Skip to Main Content

Research Data Management (RDM): Storage & Security

One stop shop for all things related to Research Data and how to manage your data throughout its entire lifecycle


As per the Research Data Management Procedure, all researchers must take all reasonable steps to ensure their research data are not vulnerable to unauthorised access and stored securely.

Data Classification

When deciding on storage and access systems, it’s crucial to consider how sensitive the data is. Unauthorised disclosure of sensitive information can cause serious damage to individuals and organisations, so mitigating that risk is critical to the data management planning process and to the ethical conduct of research.


Digital Data Storage

A data storage strategy outlines where and how you’ll store your data as you work through your project. There are many things that should be considered when planning your data storage approach including access and security requirements, the level of data sensitivity, storage costs and any relevant legislation.
Having a good plan for your data storage will ensure that you can avoid:

•    Data loss from human or technical error
•    Data breaches, which may be malicious or accidental
•    Breaching funder or legislative requirements.
•    Collaborator frustration from unforeseen access issues


CDU has developed a storage guide to help students and staff identify the best places to store their research data.

Research Project Data Storage (on SharePoint)


In line with Research Data Management Planning and University research policies and procedures, ITMS offers cloud-based Research Project Data Storage to support your research projects.

Using Microsoft 365 we can offer,

  • SharePoint-based file and document storage enabling secure access from anywhere with an internet connection
  • Secure external sharing with partners inside and outside of CDU
  • Effective collaboration tools when partnered with Microsoft Teams upon request

When the research project has been completed, we can also assist with closing off the repository for you and ensuring that corporate records are handled carefully.

Raise a 'New Request'  in LogIT to discuss your requirements.

A. HDR Students – Access LogIT from the Student Portal

1a. Access your Student Portal

2a. Go to My apps

3a. Select LogIT


B. Staff – Access LogIT from the CDU Portal

1b. Access the CDU Portal

2b. Select LogIT

4. Select I NEED SERVICES from the Service Catalogue


5. In ‘Information & Data’ select the ‘Research Project Data Storage’ box, and click on ‘New Request’


Physical Data

● Consult your supervisor about discipline and/or research group’s protocols for handling physical data.

● If feasible, digitise your physical data as soon as possible - All physical data should have a digital record linked. For example:

- Using a unique identifier (e.g. for physical objects to record samples, locations and storage information digitally.

- Scanning or transcribing hardcopy data onto digital systems.

● Ensure your physical data is kept in a secure, temperature-controlled place away from windows, water pipes and dust.

Data Security

Protect data from unauthorised:

  • Access
  • Use
  • Change
  • Disclosure
  • Destruction

Control access to computers:

  • use passwords and lock your machine when away from it
  • run up-to-date anti-virus and firewall protection
  • power surge protection
  • UPS power supplies
  • utilise encryption
  • on all devices: desktops, laptops, memory sticks, mobile devices
  • at all locations: work, home, travel
  • restrict access to sensitive materials e.g. consent forms and patient records
  • personal data need more protection – always keep them separate and secure


Encryption is the process of converting data into an unreadable code. Only those with the relevant password or decryption key are able to open the encrypted file.
It is recommended to encrypt sensitive data at all times. This applies regardless of whether data are being held on local storage, on network storage, or in the cloud.
Encryption will help ensure your data cannot be accessed by others should anyone attempt to access your files, for example if your laptop or other storage device were lost or stolen.
Generally, data encrypted with some software using an encryption key or passphrase/password can only be decrypted/converted back to its original form using the same method.

Basic principles 
• Applies an algorithm that makes a file unreadable 
• Needs a ‘key’ of some kind (passphrase or / and file) to decrypt


Encrypting Windows computers

Microsoft Windows comes in various versions. The most professional of these "enterprises”, supports whole disk encryption.
Earlier versions of Windows (Windows 7 and Windows 8) support encryption for the professional versions but not for "home" editions.
BitLocker drive encryption should be available on CDU ITMS-managed Windows computers. If your desktop or laptop doesn't have this, contact the CDU ITMS through LogIT.


Bitlocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.


Bitlocker prevents:

•    Offline Attack

Bitlocker prevents the type of attack where a malicious user will take the hard drive from your computer and connect it to another computer so they can harvest your data.

•    LiveCD Attack

If a malicious user boots from an alternate Operating System, either from hard drive or from a removable device such as a LiveCD the disk contents cannot be read.

•    End of Life Leakage

When you re-cycle or dispose of your computer, your data remains encrypted as long as you delete the encryption codes.

Bitlocker does not protect ...

It is a misconception that your password unlocks Bitlocker. Any valid user logging in to the computer decrypts the disk. To protect your computer, you have to make sure that all the users who may log in to it require passwords. Disable all guest login accounts from a BitLocker computer, otherwise hard disk encryption is of no use.


Encrypting macOS devices 

CDU ITMS does not provide support and software to macOS devices.

If you conduct your research on macOS, see this Apple support article. You can create and locally store a recovery key, or from OS X 10.10.5 onwards store this key in your iCloud account.

Read more about Protecting your Mac information with encryption on the macOS user guide.



BitLocker-encrypted drives/volumes can't be accessed from non-Windows operating systems such as Linux or Mac, or older versions of Windows, including XP.

Encrypting an external drive or some removable media using a particular platform/operating system will likely tie it to that platform – for example, a drive encrypted with Windows BitLocker can't be unlocked and read on MacOS.

If you forget or lose the password/passphrase used to encrypt a device in this way, data will not be retrievable.

ITMS can only provide support and assistance on devised provided and managed by CDU.



Recovery Mechanism

A forgotten or lost encryption passphrase or recovery key means you will permanently lose the ability to decrypt and access the encrypted data. For CDU ITMS-managed devices, recovery keys for Windows BitLocker can be managed by CDU ITMS. 

For non-CDU ITMS managed and personal devices, you should store encryption passphrases and recovery keys in a secure and accessible location or service, such as 1Password. CDU ITMS can provide the licence to 1Password upon request through LogIT, provided it is supported by your line manager or a supervisor. 



• Strong passwords are crucial

• Avoid using weak or easy-to-guess passwords and reusing passwords

• Consider password managers, complex passwords or stringing words together to create stronger passwords

It is recommended to use:

  • at least eight characters  or more;
  • contain three of: uppercase characters, lowercase characters, numbers, punctuation/special characters and;
  • not contain or be based on your CDU single sign-on password, account name, your name, or something that can be readily guessed.

• But, remember that you need to be able to remember the passwords!

 Why does this matter?

No matter how good the encryption is that you used, if you use a weak password, the encryption will offer little protection.

A simple way to pick a resilient password that you can remember is to combine at least three or four random unrelated words of four letters or more. In general, the longer the password, the more secure it is.


Sensitive data

Sensitive data might include clinical or critical data, information about a person’s health or details of their private life, information relating to secret or sacred practices, or ecological data that could potentially put vulnerable species, ecosystems or environments at risk of harm or exploitation.

Sensitive data is commonly subject to legal and ethical obligations that impose restrictions on how it is accessed, used and handled. The data often can’t simply be published and made openly accessible.

But metadata records can help with sharing sensitive information, if the records describe the data without directly reporting any of the confidential information.


Publishing Sensitive Data


This ARDC flowchart asks 8 questions that will help you work out when and how to publish sensitive data as openly and ethically as possible.

 The ARDC Guide to Publishing Sensitive Data outlines:

  • The benefits of publishing your sensitive data and metadata can be significant as long as
  • appropriate steps are taken to meet your ethical and legal obligations.
  • Publishing your data and metadata means that others can discover it and cite it. Increasing the
  • visibility of your data this way can lead to new collaborations, improve the impact of your
  • research, and create opportunities for authorship.
  • You can publish a description of your data (i.e. metadata) without making the data itself openly
  • accessible.
  • You can place conditions around access to published data.
Charles Darwin University acknowledges the traditional custodians across the lands on which we live and work, and we pay our respects to Elders both past and present.
CRICOS Provider No: 00300K (NT/VIC) 03286A (NSW) RTO Provider No: 0373 Privacy StatementCopyright and DisclaimerFeedback • ABN 54 093 513 649