Meridian State UniversityInformation Security & Privacy Offices
Confidential
Security & Privacy Review · Risk Evidence
Secure Research AI Cluster — Review & Risk Register
| Document type | Review + Risk-register entry | Ref. | RR-AI-0142 |
| Prepared by | ISO + Privacy Office | Reviewed by | AI Governance Committee |
| Scope | Cluster deployment & access | Visibility | Confidential |
| Assessed | 2026-03-25 | Re-assess by | 2026-09-25 |
1. Review scope
Assessment of the Secure Research AI Cluster against the institution's security, privacy, and accessibility requirements and the Research RMF profile, prior to renewed accreditation. Covers architecture, access, data handling, and incident readiness.
2. Findings summary
| Critical | 0 | High | 0 |
| Medium | 1 (remediated) | Low | 2 (accepted) |
3. Risk-register entry
Primary risk
Unauthorized egress of regulated research data from the cluster.
Inherent rating
High (likelihood: low · impact: severe).
Mitigations
Network isolation, egress prevention, encrypted storage, per-project segregation, full audit logging.
Residual rating
Low — accepted by the data owner and AI Governance Committee.
4. Medium finding & remediation
A log-retention gap was identified for one storage tier. Remediated 2026-03-28 by extending retention to match policy; verified by the ISO. No evidence of data exposure.
5. Conditions of approval
- Access recertified each term; dormant allocations are revoked
- Any new regulated dataset requires a fresh data-use agreement
- Incident playbook tested annually; next test due 2026-08
6. Decision
Outcome: Accredited to operate for Confidential and Regulated research data, subject to the conditions above and re-assessment by the date shown.
Sign-off
Chief Information Security Officer
Chief Privacy Officer
Data owner / sponsor
Date accredited