Health-RI wiki v4.0 -> consultatie (open tot 03-12-2024)

Applications secure processing environment

Owned by Health-RI
Nov 18, 2024
3 min read

DATE: 08-11-2024 STATUS: FOR REVIEW

 

This page provides an overview of secure processing environments that are in use in the Dutch health research landscape. It has not yet been determined whether they meet the minimum requirements in the Requirements for a secure processing environment table.

Secure Processing Environments Summary Table

SPE name and supplier

Specific research theme or generic

Safety Precautions

Governance

Compute and storage capacity

MyDRE 

(anDREa)

Generic

 

  • ISO27001

  • Exportcontrol

  • Importcontrol

  • Access control by workspace admin

  • Not connected to the internet

Data Controller: workspace admin

Processor: anDREa

 

Computation: medium, scalable

Storage: medium

SURF Research Cloud 

(SURF)

Generic

 

  • ISO27001

  • Access control by workspace admin

Data Controller: workspace admin

Processor: SURF

Computation: medium, scalable with HPC Cloud to high

Storage: medium

SANE 

(SURF)

Generic

 

  • ISO27001

  • Exportcontrole

  • Importcontrol

  • Data Holder Access Control (SRAM)

  • Blind environment possible

Data Controller: workspace admin

Processor: SURF

 

Computation: medium, scalable with HPC Cloud to high

Storage: medium

ODYSSEI Secure Supercomputer (OSSC) 

(SURF)

Specifiek: CBS data

  • ISO27001

  • Access management based on CBS microdata criteria

  • CBS measures

Controller: CBS

Processor: SURF

 

Arithmetic: very high

Storage: very high

 

CBS Microdata access 

(CBS)

Generic

  • Exportcontrole

  • Importcontrole

  • Access control with identity vetting

  • Data access based on request process

Controller: CBS and research institute.

Processor: CBS/research institute.

Arithmetic: medium

Storage: medium

Upgrade to Snellius possible (see OSSC description in this table).

MRDM Outcomes Platform  

(MRDM)

Generic

  • ISO27001 certified

 

Data Controller: MRDM

Processor: MRDM

Arithmetic: medium

Storage: medium

cBioPortal 

(Health-RI)

Specifically: Cancer genome data

  • Access control without identity vetting

  • Access to data after authorization of data holder

Controller: depending on host, in NL: Health-RI

Processor: cBioportal

Compute and storage: depending on hosting

Lifelines workspace environment 

Specific: Biobank data

  • according to GDPR

  • Access control without identity vetting

  • Data access based on request process

  • D(M)TA

Data Controller: Data User

Processor: Lifelines

 

Arithmetic: medium

Storage: medium

Lifelines UMCG high performance cluster (HPC) 

Specific: Biobank data

  • according to GDPR

  • Access control without identity vetting

  • Data access based on request process

  • D(M)TA

Data Controller: Data User

Processor: Lifelines

 

Arithmetic: high

Storage: High

Description of secure processing environments

AnDREa MyDRE

A secure environment for storing, processing, and collaborating on data, based on Azure VM. Andrea MyDRE relieves organizations through strict data protection measures. myDRE allows scientists to work in instantly scalable workspaces, where they can process data and perform analysis.

cBioPortal

An open-source software platform for cancer genomics that provides access to molecular profiles and clinical attributes of large-scale cancer genomics projects. The platform offers the possibility for simple analyses. Access to individual datasets will be requested through the PI of the study.

CBS Microdata access

CBS's Remote Access (RA) environment is a secure environment in which data can be processed via Remote Access. Access is provided based on an extensive request process, connection to the RA environment is secured and does not allow connection to the internet, and there is a manual export check for all results exported from the system. There is a possibility to use the Snellius computer, see also OSSC and Snellius.

Lifelines

Lifelines is a biobank and research infrastructure aimed at advancing scientific research into healthy ageing. It collects data and bodily materials from 167,000 people in the Northern Netherlands, which are updated every 5 years and offers researchers a secure working environment and, if necessary, HPC facilities to conduct research on this data.

MRDM Outcomes Platform

The MRDM Outcomes Platform is a turnkey platform that enables healthcare providers worldwide to easily collect, process and analyze data on their outcomes. The platform supports auditing, benchmarking, and research. The platform guarantees the privacy of patients and healthcare providers and stimulates the reusability of existing data and infrastructure.

ODYSSEI Secure Supercomputer (OSSC)

The ODISSEI Secure Supercomputer (OSSC) is an enclave of CBS within the SURF Snellius supercomputer, developed in collaboration with CBS and ODISSEI. This highly secure high-performance computing facility meets strict security requirements, such as the GDPR and the CBS Act. Researchers can analyze sensitive data here without violating the privacy of individuals.

SANE

SANE was developed in collaboration with ODISSEI, SURF and CLARIAH and provides a secure and controlled environment for researchers to analyse sensitive data. SANE is designed to comply with privacy laws and allows researchers to perform analysis without infringing on the privacy of individuals.

SURF Research Cloud

SURF Research Cloud is a portal for efficiently building virtual research environments. These environments can be built using catalog items. SURF Research Cloud offers a flexible solution with the possibility to scale up computing capacity via HPC-Cloud. Capacity and data protection measures depend (in part) on the configuration of the workspace. SANE offers workspaces with a strong focus on data protection.