On Friday 13th July 2012 the epiLab-SS secure service underwent a Stage 1 ISO27001:2005 audit by LRQA. The auditor examined the associated Information Security management System that has been developed in conjunction with our cloud-based service. The service is already hosted within a ISO27001 certified data centre (AIMES Grid Services CIC Ltd) offering thin-client access to virtual desktops. Our risk assessment identified the need to develop a formal ISMS in respect of information security practices for users of this service at UCL. This ISMS is an example of the use of data management plans to underpin the risk assessment and continual improvement process for information security and we have chosen to adopt the MRC Data Management Plan template as a standard approach for all registered research projects.

Although this is only the first of two stages of initial audit, the signs are looking good. We satisfied the auditor that our ISMS contained no major non-conformities and, as such, was suitable for progressing to a Stage 2 audit in late September 2012.  A successful audit at Stage 2 then this will mean that the epilab-SS system will be certified as ISO27001 compliant, demonstrating an effective model for use of cloud-based secure services for research datasets that could be replicated in other university research units.

Anthony Thomas and I attended the JISC MRD Programme Launch meeting at the NCL Conference Centre in Nottingham on the 1st and 2nd December 2011 being the two delegates representing the University College London’s project Data Management Planning for Secure Services (DMP-SS).

The event was organised and led by Simon Hodson (JISC program manager) and included a wide range of presentations and workshops on topics such as the application of Digital Curation Centre’s (DCC) tools (DAF, DMPOnline), UMF tools and demos (Brisskit, DataFlow etc) as well as looking into ways to gather and measure benefits and impact (Benefits Framework Tool, Value Chain Impacts Tool).

Anthony and I presented a poster in the session at the end of day 1 our project, DMP-SS, which aims to use and extend existing DDI editors and broking services to act as a core registry of data management plans that can interoperate with both DMPOnline and a locally managed information security management systems.

We have found the event valuable in allowing us to meet people from the other JISC projects, finding out what other people are doing so as to examine potential for reuse, inform them of our aims and current development as well as learn from mistakes of past/completed projects.

On day 2 attended the breakout group for projects with a biomedical/health interest in which a number of very interesting points were introduced and initially discussed with the view to extend the dialog on a shared facility to facilitate collaboration and exchange of ideas. Bill Worthington has blogged about that session in more detail here as well as Jonathan Tedds.

We would like to thank JISC and Simon Hodson for a helpful and well-organised event!