Information security is at the heart of the UK Data Archive's work.
A rigorous risk management approach informs all our processes, to make sure the information and data we hold maintain their:
We were the first academic department of a UK University to earn the globally recognised ISO 27001 certification. This allows us to handle secure data on site, and supports secure remote access to these research-rich data. In house, data are classified according to their level of detail, sensitivity and confidentiality, and we have appropriate data handling and access safeguards in place. In conjunction with ISO 27001 certification, the Secure Lab and other mission-critical IT systems hosted by the UK Data Archive also undergo rigorous independent external and internal penetration testing.
We have a systematic, proactive approach to information security management. Strategic and operational security initiatives are prioritised, integrated and audited to make sure vulnerabilities are highlighted and potential threats quickly mitigated.
This gives data owners, data distribution partners and data users confidence - bolstered by independent audits by an accredited ISO 27001 organisation every six months, and a complete re-certification audit every three years. A number of government departments have also carried out surveillance visits to the Archive to clarify our information security regime.
Security is further enhanced by: