Governance & Security
The Edinburgh International Data Facility (EIDF) has different security levels depending on the needs of individual data projects.
At one end of the scale EIDF supports fully open data, at the other it includes independently-governed access to the Scottish National Safe Haven and Scottish Medical Imaging service.
All services provided by EPCC, which operates EIDF, are externally audited and certified under the ISO 27001 information security standard, and the National Safe Haven has been independently approved for government ‘OFFICIAL-sensitive’ data – patient data, census records, work and pensions data etc.
Everyday access and use
Use of EIDF is managed in the same way as use of other services and systems at EPCC, all of which are covered by EPCC’s ISO 9001 accreditation for service quality. All users are associated with one or more projects. Projects are approved in various ways but are championed by a Principal Investigator (PI), who authorises all new users on their projects and is accountable for the project team’s “good behaviour”. PIs often delegate responsibility for day-to-day tasks such as adding users or managing resources to a Project Manager.
A common part of project approval is a check on data usage. Data hosted in the EIDF Data Lake are tagged according to sensitivity and access is managed accordingly. Data brought into private workspaces in EIDF as part of a project get a similar check. Where data are sensitive in some way (for example data under copyright, or de-identified personal data), project PIs must be able to show they have the necessary legal and ethical permissions and data usage agreements in place before the project may go ahead.
On the Data Service Cloud, projects are assigned their own private cloud space, depending on the resources they need. This can be anything from a single Python notebook to a small GPU-enabled cluster. Day-to-day access and security follow standard computer security procedures of strong passwords and access control.
Shared data presented to users in the Analytics-Ready Data Layer is read-only and cannot be changed from the Data Service Cloud.
Data stored in the Data Lake are not directly accessible by users of the Data Service Cloud at all.
Safe Haven access
A “Safe Haven” is a particular area of EIDF that is subject to additional security measures, within which approved users can work with particularly sensitive data such as medical or financial data, survey microdata, or other kinds of personal data.
In terms of computational services, an EIDF Safe Haven looks very much the same as the “regular” EIDF, but with three additional features:
- Information governance. Project approval and user access to a Safe Haven, and all data transfers in and out, go through an independent “gatekeeper”. The information governance team control all aspects of approval of, access to, and disclosure of research results from a Safe Haven project. The information governance team is entirely independent from the University of Edinburgh team that manages EIDF.
- Secure perimeter. The Safe Haven area of EIDF is an entirely separate part of the system with its own additional secure perimeter and hardware firewalling. Two-factor authentication (“something you know”, like a password, plus “something you have”, like an on-request PIN delivered by SMS) is standard on all user accounts. IP whitelisting is also possible as needed.
- Restricted environments. While users of Safe Havens can have most of their familiar data science tools available to them, there are restrictions. While working on sensitive data Safe Haven users have no external access to the Internet, and cut-and-paste copying is disabled. Users can’t install their own software, and software development can only be done as part of a collaborative project between the users, the EIDF and information governance teams.
The National Safe Haven
The National Safe Haven is a unique part of the EIDF run in partnership with the NHS in Scotland and the Scottish Government. The National Safe Haven supports approved research on linked public sector data from health and government sources. Information governance is provided by the eDRIS team within NHS Scotland’s central NSS division, and all project approvals, and any service and system changes, are subject to scrutiny by Scotland’s Public Benefit and Privacy Panel and national Caldicott Guardians.
Private Safe Havens
The same sort of secure environment provided for the National Safe Haven can be recreated elsewhere in EIDF for projects needing similar levels of security assurance. Information governance for private Safe Haven projects is not provided by eDRIS or by EPCC: any project wanting a Safe Haven environment must make appropriate, independent arrangements for information governance. A Safe Haven isn’t a Safe Haven without independent gatekeepers!