For IT and information-security teams, a RIMS is another system to assess against institutional policy. This is the practical due-diligence checklist research offices should be ready to answer — and CIOs should ask.
Data protection and privacy
- GDPR alignment — lawful basis, data-subject rights, and a data processing addendum available.
- Data residency — configurable region (EU, US, APAC) where policy requires it.
- Encryption — in transit and at rest.
Access and accountability
- Role-based access control with least-privilege defaults.
- Strong authentication for administrators and SSO via SAML/OIDC.
- Full audit logging across system actions.
Operational resilience
- Backups and disaster recovery with a defined posture.
- A clear support and SLA commitment.
- Deployment-model fit — cloud, on-premise, or hybrid per policy; see deployment models.
An honesty note on certifications
Ask precisely what is in place versus aspirational. A trustworthy vendor states clearly which controls exist (encryption, RBAC, audit logging, GDPR alignment) and does not imply certifications it does not hold. Demand the same precision in writing.
Frequently asked questions
Is cloud less secure than on-premise? Not inherently — managed cloud often improves posture; the deciding factor is policy fit and controls.
What should we get in writing? Controls in place, residency options, SLA, and a DPA — part of the RFP evaluation.
Getting started
Discover RIMS provides encryption, RBAC, audit logging, SSO, GDPR alignment, and configurable residency — stated precisely, with a DPA available for IT review.