Security & privacy

Information security management is set up as a continuous process of planning and monitoring cycles (plan, do, check, act, PDCA), based on ISO27001. It is within these cycles that plans are drawn up and implemented. The results are evaluated and translated into new plans. Over time, processes and systems can change, but also the environment in which these systems operate, the thread landscape, and policies, guidelines and regulations are subject to change. Because of this, the PDCA-cycle is executed annually. Reference: ‘Regulation annual information security and data protection plan. 20 March 2019’.

The following security and privacy measures are in place for the VRW:

• Zoning and isolation back end services & network. The virtual research workspace resides in a very trusted zone (Baseline Information Security 2021). By default, no direct inbound or outbound traffic will be allowed. No direct internet access;
• Multi factor authentication;
• Federated identity management: login and password management lie within the user’s own institution;
• All data access is monitored and audited;
• Compliant to the GDPR privacy policy;
• Compliant to the UG Baseline Information Security 2021;
• Role based access for layered authorization.

By default, every user will have a 1 GB home drive and collaborative group drive of 100 GB these drives will be backed up conform Service Level Agreement CIT Backup Services. Additional storage can be added on demand. A fair use policy is in effect in regard to overuse.