This page details the information required to be captured to populate the Informatics portion of the collage register of services. This is provisional at the moment awaiting feedback from the CCPAG register of services subgroup.

There are two aspects to the register of services, datasets and services. Datasets cover the data itself, what it represents and where it is located. Services covers how , and by whom, a dataset is accessed. datasets may be accessed by more than one service and conversely a service may access more that one dataset. Assessing sensitivity and risk (the propose of the college register of services) can only be carried out on specific dataset/service combinations (the exact manner in which this is done being one of the things still to be decided).

Information on datasets

Item description type possible values comments
Name A descriptive name for the dataset freeform text -  
Description A short description of what the dataset is freeform text -  
Owning Unit The School Unit or Institute with which the dataset is associated freeform text - May be better to have fixed list of units?
Contact 1 Person who is the first point of contact regarding the data freeform text - or maybe a LDAP DN/UUN to simplify spotting when a responsible person leaves?
Contact 1 email Email address of contact 1 email address -  
Contact 2 backup person to contact regarding the data freeform text - see comments for contact 1
Contact 2 email Email address of contact 2 email address -  
Location The location where the data is stored Drop down list managed machine in internal secure location (i.e. server room)
managed machine in internal insecure location (i.e. office)
internal self managed machine
external self managed machine
external (ie dropbox etc.)
Other
 
Encrypted Is the dataset encrypted Boolean -  
Related Services Services which make use of the dataset TBD - This depends on the eventual representation of the register
High Risk factors Which of the high risk factors apply to the dataset Array of 13 boolean values - See Below
Medium risk factors Which of the medium risk factors apply to the dataset Array of 10 boolean values - See Below
Comments Any comments including further details of "other" mechanisms Freeform text -  

High Risk Factors (from http://www.ed.ac.uk/records-management/data-protection/guidance-policies/encrypting-sensitive-data)

  1. Any set of data relating to 1000 or more identifiable individuals, including, but not limited to students, staff, alumni and research participants
  2. Any set of data relating to more than 50 identifiable individuals that could be used for fraud or identity theft, including, but not limited to, bank account or credit card details, national insurance number, personal contact details, date of birth, salary.
  3. Information relating to more than 50 individuals' performance, grading, promotion or personal and family lives.
  4. Information relating to more than 50 alumni or students' programmes of study, grades, progression, or personal and family lives.
  5. Any set of data relating to 10 or more identifiable individual's health, disability, ethnicity, sex life, trade union membership, political or religious affiliations, or the commission or alleged commission of an offence.
  6. Health records of any identifiable individual.
  7. Substantial reorganisation or restructuring proposals that will have a significant impact on more than 50 individuals before the decision is announced.
  8. Discussion papers and options relating to proposed changes to high profile University strategies, policies and procedures, such as the University's undergraduate admissions policy, before the changes are announced.
  9. Security arrangements for high profile or vulnerable visitors, students, events or buildings while the arrangements are still relevant. This includes door access codes and passwords for access to the University network or other key systems.
  10. Exam questions before the exam takes place.
  11. Non-public data that has the potential to seriously affect any organisation's commercial interests or the University's corporate reputation, such as REF strategy or an external organisation's research information.
  12. Information obtained under a confidentiality agreement where disclosure of the information is likely to seriously affect the University's reputation or lead to an action against the University for breach of confidence.
  13. Information that, if compromised, would substantially disadvantage the University in commercial or policy negotiations.

Medium Risk Factors (from http://www.ed.ac.uk/records-management/data-protection/guidance-policies/encrypting-sensitive-data)

  1. Any set of data relating to more than 50 but less than 1000 identifiable individuals, including but not limited to students, staff, alumni, research participants.
  2. Any set of data relating to 10-50 identifiable individuals that could be used for fraud or identity theft, including, but not limited to, bank account or credit card details, national insurance number, personal contact details, date of birth, salary.
  3. Information relating to 10-50 staff's performance, grading, promotion or personal and family lives.
  4. Information relating to 10-50 alumni or students' programmes of study, grades, progression, or personal and family lives.
  5. Any set of data relating to five to nine identifiable individual's health, disability, ethnicity, sex life, trade union membership, political or religious affiliations, or the commission or alleged commission of an offence.
  6. Information relating to identifiable research participants, other than information in the public domain.
  7. Substantial reorganisation or restructuring proposals that will have a significant impact on 10-49 individuals before the decision is announced.
  8. Information that, if compromised, would disadvantage the University in commercial or policy negotiations.
  9. Non-public data that has the potential to affect any organisation's commercial interests or the University's corporate reputation, such as tender submissions prior to an award.
  10. Information obtained under a confidentiality agreement even if disclosure of the information is unlikely to affect the University's reputation or lead to an action against the University for breach of confidence.

Information on services

Name Description type Possible Values Comments
Name   The name of the service Freeform text -
Description Brief description of what the service is Freeform text -  
Owning Unit The School Unit or Institute with which the dataset is associated freeform text - May be better to have fixed list of units?
May be School or centrally run service
Contact 1 Person who is the first point of contact regarding the data freeform text - or maybe a LDAP DN/UUN to simplify spotting when a responsible person leaves?
Contact 1 email Email address of contact 1 email address -  
Contact 2 backup person to contact regarding the data freeform text - see comments for contact 1
Contact 2 email Email address of contact 2 email address -  
Host Where is the service hosted? Drop down list managed machine in internal secure location (i.e. server room)
managed machine in internal insecure location (i.e. office)
internal self managed machine
external self managed machine
external to University
 
# Users Approximately how many people use the service? integer - Rough figure
# Admins Approximately how many people can create/amend/delete data? integer -  
Role based access Is access to the data granted via membership of a role or group? Boolean -  
Authentication mechanism What Authentication method is used? Drop down list None
Password
Kerberos
Cosign
Other
More options may need to be added
Access method What mechanism is used to access the data? Drop down list Ssh
HTTP
HTTPS
Authenticated file system
MB/CIFS
Other
More options may need to be added
Bulk export enabled? Does the service provide a mechanism to allow easy copying of large amounts of data to another location? Boolean -    
External Users? Do users external to the University use the service? Boolean -  
External User access mechanism How to external users access the data Drop down list Ssh
HTTP
HTTPS
Authenticated file system
MB/CIFS
VPN
Other
More options may need to be added
Comments Any comments including further details of "other" mechanisms Freeform text -  

-- CraigStrachan - 05 Apr 2016

Topic revision: r5 - 12 Mar 2019 - 10:51:57 - TimColles
DICE.ServicesUnitDataRegister moved from DICE.ServicesDataRegister on 05 Apr 2016 - 14:46 by CraigStrachan - put it back
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies