherwise be disabled)
• PIs are responsible for informing FAS RC when any accounts should be removed from groups they manage
• PIs are responsible for informing FAS RC if and when data needs secure disposal/sanitization, either as required by Harvard University policy or a DUA

Upcoming Responsibilities

• Coming soon: PIs are responsible for reviewing accounts they sponsor on an annual basis [1]
• Coming soon: PIs are responsible for reviewing access to groups they manage on an annual basis [1]

[1]:  If you would like to start receiving spreadsheets of accounts you sponsor and group memberships for groups you approve, please contact security@rc.fas.harvard.edu and ask to be set up for account and access review notifications.  FAS RC will start rolling these out in stages, starting in Summer 2023 with a focus on PIs who have protected data / FASSE projects, and expand to cover other PIs (e.g. that only use Cannon / DSL 2 data) over a period of months to a year.