Research IT

Building an App to Collect Restricted Data?

When building applications, it is important to ensure that they are hosted appropriately. Secure Web Platforms (SWP) is a service offered by Research IT’s Highly Restricted Data Services (HRDS) Team that provides a hosting platform to meet even the strictest data security requirements.

About Secure Web Platforms

Secure Web Platforms (SWP) from the Highly Restricted Data Service (HRDS) is a cloud-based service, designed to securely host research applications and to collect and share data within a security hardened and continuously monitored environment. Utilising AWS, the platform provides scalable and resilient hosting solutions which are tailored to the individual needs of a project. As well as the technical aspects, our team are able to offer guidance and assistance on the governance aspects of hosting restricted data.

An example of a typical SWP project would be a data collection tool for a medical study. Patients would submit data through a website or mobile app, and that data could then be made available to the researchers, clinicians, policymakers or other stakeholders.

When hosting on SWP, you can expect:

  • Fully managed, bespoke hosting infrastructure
  • Full logging, auditing, alerting, access control and monitoring in line with University Technical Security Standards
  • 24 x 7 monitoring and security operations support
  • Automated Health Checks
  • Version control and roll-back of patches and operating system upgrades
  • Immutable deployments with a golden AMI
  • Regular redeployments containing the latest patches and operating system upgrades
  • Load balanced front ends, allowing for deployments without downtime

What you need to know

Due to the diverse requirements and complex nature of projects handling restricted data, we’d strongly recommend engaging with the Secure Web Platforms Team as early as possible in the lifecycle of your research project so we can ensure that the platform suits your needs.

Data Classification

Before considering SWP, it would be helpful to understand the classification of data that your project will likely be dealing with (more guidance on this can be found here). If the data is restricted or above, then SWP would be an appropriate solution.

Data Lifecycle and Management

Before we can begin work on an SWP, we require that a Data Management Plan (DMP) has been completed, in line with the University’s Data Management Policy. This ensures that the fundamental question, such as data handling, storage and destruction have been considered.

In addition, all projects that host restricted data are required by the Information Governance office (IGO) to complete an Information Governance Risk Review (IGRR). Similarly, projects that interact with NHS data may need to follow the Data Safety Protection Toolkit (DSPT). Our team is experienced in navigating these processes and ensuring that best practice is followed and are happy to offer guidance throughout.

Costs

SWP is a chargeable service, and costs must be factored into grant applications. The main areas to consider are:

  • Infrastructure - This is for resources used within AWS. We centralise as many resources as possible, and regularly assess for cost optimisation while still maintaining a focus on security.
  • Staffing - This is typically split into active development time, and a smaller contribution for maintenance throughout the lifetime of the project.
  • Penetration testing - The IGO stipulates that all projects that host restricted data must be tested annually for security vulnerabilities by a third party.

Please reach out to the team and we can provide estimates based on the complexity and requirements of the project.

In Summary

We hope this was a useful overview into Secure Web Platforms. If you would like any additional info, or have a project in mind that might benefit from being hosted in SWP, please contact the HRDS Team.