Information security is at the heart of the UK Data Archive's work.
A rigorous risk management approach informs all our processes, to make sure the information and data we hold maintain their:
- Confidentiality: Our systems and procedures make sure information and data are not made available or disclosed to anyone except those individuals authenticated and authorised to access them. This gives assurance to both data providers and individuals who are the subjects of any information we manage.
- Integrity: We safeguard the authenticity, provenance and completeness of the information assets we manage. Data owners and researchers can rely on the Archive to distribute high quality data which are fit for purpose.
- Availability: Our high-availability IT systems provide resilience, redundancy and reliability. This makes sure information assets are available to researchers as required, subject to access and any confidentiality agreements.
We were the first academic department of a UK University to earn the globally recognised ISO 27001 certification. This allows us to handle secure data on site, and supports secure remote access to these research-rich data. In house, data are classified according to their level of detail, sensitivity and confidentiality, and we have appropriate data handling and access safeguards in place. In conjunction with ISO 27001 certification, the Secure Lab and other mission-critical IT systems hosted by the UK Data Archive also undergo rigorous independent external and internal penetration testing.
We have a systematic, proactive approach to information security management. Strategic and operational security initiatives are prioritised, integrated and audited to make sure vulnerabilities are highlighted and potential threats quickly mitigated.
This gives data owners, data distribution partners and data users confidence - bolstered by independent audits by an accredited ISO 27001 organisation every six months, and a complete re-certification audit every three years. A number of government departments have also carried out surveillance visits to the Archive to clarify our information security regime.
Security is further enhanced by: