Today we publish the Information Security Policy, a joint effort by subject matter experts across the SPHN coordinated by Heinz Stockinger, Chief Technology Officer at the SIB Swiss Institute of Bioinformatics. Heinz also chairs the SPHN DCC Working Group that advises on IT infrastructure (storage and HPC) and practical IT security measures for the BioMedIT nodes in SPHN.
This policy clarifies the roles and responsibilities of various parties relative to information security. Additionally, it defines the technical and organizational measures necessary to operate IT infrastructures that support SPHN projects. The policy is complementary to the SPHN Ethical Framework for Responsible Data Processing.
Who should read and follow the policy?
The policy applies to research IT infrastructure providers at Swiss academic institutions (e.g. BioMedIT Nodes), project leaders and data users within SPHN projects and related projects where applicable.
This policy does not apply to IT infrastructures within hospitals since they comply with their own respective policies.
In summary, every SPHN project that uses confidential personal data on one of the BioMedIT Nodes needs to adhere to this policy. A dedicated training is provided to make sure that project leaders, users and system administrators are fully aware of their obligations with respect to the policy as well as related Swiss laws and regulations.
For specific information on information security policies – contact Heinz Stockinger, email@example.com
Read the SPHN Information Security Policy