What is the SDHS?
The SDHS comprises separate IT infrastructure, and is governed by it’s own Security Policy, developed in collaboration with the Information Governance Office (IGO). It provides:
- A logical network behind a firewall
- File storage
- Hosting for SQL databases
- Hosting for servers
- Hosting for applications
- A transfer server that allows
- transferring PID to or from external collaborators (e.g. clinics)
- publishing anonymised data to standard CSCS network drives
- Printing to nominated, approved network printers that are requested by the study
What standard does the SDHS comply with?
The SDHS is registered under the School of Clinical Medicine’s NHS Information Governance Toolkit as a ‘Hosted Secondary Use Team/Project’, V12 (2014 – 2015), Level 2. See the end of this page for a more detailed description.
Secure Data Hosting Service also operates an information security management system which complies with the requirements of ISO:27001. This is the international standard for information security management.
Clinical School use of this services comes from the share of the Departmental research grant overheads retained by the Clinical School. As different arrangements apply to other University institutions including the MRC Units and CRUK CI, with regard to research overheads, this subsidy will not be available to researchers in these Units/Institute and different charges apply.
Non-CSCS customers (MRC/CRUK) are still welcome to use the service on a chargeable basis. Please note that to be do so, you must be on the University finance system (excluding a college or payment via NHS).
For information about pricing, please see https://cscs.medschl.cam.ac.uk/server-services/secure-data-hosting-service/
How is the SDHS accessed?
The SDHS is accessed via a browser-based Virtual Desktop. Data on the secure storage can be viewed and edited from this remote desktop. It is not possible to copy the data to your local computer, and it is not possible to use applications on your computer to work with data contained within the SDHS. The advantage of this approach is that it allows access from the University, NHS and home computers, without any restrictions required on those computers.
The remote desktop can be made full screen and supports multiple monitors.
Is the Internet accessible from within the SDHS?
No, by default it is not. If your data flows require internet access from within the SDHS then an application for exemption must be made which will be risk-assessed.
How do I apply to use the SDHS?
The Chief Investigator should complete the Application to Store Sensitive Personal Data form and send this, along with the appropriate documentation to the Information Governance Office. After the application has been approved, the IGO will issue a Study ID and the Chief Investigator or the Data Manager must then complete the SDHS Online Application form including the Study ID issued by the IGO. This will generate a job ticket with CSCS, and you will receive a notification.
What can I expect after I have applied?
CSCS must receive an approved PID Storage application form from the IGO, before we can proceed with your application. Once we have this we will contact you to discuss the details submitted in your SDHS application form. Depending on the size of your study, and the complexity of your data flows, we may request a meeting to discuss the implementation.
How long does an application take?
This depends on size of your study and the complexity of your data flows; if you only need to store an Excel spreadsheet for two people, then it setup can be complete in around a week. If you need a custom configuration then we will need to risk-assess the setup before proceeding, which could take a few weeks.
How can I analyse my data within the SDHS?
Ideally data should be anonymised and pushed to the standard network for analysis. If it is not possible to anonymise the data then we can provide physical or virtual servers within the SDHS to provide compute power (at extra cost based on your requirements).
Additional applications may be able to be added to the SDHS environment to meet the needs of studies. If you would like an application to be added then please submit a request to CSCS, after which we will review the suitability of the application to run in the SDHS.
How can I put data into and remove data from the SDHS?
CSCS provide a Transfer Server which can be used to both import and export data from the SDHS. The server provides a publicly accessible web and SFTP interface which can be used by external collaborators to upload data from Clinics/Medical Practices or other external agencies. The Transfer Server can also be used by CSCS users to remove anonymised data from the SDHS for further analysis outside using services outside of the SDHS.
It is expected that users of the transfer server exercise care when moving data. CSCS recommend that all sensitive data transferred in or out of the SDHS is encrypted, at minimum to AES256. As each study is different, the exact process for transferring data should be defined by the Study. CSCS can offer advice on current best practice.
In some studies there may be a requirement for direct connections from the SDHS to external data sources to import information. If your study requires this style of access, please contact CSCS. We can discuss your requirements and evaluate whether we can facilitate your requirements.
How do I request a change to an existing study?
If you would like to request an amendment to your existing SDHS study setup, please complete one of the SDHS Amendment Request forms. Only the relevant Chief Investigator or Data Manager can request changes. This will generate a ticket with CSCS.
Could you provide a summary of the SDHS for my ethics / grant application?
The Secure Data Hosting Service provides a dedicated network, separated from the production network by a firewall, for storing sensitive personal data and hosting computers involved in its management and analysis. All equipment connected to the SDHS must be located in the Clinical School Computing Service’s physically secure server rooms.
Research group applications to store Sensitive Personal Data must be made on a per study basis, whereupon the data flows will be checked to make sure they are appropriate. Once approved, data is migrated to the SDHS network and access is provided by a secure Virtual Desktop (based on Citrix XenDesktop). To access the SDHS users must:
- Have been approved in writing by the Study’s Data Manager
- Read the SDHS security policy
- Signed the SDHS acceptable use policy
- Configured their account with a 15 character password
- Received their 2-factor authentication token
By default there is no internet access from within the SDHS. All data imported or exported to/from the SDHS must be made via the secure transfer server. All transfers are audited.
Any changes to the study, its data flows or staff authorisation levels must be made in writing by the Data Manager to the Clinical School Computing Service.
All new Clinical School policies and policy updates relating to data security and storage are reviewed by the Information Security Oversight Committee prior to approval by the Council of the School and renewal of the NHS IGT in March. Currently the School of Clinical Medicine is registered as a ‘Hosted Secondary Use Team/Project’, Level 2.”
CSCS holds an ISO 27001 certificate to operate an ISMS with the following scope:
“The provision of a secure data hosting service (SDHS) intended for the storage and manipulation of sensitive information specifically Participant or Patient Identifiable Data (PID) which is collected, stored and processed as part of research studies, in accordance with Statement of Applicability Revision 1 07/11/2018”.
The expiry date of certificate of registration of the Information Security Management System – ISO/IEC 27001:2013 is 13/09/2022.
A copy of the certificate is available here: CSCS ISO27001 Certificate