Avoiding ‘Shelfware:’ Building Sustainable Research Compliance Documentation (separate registration is required)

Monday, May 19, 2025 | 8:00AM–4:00PM ET | Harborside Ballroom C, 4th Floor
Session Type: Preconference Workshop
Delivery Format: Additional Fee Program

This full-day, highly interactive research workshop invites participants to strategize their approach to research compliance documentation, particularly System Security Plans (SSPs), by shifting away from static “shelfware” toward sustainable, living documents. Getting to a comprehensive set of documentation might have been a journey. Now, however, participants will need to maintain this documentation between distributed roles and teams. 

Designed as an exploratory and collaborative knowledge exchange, this workshop will bring together diverse perspectives from institutions of various sizes and levels of established, regulated research programs. Workshop participants will identify challenges, share strategies, and co-develop best practices for maintaining SSPs in distributed and dynamic environments.

Since there is no one-size-fits-all approach, valuable insights will be obtained from participants starting their first SSP, from seasoned veterans of regulated research, or from anyone somewhere in the middle. We will collectively map this unsolved challenge together. Some institutions may have some isolated best practices for the long-term management of their compliance documentation, while others are realizing that what worked for an assessment is not what will serve them in the long term.

Participants will have options to work in multiple, facilitated table groups to explore core topics such as:

  • addressing complex SSP hierarchies and inheritance across vendors, institutional policies, enclaves, and labs;
  • distributed responsibilities and shared ownership of compliance documentation, access, consistency, and regular updates across multiple teams;
  • how and when to elevate a change to other distributed members (long-term staffing outage, training needs, new tracking system for export control); and
  • handling multiple regulations, what approaches reuse sustainable documentation without oversharing scope.

Through a blend of facilitated discussions, breakout sessions, and group brainstorming, participants will collaboratively identify barriers, surface innovative solutions, and build possible paths forward toward sustainable compliance. Group discussions, interactive feedback sessions, and collaborative tools will encourage cross-pollination of ideas, ensuring that all voices are heard and best practices are widely shared.

By the end of the workshop, attendees will leave with actionable insights, peer strategies, and a deeper understanding of how to prepare for the next life cycle phase of their compliance documentation as living documents.
 

Presenters

  • Damon Armour

    Director of Information Security, Risk & Assurance, North Carolina State University
  • Erik Deumens

    Senior Director UFIT Research Computing, University of Florida
  • Will Drake

    Principal Security Analyst, Indiana University
  • Carolyn Ellis

    Director, Research Cybersecurity and Compliance, Arizona State University
  • Wendy Epley

    Associate Director of Cybersecurity, Arizona State University
  • Laura Raderman

    Team Lead, Policy and Compliance Coordinator, Carnegie Mellon University
  • Barbara Schnell

    Associate Director Secure Research Computing, University of Colorado Boulder
  • Amy Starzynski Coddens

    Senior Vice President of Training Services, Peak InfoSec LLC