Your data is secure with EPCC! The UK Research Data Facility, hosted by EPCC. Image: Craig Manzi.
EPCC has recently been certified for the ISO 27001 Information Security standard for all the HPC and Data Services that we run, including ARCHER, Cirrus, the RDF, Farr National Safe Haven and Tesseract. Here at EPCC we aim to be a leader in the secure hosting and management of huge and varied datasets to support data research. For example we host and manage Safe Havens on behalf of the Farr Institute and Scottish Genome Partnership, with a Safe Haven for the Alan Turing Institute under development.
datasets hosted and managed by EPCC. Key to the success of EPCC in providing data services is trust from its customers that it provides best practice in information security and data handling. ISO 27001 certification introduces a framework to deliver best practice and to demonstrate this achievement to our customer and user base.
A Safe Haven is a secure environment in which data is linked and accessed. It provides a high powered computing service, secure analytic environment, secure file transfer protocol for receipt of data, and provision of a range of analytic software. Safe havens allow data from electronic records to be used to support research when it is not practicable to obtain individual patient or subject consent, and protect patient or subject identity and privacy. Data from different sources can be linked to answer specific research questions, subject to the required information governance.
ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
The University of Edinburgh is set to play a key role in the Edinburgh and South East Scotland City Region Deal, delivering the deal’s DataDriven Innovation programme. Underpinning new data innovation hubs across the University will be an exciting new facility for the secure and trustworthy hosting and analysis of huge and varied 10
EPCC has designed an ISMS to provide services and systems to meet the terms of the relevant contracts and agreements with respect to confidentiality, integrity, accessibility and availability. It has also been designed to meet the information security risk appetite of its stakeholders. With ISO 27001 and ISO 9001 Quality Management certifications, we are confident that we have the processes and information security framework which deliver best practice services to our customers and provide a mechanism to continually improve our services to meet customer and user requirements.
Anne Whiting, EPCC a.whiting@epcc.ed.ac.uk
BUSINESS ASSURANCE
MANAGEMENT SYSTEM CERTIFICATION
A value to communicate About ISO 27001 Guidelines with year September 2016
ISO 27001 requires management to: SAFER, SMARTER, GREENER
Systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities, and impacts; Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and Adopt an overarching management process to ensure that the information security controls continue to meet the organisation’s information security needs on an ongoing basis.
