What is NYSPI Active Directory?


Anyone working from NYSPI networks or part of the NYSPI workforce will need a NYSPI Active Directory (AD) account. The NYSPI AD account provides access to NYSPI computers, Internet proxy, incident/service request processes and other Intranet resources. Most NYSPI AD users also receive a e-mail account, but this is not required for staff who are not part of the NYSPI workforce.

How do I get a NYSPI AD account?


CUMC, NYS and RFMH Human resource groups will initiate a request for an account for employees. Volunteers should request accounts through Matt Gold or others supporting NYSPI volunteers. Requests outside these scenarios can be submitted via a "User Accounts and Access" request in the NYS Services Catalog at

How can I use NYSPI AD for authenticating my application?


NYSPI AD is available as an authentication service through a number of technical means -- from Kerberos and LDAP to SAML Federation via ADFS. Discussions about using NYSPI AD services in your applications can be started through an "Ask a Question" request at the NYS Service Portal.

How can I manage my NYSPI password?


The NYSPI Active Directory includes password self-service that lets you reset your password or even gets you a new password if you forget your password, at any hour of the day or night. Visit for details on setting up your self-service access. Or simply visit

What if I need something stronger than a password?


Many researchers and industries now recognize that passwords are insufficient to protect important information. Multifactor authentication (MFA) resolves a wide variety of problems associated with password-only solutions. Multifactor authentication ("MFA") uses multiple proofs of identity to ensure you are authorized to access the service or resource that you are requesting. These proofs include something you know (a secret like a password), something you have (a token, card or device), or something you are (a biometric measurement or representation). NYS supports software and hardware based "tokens" for MFA. NYSPI uses RSA tokens as a "something you have" factor. You can have the RSA token on a smart phone or in a separate hardware device you can keep on a keyring. We recommend the software token for both ease of use, availability (one less thing to forget), and cost. The NYS MFA service typically works in conjuction with an Active Directory, such as the NYSPI AD, to provide identity management with MFA.



What data management services does psyIT provide?

NYSPI's IT group, psyIT, supports data infrastructure services, including Data Storage, both on premise and via cloud file storage platforms and Microsoft SQL relational database hosting. NYSPI may also leverage Oracle database services managed by the centralized NYS IT database team.

What management systems are approved by psyIT?

NYSPI requires that systems supporting NYSPI data be registered. Systems must meet the appropriate standards before being used. Registered systems are listed in our NYSPI Data System Register. NYSPI will automatically accept any CUMC certified systems for NYSPI use.

What is a "system" (a.k.a multi-user system)?


A system, as defined by CUMC and used at NYSPI, is an IT solution which serves a specific purpose and is used by more than one person. This can be as basic as a single server or workstation that is used to store files for a lab or as complex as a set of databases, application servers and applications that all work together to support the work of a team or group. In general, if more than one person uses it, then it is a system or part of a system. If there are multiple pieces involved in a single project, then those pieces together form a single system. A workstation, managed by psyIT or CUMC IT, and used by a single individual, is not a system. (This would be considered an endpoint in CUMC definitions.) Confusing? A little, but just ask and we can help you figure out if something is a system, is not a system or is part of a larger system.

My system isn't listed.  How do I register it?


See the NYSPI System Registration Procedures for details on system requirements. System registration often begin by completing the system survey, found at


When do I need a Data Sharing Agreement

Generally a data sharing agreement is needed when sharing non-public data with individuals or groups who are not named in the research protocol. Consent agreements must also be reviewed to ensure appropriate data sharing.

Data sharing agreements can and should address methods for sharing and protecting data. Data sharing agreements may also address regulatory requirements unique to data originating in particular sites (e.g. data from European sources which may be covered by GDPR regulations.)

How do I share research data with others

While often data sharing occurs through research protocol provisions, sharing outside of the purpose of the protocol may require additional agreements. In partnership with OMH Counsel, NYSPI has developed a standard Data Use Agreement template.

Sharing of PHI requires a HIPAA Business Associates Agreement.

Contact the NYSPI HIPAA Security Official with questions or to initiate those processes.

How do I share research data with NIMH

The NIMH National Data Archive Repository (NDAR) supports mandated uploads of NIMH grant data. Investigators should carefully review NYSPI NIMH NDAR Data Sharing Standard PRIOR to data design and project implementation, to ensure requirements are addressed prior to data collection.

Questions regarding this standard should be directed to psyIT or the IRB.


What data storage options exist at NYSPI?

NYSPI hosts a wide variety of data storage services, depending on the specific needs and sensitivity of the data. These include, traditional on-site file servers and file-exchange "attachment" solutions, as well as several "cloud-based" services, including Dropbox, Google Drive and OneDrive and Sharepoint.

NYSPI also supports local and cloud-based backup services and data replication approaches. psyIT continues to develop and enhance high-performance data storage and backup services in the NYSPI network.

The NYSPI Storage Services whitepaper provides a technical summary of storage selection and services at NYSPI.

What does it cost to provide storage for my team, lab, Area?

The right storage options for your team, lab, research Area or office depends on the types of files and data you use and the types of storage needs you have. A breakdown of shared storage options, including costs, can be found in Shared Storage Pricing guide.

What standard storage solutions can psyIT provide my Office or Lab?

A breakdown of some of the major "unstructured" storage solutions and their strengths and weakness, can be reviewed in the Personal Storage Matrix.

How long do I need to keep my data and files?

Precise retention requirements vary.

Clinical data must be maintained for 6 years per HIPAA. Other regulations may apply under NYS Mental Hygiene or other laws.

Research data must be maintained at least 3 years after the end of the the research project. Longer retention may be required by sponsors or to support ongoing research. Retention should be describe in research protocol documents. (See the CU Guidance on Retention of Research Data document for other critical considerations.

Other business records may be governed by NYS or CUIMC business record policies. 

Information without specific extended retention requirements should be purged within 90 days. This would likely include e-mail correspondence not resulting in official business records; research processing files (e.g. temporary files generated in data processing or analysis); draft reports, articles or other external files not specifically used in research or official work product.

How does psyIT manage shared file services

psyIT manages file services to support Federal National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 (Rev 4) and NIST SP 800-63-3, Federal HIPAA security rule requirements, New York State Cyber Security Policy and Columbia University Irving Medical Center (CUIMC) Information Security Procedures.

NYSPI hosts a secure data center, protected by multi-factor security controls. Systems are maintained for high availability, including encrypted off-site backup and, where appropriate, data replication. File services are restricted to NYSPI internal network sources.

All shared files are logically isolated by distinct business unit (e.g. research area). psyIT provides access only upon written approval by the identified business unit director / data owner, as defined by NYS-S14-013 – NYS Account Management / Access Control Standard.

Access is controlled through the psyIT-managed “Active Directory” account management system, which complies with NYS-S14-006 – NYS Authentication Token Standard and NYS-S14-013.

What are psyIT's standard data retention service options

While psyIT can support custom data retention requirements, standard backup and archive retention schedules are as follows:

Type Retention Frequency
System (server computer) backups 93 days Daily
File service volume backups 93 days Daily
HIPAA file service backups 6 years Daily
Research data volume backups 93 days  Weekly

Cold archives are retained indefinitely but will be reviewed at least annually. 


What hardware solutions are available at NYSPI?

psyIT hosts physical and virtual servers and storage platforms for a broad range of needs. E-mail or open a service request in the Service Portal.


What collaboration solutions exist at NYSPI?

NYSPI has access to several collaboration solutions. The most complete is Microsoft Office 365, which in addition to providing e-mail and calendaring (including shared mailboxes and shared calendar solutions), includes SharePoint, Skype for Business and OneDrive for Business. NYSPI can also use Webex for web and video conferencing services.

Where can I find out more information about Office 365 features?

The NYS Office 365 Knowledge Center is at A SharePoint-specific Knowledge Center is also available, at

What is SharePoint?

SharePoint is a web-based collaboration swiss-army knife. It can be used for simple needs, such as document sharing and collaboration, much like a mapped drive on your computer, or for more complex forms and workflow. These later uses do simulate or replace other traditional custom application platforms, and as such may require advanced skills. but for small workflow and forms needs, resources may be available to develop and support the need. E-mail if you have a workflow or collaboration need and we can discuss SharePoint and/or other solutions.

What is Skype for Business?

Skype for Business, not to be confused with the consumer Skype solution, is a secure instant messaging and collaboration solution for use within the NYS Office 365 environment. Standard instant messaging, network-based chat and file exchange services are available through the client, available for Windows or Mac, or through a browser. Only others in the NYS Office 365 environment may participate in a Skype for Business exchange. Consumer Skype is not secure, introducing risk to the computers and networks involved, and is not appropriate for most NYSPI business. WebEx would be an appropriate alternative for communicating with non-Office 365 users.

Where can I find out more information about WebEx?

A summary of the WebEx service is available at


Where does the NYSPI network exist?

psyIT supports networking services in the Pardes and Kolb buildings and the Psychiatry space in Mailman. These network services further extend to the Apartment 55 and Apartment 46 and Research offices at 3 Columbus Circle. We also manage NYS OMH networks in Pardes and at the Audubon and Inwood clinics. Other NYSPI offices in CUMC spaces are supported by CUMC IT.

Access to the NYSPI LAN is also available via virtual private network (VPN) connection remotely from anywhere in the world.

What is considered "Remote Access"?

For many services, you will be seen as "internal" if you access from a NYSPI-managed network. Access from other networks, including home networks, CUMC and NYP networks, may be seen as external and will require VPN or stronger login, such as an RSA SecurID token.

What sort of network connectivity are available?

NYSPI's network exists in both private wired and wireless networks. Access to these networks require that devices, such as computers and mobile devices, conform to NYSPI policies and standards, as described at Workstations must be registered with psyIT prior to adding to the network. A low-capacity guest wireless network also exists. This network is intended for NYSPI visitors. psyIT, working with NYS Office of Information Technology Services (ITS) client networking group, support several NYS OMH networks in Pardes and outpatient clinical settings.

How do I access CUMC and NYP systems from NYSPI?

NYSPI has negotiated an agreement with CUMC for private network access to approved CUMC and NYP systems. Any computer in the NYSPI network should automatically have private, secure communications with these services.

How do I access NYS systems from NYSPI?

NYS provides a limited set of services directly from the NYSPI network. A wider range of services are available through the NYS Virtual Desktop Infrastructure (VDI). All NYSPI users can access VDI at

How do I access the internet from NYSPI?

NYSPI uses proxy services for access to the Internet. For details, see for details.


Where does the NYSPI network exist?
Check back for details about major software solutions. This will include details about the NYSPI core software solutions, such as Office 365, SAS, SPSS and MATLAB as well as the registry of approved research systems and custom applications and solutions.