Information security
Information security is at the heart of the UK Data Archive's work.
We make sure the information and data we hold maintain their:
- confidentiality: our systems and procedures make sure information and data are not made available or disclosed to anyone except those individuals authenticated and authorised to access them. This gives assurance to both data providers and individuals who are the subjects of any information we manage.
- integrity: we safeguard the authenticity, provenance and completeness of the information assets we manage. Data owners and researchers can rely on the Archive to distribute high quality data which are fit for purpose.
- availability: our high-availability IT systems provide resilience, redundancy and reliability. This makes sure information assets are available to researchers as required, subject to access and any confidentiality agreements.
We were the first academic department of a UK University to earn ISO 27001 certification. This allows us to handle secure data on site, and supports secure remote access to these research-rich data. We classify data according to their level of detail, sensitivity and confidentiality, and have appropriate data handling and access safeguards in place. In conjunction with ISO 27001 certification, the SecureLab and other mission-critical IT systems hosted by the UK Data Archive also undergo rigorous independent external and internal penetration testing.
We are highly regarded for our expertise and training in data licensing and research governance, and in research ethics for data sharing and reuse. Where we can we support the needs of large investments and Research Ethics Committees, alongside individual researchers and repository managers.
Three tiers, five safes
We have developed a three-tier data access policy: open, safeguarded and controlled, which applies to all types of data we work with, from surveys to qualitative data to big data sources. It has been adopted by many other data providers, and we have started to apply the principles to our big data work.
For safe use of controlled data in our SecureLab, we use the Five Safes framework:
- Safe data: data is treated to protect any confidentiality concerns
- Safe projects: research projects are approved by data owners for the public good
- Safe people: researchers are trained and authorised to use data safely
- Safe settings: a SecureLab environment prevents unauthorised use
- Safe outputs: screened and approved outputs that are non-disclosive
It has been adopted by a range of secure labs, including the Office for National Statistics.
Security is further enhanced by:
- all staff and others who access the Archive's network signing a non-disclosure agreement (PDF)
- staff who access very sensitive information undergoing a Disclosure Scotland check