The Secure Data Hosting Service (SDHS) is managed by the Clinical School Computing Service (CSCS) and is run with the Information Governance Office on behalf of the School. It provides a Safe Haven for members of the School to store sensitive data, including Personally Identifiable Data in a manner compliant with School Policy. Non-CSCS customers are welcome to use the service. The SDHS is run on a cost-recovery basis, and so certain aspects are chargeable.
Applications should be made on a per-study basis; each study will receive it’s own storage space in the SDHS.
Research Studies using Personally Identifiable Data must store it in a Safe Haven approved by the Information Governance Office.
What is the SDHS?
The SDHS comprises separate IT infrastructure, and is governed by it’s own Security Policy, developed in collaboration with the Information Governance Office. It provides:
- A logical network behind a firewall
- File storage
- Hosting for SQL databases
- Hosting for servers
- Hosting for applications
- A gateway website that allows
- transferring PID to or from external collaborators (e.g. clinics)
- publishing anonymised data to standard CSCS network drives
- Printing to nominated, approved network printers
What standard does the SDHS comply with?
The SDHS is registered under the School of Clinical Medicine’s NHS Digital Data Security and Protection Toolkit. See the end of this page for a more detailed description.
How is the SDHS accessed?
The SDHS is accessed via a browser-based Virtual Desktop. Data on the secure storage can be viewed and edited from this remote desktop. It is not possible to copy the data to your local computer, and it is not possible to use applications on your computer on the secure data. The advantage of this approach is that it allows access from from University, NHS and home computers, without any restrictions required on those computers.
The remote desktop can be made full screen and supports multiple monitors.
Is the Internet accessible from within the SDHS?
No, by default it is not. If your data flows require internet access from within the SDHS then an application for exemption must be made which will be risk-assessed.
How do I apply to use the SDHS?
Once the Chief Investigator has submitted the #PID Storage application form to the IGO, the Chief Investigator or the Data Manager must complete the #SDHS Application Form#. This will generate a job ticket with CSCS, and you will receive a notification.
What can I expect after I have applied?
CSCS must receive an approved PID Storage application form from the IGO, before we can proceed with your application. Once we have this we will contact you to discuss the details submitted in your SDHS application form. Depending on the size of your study, and the complexity of your data flows, we may request a meeting to discuss the implementation.
How long does an application take?
This depends on size of your study and the complexity of your data flows; if you only need to store an Excel spreadsheet for two people, then it setup can be complete in around a week. If you need a custom configuration then we will need to risk-assess the setup before proceeding, which could take a few weeks.
My study has been approved. How do I log into the SDHS?
You will receive a notification from the IGO that your access needs to be set up. We will ask for confirmation that you have undertaken Data Protection training in the last 12 months.
We will then get your secure access token (2 factor authentication device) set up.
For additional guidance on accessing and navigating the SDHS, please go to: https://cscs-itsupport.atlassian.net/wiki/spaces/FAQ/pages/21365181/Using+the+SDHS
How can I analyse my data within the SDHS?
Ideally data should be anonymised and pushed to the standard network for analysis. If it is not possible to anonymise the data then we provide a physical computer within the SDHS to provide compute power (at extra cost based on your requirements).
Could you provide a summary of the SDHS for my ethics / grant application?
The Secure Data Hosting Service provides a dedicated network, separated from the production network by a firewall, for storing sensitive personal data and hosting computers involved in its management and analysis. All equipment connected to the SDHS must be located in the Clinical School Computing Service’s physically secure server rooms.
Research group applications to store Sensitive Personal Data must be made on a per study basis, whereupon the data flows will be checked to make sure they are appropriate. Once approved, data is migrated to the SDHS network and access is provided by a secure Virtual Desktop (based on Citrix XenDesktop 7.6). To access the SDHS users must:
- Have been approved in writing by the Study’s Data Manager
- Read the SDHS security policy
- Signed the SDHS acceptable use policy
- Configured their account with a 15 character password
- Received their 2-factor authentication token
By default there is no internet access from within the SDHS. All data imported or exported to/from the SDHS must be made via the secure transfer server. All transfers are audited.
Any changes to the study, its data flows or staff authorisation levels must be made in writing by the Data Manager to the Clinical School Computing Service.
All risks are reviewed annually in February by information governance and technical staff prior to approval by the Council of the School and renewal of the NHS DSP Toolkit in March. Currently the School of Clinical Medicine is registered as approved, ‘Standards Met’.