Skip to content

Security and data handling

This page provides guidelines for the secure use of the platform and the proper handling of research data.

All users are responsible for ensuring that their activities comply with applicable security, data protection, and usage policies.

The platform is designed and operated in alignment with GDPR and ISO/IEC 27001 information security practices.

General security principles

Users must follow these fundamental principles:

  • Use the platform only for approved research activities
  • Access only the resources and data authorized for their project
  • Protect credentials and access keys at all times
  • Report security incidents or suspicious activity promptly

Failure to comply with these principles may result in suspension or revocation of access.

Data handling and authorization

Before using the platform, users must ensure that the data they intend to process is covered by an approved research project and complies with all applicable legal and institutional requirements.

The use of data on the platform is subject to prior authorization and must be consistent with:

  • The scope of the approved project
  • Applicable legal agreements
  • Institutional data protection and security policies

Users must:

  • Use only the services and storage resources explicitly authorized
  • Access only the data necessary for their project activities
  • Avoid transferring data outside the platform without prior authorization
  • Ensure that all data processing activities remain within the approved scope

Additional restrictions may apply depending on the project and regulatory requirements.

Data storage and access

Data must be stored and accessed according to project authorization:

  • HPC storage is intended for active computational workflows
  • S3 storage is used for structured data management and controlled sharing
  • Access to data is restricted to authorized project members

Users must not attempt to access data belonging to other projects.

Data sharing

Data sharing is allowed only within the scope of an approved project.

Users must:

  • Share data only with authorized project members
  • Ensure that recipients are properly authorized
  • Avoid unauthorized data duplication or redistribution

Sharing data outside the platform requires explicit approval.

Data retention and lifecycle

Data must be managed according to project requirements and applicable policies.

  • Data should be retained only for the duration necessary for the project
  • Data no longer required should be removed or archived as appropriate
  • At the end of the project, data may be subject to review and cleanup

Users may be contacted regarding data retention and management.

Secure data transfer

When transferring data:

  • Use approved tools and secure protocols
  • Avoid transferring sensitive data through unsecured channels
  • Verify destination and recipient before transfer

Additional restrictions may apply for external data transfers.

Logging and monitoring

Relevant system and access activities are logged and monitored to ensure:

  • Security of the platform
  • Traceability of operations
  • Compliance with policies and regulations

Logs may be used for auditing and investigation purposes.

User responsibilities

Users are responsible for:

  • Ensuring compliance with security and data protection requirements
  • Using the platform in accordance with approved project scope
  • Protecting data and preventing unauthorized access

Any misuse of the platform or data may result in disciplinary measures.

Incident reporting

If you suspect a security incident or data breach:

  1. Stop the affected activity immediately
  2. Contact platform support as soon as possible
  3. Follow instructions provided by administrators

Timely reporting is essential to limit potential impact.

Next steps