Safe Haven security

A “Safe Haven” is a particular area of EIDF that is subject to additional security measures and external information governance, within which approved users can work with particularly sensitive data such as medical or financial records, survey microdata, or other kinds of personal information. EPCC operate Safe Haven environments for a number of partners who provide the overall information governance and control.

In terms of computational services, an EIDF Safe Haven looks very much the same as the “regular” EIDF, but with three additional features:

  • Information governance. Project approval and user access to a Safe Haven, and all data transfers in and out, go through an independent “gatekeeper”. The information governance team control all aspects of approval of, access to, and disclosure of research results from a Safe Haven project. The information governance team is entirely independent from the EPCC team that manages EIDF.
  • Secure perimeter. The Safe Haven area of EIDF is an entirely separate part of the system with its own additional secure perimeter and hardware firewalling. Two-factor authentication (“something you know”, like a password, plus “something you have”, like an on-request PIN delivered by SMS) is standard on all user accounts. IP whitelisting is also possible as needed.
  • Restricted environments. While users of Safe Havens can have most of their familiar data science tools available to them, there are restrictions. While working on sensitive data Safe Haven users have no external access to the Internet, and cut-and-paste copying is disabled. Users can’t install their own software, and software development can only be done as part of a collaborative project between the users, the EIDF and information governance teams.

The National Safe Haven

The National Safe Haven is a unique part of the EIDF run in partnership with the NHS in Scotland and the Scottish Government. The National Safe Haven supports approved research on linked public sector data from health and government sources. Information governance is provided by the eDRIS team within Public Health Scotland, and all project approvals, and any service and system changes, are subject to scrutiny by Scotland’s Public Benefit and Privacy Panel for Health and Social care and national Caldicott Guardians.

Private Safe Havens

The same sort of secure environment provided for the National Safe Haven can be recreated elsewhere in EIDF for projects needing similar levels of security assurance. Information governance for private Safe Haven projects is not provided by eDRIS or by EPCC: any project wanting a Safe Haven environment must make appropriate, independent arrangements for information governance. A Safe Haven isn’t a Safe Haven without independent gatekeepers!