Information security at the UT is in good shape. Recently LISA (Library, ICT Services & Archive) obtained two certificates that show that the way data is stored complies with current security standards. The certification proves that the UT is in control of its information security processes and that the confidentiality, integrity and availability of data in the organization is ensured.
Continuity and security
Henk Swaters, manager Demand & Supply Management at LISA is happy with the certificates. ‘Obtaining these certificates proves that we can offer the continuity and security that researchers rightfully expect of us. That we can prove that is, among other things, important for collaboration between the UT and hospitals, who often impose strict demands on organisations that they work with’.
Process
The UT decided to certify its data storage and the associated processes according to the ISO/IEC 27001 and NEN 7510-standards. These are the most commonly used standards for personal and privacy-sensitive data. During the process towards certification, several actions were taken after a baseline measurement to bring the Information Security Management System (ISMS) to the desired level. The ISO/IEC 27001-standard sets demands on the information security of an organization. The NEN 7510-standard mainly concerns the the way an organization treats patient data and, like in the case of the UT, data about persons who make their medical data and their body’s own materials available for research projects.
Challenge
Even after obtaining the certificates LISA continues to critically evaluate its own processes: each year, it will test wether the UT still complies with the demands for the certificates. And the next challenge is already coming up. Henk Swaters: ‘In May of 2018, the new European General Data Protection Regulation (GDPR) goes into effect, replacing the Dutch data protection law (Wet Bescherming Persoonsgegevens, WBP). That has implications for the way we organize things, and we’re working on that now’.
More information
You can find more information about data security on the cybersafety-website. If you have questions about privacy and information security you can always contact your Privacy Contact Person (PCP) or the Security Managers at LISA-DSM. If you have any questions concerning certification you can contact the project coordinator and auditor of this project, Wim Olijslager.
