Research data must be stored on a University‑supported platform such as Isilon (NOC Pitt Data Center), AWS, or Azure with all required controls in place, per the University’s Research Data Protection and Retention policies.
Section IV.C states:
“Research Records must be stored in University‑owned, controlled, or approved resources, facilities, or repositories (e.g., University‑administered servers).”
We can forward your request to the HSRDC, who will recommend the most appropriate storage option based on your use case.
NAS Device Requests
If you are requesting to use a NAS device, please note the following requirements:
HSIT Responsibilities
- HSIT does not configure, maintain, or support NAS devices.
- HSIT will:
- Request activation of the port on the appropriate VLAN.
- Apply necessary firewall rules.
- Request automated monthly vulnerability scans from Pitt Digital Security.
End‑User Responsibilities
End users are fully responsible for NAS ownership, including:
- Configuration, management, and ongoing support
- Installing patches, updates, and security fixes
- Devices not patched within 1 week of a reported vulnerability must be decommissioned
- Responding to vulnerability scan alerts
- Replacing failed hardware or drives
- Agree to backup data to a university approved enterprise location – Enterprise storage, AWS, Azure, at a frequency to minimize data loss and verify the backups are valid
- NAS devices may serve as primary storage only if a verified backup exists on a supported University platform
- No sensitive data, PII/PHI can be stored on NAS devices as they are not in properly secured locations.
- Acknowledging all requirements in writing within the service ticket
- Understanding user‑maintained NAS devices are not valid long‑term storage for research data retention
- Covering all costs for data recovery services or device repairs