Health-RI wiki v4.0 -> consultatie (open tot 03-12-2024)


Requirements table secure processing environment

Req ID

Requirement 

Layer

Topic

MoSCoW

User group

Functional/ non-functional

1

Supports auditing according to Health-RI auditing framework

minimal

Audit and monitoring

M

Data provider

non-functional

2

Provides the minimum level of access logging and monitoring (during all steps involving manipulation or processing of data) needed to inform data subjects about the use of their data

minimal

Audit and monitoring

M

Data subject

non-functional

3

Provides run time optimization to manage costs

use case

Cost management

M

Data user

functional

4

Provides auto-shutdown on a configurable idle time to manage costs

use case

Cost management

M

Data user

functional

5

Provides a user-friendly budgeting, cost management and payment system, compatible with funding sources

minimal

Cost management

M

Data user

functional

6

Provides transparancy about costs, including upfront cost estimates based on configuration choices and current user costs

minimal

Cost management

M

Data user

functional

7

Supports at least asynchronous continuous uploading of data (e.g. from wearable devices, repeated measurements or federated computations)

use case

Data governance

M

Data user

functional

8

Supports version management of datasets

minimal

Data governance

S

Data user

functional

9

Supports access to local institute data repositories and data lakes

use case

Data governance

S

Data user

functional

10

Provides a process for secure export of data and algorithms to trusted repositories for archiving and reproducibility

minimal

Data governance

M

Data user

functional

11

Supports domain and IP whitelisting (trusted data and algorithm repositories for archiving, reproducibility and using up-to-date software)

use case

Data governance

M

Data user

non-functional

12

Supports workflow reproduction

use case

Data governance

M

Data user

functional

13

Supports privacy-preserving data linkage

use case

Data governance

S

Data user

functional

14

Provides automated secure geographically distinct data backup within the SPE

minimal

Data governance

M

Data user

non-functional

15

Supports customization of SPE workflows to support data holder policies

minimal

Data security & privacy

M

Admin

non-functional

16

Only allows downloading of results, data or algorithms after approval by workspace owner/ data holder

minimal

Data security & privacy

M

Data provider

functional

17

Only allows access to specifically managed internet domains and locations

minimal

Data security & privacy

M

Data provider

non-functional

18

Only allows uploading of data or algorithms after approval by workspace owner

minimal

Data security & privacy

M

Data provider

functional

19

Provides a process to close the workspace and/or to retract the access to data after the data permit is expired or the data use agreement has ended

minimal

Data security & privacy

M

Data provider

functional

20

Has sufficient data protection measures in place to process highly sensitive personal data

data classification

Data security & privacy

M

Data provider

non-functional

21

Has sufficient data protection measures in place to process pseudonymized data

data classification

Data security & privacy

C

Data provider

non-functional

22

Provides sufficient data protection (e.g. encryption) in transit

minimal

Data security & privacy

M

Data provider

non-functional

23

Provides data encryption at rest

minimal

Data security & privacy

M

Data provider

non-functional

24

Provides access control to enforce data access policies described in the data access agreements

minimal

Data security & privacy

M

Data provider

non-functional

25

Complies with ISO 27001

minimal

Data security & privacy

M

Data provider

non-functional

26

Provides secure data import from data holder or Health-RI data exchange solution

minimal

Data security & privacy

M

Data provider

non-functional

27

Provides an authorization mechanism for data use

minimal

Data security & privacy

M

Data provider

non-functional

28

Provides lock down process in case of security issues, data leaks or other high impact incidents or risks

minimal

Data security & privacy

M

Data provider

non-functional

29

Provides data encryption in transit between workspaces within SPE

minimal

Data security & privacy

M

Data provider

non-functional

30

Makes use of IAA solutions that ensure identity vetting

minimal

Data security & privacy

M

Data provider

non-functional

31

Makes use of IAA solutions where IdP's enforce best practices for authentication (currently 2-factor authentication with number matching)

minimal

Data security & privacy

M

Data provider

non-functional

32

Provides high performance data transfer (import and export)

use case

Data security & privacy

M

Data user

functional

33

Supports setting up federated data stations using Vantage6

use case

Data Sharing and Collaboration

C

Data user

functional

34

Makes use of IAA solutions that allow for collaboration with industry

use case

Data Sharing and Collaboration

C

Data user

functional

35

Makes use of IAA solutions that allow for collaboration with international researchers

use case

Data Sharing and Collaboration

S

Data user

functional

36

Supports API push and pull requests for automated FAIR data access and transfers

minimal

Data Sharing and Collaboration

C

Data user

functional

37

Provides support for FAIR data points protocols (automated data access and transfers)

minimal

Interoperability & Standards

C

Data provider

non-functional

38

Supports portability of workflows to and from other SPEs, HPC systems and other workspaces within the SPE

use case

Interoperability & Standards

M

Data user

functional

39

Provides scalable compute capacity: flexible starting and stopping of CPUs and GPUs

use case

Performance and Scalability

M

Data user

functional

40

Provides scalable compute capacity: high-speed, API-triggered spin-up of 1000s of workspaces

use case

Performance and Scalability

C

Data user

non-functional

41

Provides scalable compute capacity: secure scale-out to large scale HPC facility

use case

Performance and Scalability

S

Data user

functional

42

Provides scalable, project-optimized storage capacity

use case

Performance and Scalability

S

Data user

functional

43

Provides high-speed storage capacity

use case

Performance and Scalability

S

Data user

functional

44

Provides access to (managed) Docker and/or Singularity container libraries

use case

Performance and Scalability

S

Data user

functional

45

Provides sufficient network speed and RAM to run required software

use case

Performance and Scalability

S

Data user

functional

46

Provides user support on the level of OS

minimal

Support

M

Data user

functional

47

Provides user support on the level of applications specifically installers and license servers

minimal

Support

M

Data user

functional

48

Provides sufficient documentation for user onboarding

minimal

Support

M

Data user

non-functional

49

Provides support for license servers (outbound (whitelisting) and inbound connections). Including support of future co-development of cloud based license servers (microsoft, adobe and others)

use case

Support

M

Data user

non-functional

50

Supports the use of data capturing tools to collect data directly in the SPE

use case

Tools

S

Data user

functional

51

Allows for installation of open-source software

use case

Tools

M

Data user

functional

52

Allows for installation of licenced applications through connection with license servers

use case

Tools

M

Data user

functional

53

Provides a practice environment to experiment with settings

use case

Tools

C

Data user

functional

54

Provides a process for secure installation of open source software, libraries, packages and containers as well as custom code in the correct version

minimal

Tools

M

Data user

functional

55

Provides user-friendly way to get access to the necessary open source software, libraries, packages and containers as well as custom code in the correct version

use case

Tools

M

Data user

functional

56

Provides a process to ensure that software installed from open source libraries is secure

data classification

Tools

M

Data user

functional

57

Provides a dedicated test environment/workspace ("sandbox")

use case

Tools

C

Data user

non-functional

58

Supports the use of Linux operating system

use case

Tools

C

Data user

non-functional

59

Supports the use of Windows operating system

use case

Tools

C

Data user

non-functional

60

Supports the use of Mac operating system

use case

Tools

C

Data user

non-functional

61

Supports the use of institutional licenses for application use

use case

Tools

S

Data user

non-functional

62

Provides licences for application use

use case

Tools

C

Data user

non-functional

63

Supports version management of software linked to external repository (e.g. Github) for reproducibility

use case

Tools

M

Data user

non-functional

64

Provides documentation on where the data resides with respect to GDPR

minimal

Transparancy

M

Data provider

non-functional

65

Security level of every delivered SPE workspace is disclosed and guaranteed by the vendor

minimal

Transparancy

M

Data provider

non-functional

66

Provides documentation on how to configure the SPE for technical and non-technical users

minimal

Transparancy

M

Data user

non-functional

67

Provides documentation on the compute and storage capacity available for the SPE

minimal

Transparancy

M

Data user

non-functional

68

Supports single sign-on

minimal

User friendliness

M

Data user

non-functional

69

Supports federated authentication

minimal

User friendliness

S

Data user

non-functional

70

Could provide a GUI

use case

User friendliness

C

Data user

functional

71

Could provide a command line interface

use case

User friendliness

C

Data user

functional

72

Allows for creation of workspace templates including settings and pre-installed software

use case

User friendliness

C

Data user

functional

73

Provides remote access

minimal

User friendliness

M

Data user

non-functional

74

Supports application workflows: Integration with external application or dedicated workflows through API or message based protocols

use case

User friendliness

C

Data user

non-functional

75

User rights / roles are set by default on the workspace level. All VM's of a workspace have the same user rights depending on the role. 

minimal

User management

M

Admin

non-functional

76

Provides an option to manage user rights on the VM level. 

use case

User management

M

Admin

non-functional

77

Supports different user and admin roles that allow for implementation of the relevant data access policies (e.g. admin rights for data holder and data access rights for data user)

minimal

User management

M

Data provider

non-functional

Â