Storage and security
Storage options
Digital in-project storage
Information Services (IS) can provide each project with up to 1TB of storage free of charge. What does 1TB Cover? This storage will be provided on a centrally held server, mirrored to a separate system (at an alternative location) with periodic backup arrangements in place. This arrangement allows stored data to be protected from component and system failures with the ability to restore from tape for data that was deleted or corrupted.
The digital in-project storage offered by IS will be allocated on a project-by-project basis and access to the relevant directory will be allocated to those identified by the PI of that project. Access to the directory will be password protected and available via a shared drive and devices that support standard webDAV.
To estimate the levels of storage that you might need for your project the “Storage Calculator” spreadsheet is a good starting point.
Additional storage can be purchased and is an allowable cost within the majority of grant applications (as direct costs); additional storage should be charged at £741.32 per TB, pro rata.
Alternatively, if your Department can satisfy IS that equivalent storage facilities are available (in terms of back-up and security), you will not be required to use IS storage. Please contact researchdata@aber.ac.uk for more details. A table of In-project storage standards shows the recommended and bare minimum levels of redundancy and backup which we would advise.
Post-project storage
In the first instance, research data should be offered for deposit and retention in an appropriate national or international data service or subject-specific repository, as advised by the research funder. A list of such repositories is available here. If no such repository is available, datasets should be held within AU.
Information Services (IS) can provide each project with up to 500GB of post-project storage free of charge. Additional storage should be charged at £222 per TB, pro rata.
An individual ‘Dataset’ record should be created within PURE for each discrete dataset within a project independent of data type (digital or physical) or final storage location (external or internal to AU). Details of where the data is held should be included within the record and a copy of the digital dataset should be uploaded to the PURE record where deposit within an external repository was not possible. Where appropriate, records relating to individual datasets from within a single project can be linked within PURE via the ‘Relations’ functionality. Any data which is retained outside of AU for example, in an international data service or subject-specific repository, should still be registered with the University via PURE.
In the case of hardcopy data (for example: lab books; sketchbooks; notebooks; printed text documents; etc.), where deposit within an external repository was not possible, datasets can be offered for central AU storage or held by the researcher/ department, as long as the stated standards for maintaining secure storage described below are upheld. Where possible, all of the physical datasets pertaining to a particular project should be presented in a single collection for storage. A copy of the PURE record should be printed and stored with the physical dataset. Additional description may be necessary if the data is to be stored centrally. The AU Records Manager can advise on this (records@aber.ac.uk).
In the instance of an individual leaving the University, a copy of any data produced should be offered for central storage.
Maintaining secure storage
Hardcopy (physical) data
All data should be stored in a method that allows the integrity of the data to be maintained so it remains useable. Therefore, it should be kept in a way that keeps it physically protected from destructive elements such as water, fire, etc.
Arrangements need to be made to ensure the safe keeping and protection of data that relates to intellectual property rights, commercial interests, or otherwise protected or sensitive information. Such arrangements should include:
- controlling access to rooms and storage devices where data are held with locks and keys;
- logging the removal of, and access to, media or hardcopy material in storage locations.
Further security measures which should be utilised include:
- imposing non-disclosure agreements for managers or users of confidential data;
- only sending personal or confidential data to other project partners outside of AU via recorded delivery, and only where strictly necessary.
Digital data
You should ensure that arrangements are in place for the safe keeping and protection of data that relates to intellectual property rights, commercial interests, or otherwise protected or sensitive information. The digital in-project storage offered by IS will be allocated on a project-by-project basis and access to the relevant file directory will be allocated to those identified by the PI of that project. Access to the directory will be password protected.
Further security measures which should be utilised include:
- implementing password protection of, and controlled access to, data files, e.g. no access, read only, read and write or administrator-only permission;
- controlling access to restricted materials with encryption;
- imposing non-disclosure agreements for managers or users of confidential data;
- not sending personal or confidential data via email or other file transfer means to other project partners outside of AU without first encrypting them.
PURE Dataset records
It is possible to allocate restrictions of access to the Dataset records held in PURE from full access to confidential/ restricted access to creators/ managers of the dataset. It is also possible to make a record public but to restrict access to any files stored and associated with the records.
Storage hardware
Areas in which servers processing critical or sensitive information should be physically secured to prevent unauthorised access, damage or interference, with overall control achieved by conventional security procedures. Access to such areas should be controlled and restricted to authorised personnel only. This is standard procedure for all IS maintained servers.
If AU storage is not adopted, and protected or sensitive data is to be saved, it is advised that storage utilising servers located outside of the EU (including those located within the US) are not used, as data protection legislation may not be established in such locations.