Information security is at the heart of the UK Data Archive's work. We were the first academic department of a UK University to earn ISO 27001 certification in June 2010.

ISO 27001 is a globally recognised and accepted independent security standard; the Archive's scope covers all our systems, technology, processes, people and IT systems.  In conjunction with ISO 27001 certification, the Secure Lab and other mission-critical IT systems hosted by the UK Data Archive also undergo rigorous independent external and internal penetration testing.

The Archive has a systematic, proactive approach to information security management.  Strategic and operational security initiatives are prioritised, integrated and audited to ensure that vulnerabilities are highlighted and that potential threats are quickly mitigated.

A rigorous risk management approach informs all aspects of the Archive's processes. This ensures the information and data held by the Archive maintain their:

  • Confidentiality: Our systems and procedures ensure that information and data are not made available or disclosed to anyone except those individuals authenticated and authorised to access them. This provides assurance to both data providers and individuals who are the subjects of any information we manage.
  • Integrity: We safeguard the authenticity, provenance and completeness of the information assets we manage. Data owners and researchers can rely upon the Archive to distribute high quality data which are fit for purpose.
  • Availability: The Archive's high-availability IT systems provide resilience, redundancy and reliability. This ensures that information assets are available to researchers as required, subject to access and any confidentiality agreements.

This gives data owners, data distribution partners and data users confidence in the Archive as the curator of the largest collection of digital data in the social sciences and humanities in the United Kingdom.

That confidence is bolstered by independent audits of the Archive by an accredited ISO 27001 organisation every six months, and a complete re-certification audit every three years.