Data Management Plans
Most federal granting agencies require a Data Management Plan (DMP) that describes how your research data will be collected, stored, protected, and shared. This page provides a general Cloud statement and resources for building your DMP.
Campus Cloud Statement for DMPs
You may use the following language to describe the UCSB Campus Cloud environment in your DMP:
“Research data will be stored and processed in the UCSB Campus Cloud Landing Zone, a managed cloud environment operated by UCSB IT (ITS-CCID) on Amazon Web Services / Microsoft Azure / Google Cloud Platform. The Landing Zone provides NIST 800-171-aligned security controls, UC Policy IS-3-compliant guardrails, centralized audit logging, data-at-rest and in-transit encryption, and campus network connectivity. The University of California has negotiated enterprise agreements with these providers, ensuring data governance under UC Terms & Conditions.”
Customize this statement for your specific provider(s) and add any project-specific controls (e.g., HIPAA Business Associate Agreement, CUI handling procedures).
Shared Responsibility
The Campus Cloud uses a shared responsibility model. The Cloud Team provides security controls, audit infrastructure, and compliance guardrails. You are responsible for classifying your data, managing access, and following applicable regulations. See Shared Responsibility for the full breakdown.Key Compliance Frameworks
| Framework | Who It Applies To | Next Step |
|---|---|---|
| UC Policy IS-3 | All Campus Cloud accounts | Classify your data; apply appropriate tags |
| NIST 800-171 | Research involving CUI (DoD, NSF, NIH grants) | Request a NIST-compliant account — see Compliance |
| HIPAA | Research involving protected health information | Contact the Cloud Team; a BAA may be required |
| FERPA | Work involving student education records | Classify as P3 minimum; limit access |
DMP Resources
- DMPTool — build your DMP with funder-specific templates
- DMPTool public templates — browse templates from NSF, NIH, DoD, and other agencies
- UC Santa Barbara Library — Data Services
- University of Arizona — Data Sharing & Archiving Best Practices
Archiving and Long-Term Retention
Cloud object storage (AWS S3, Azure Blob Storage, GCP Cloud Storage) is not a long-term archive by default. Plan for data archiving at the conclusion of your project:
- Move data to lower-cost storage tiers (S3 Glacier, Azure Archive, GCP Nearline/Coldline) for infrequently accessed long-term storage.
- For public datasets required by funders, coordinate with the UCSB Library on deposition to an appropriate repository.
- Delete data you no longer need — storage costs continue until data is removed.
For help designing a data lifecycle strategy for your research, contact the Cloud Team.