Keeping data secure : Our commitment to safe working
To access the Integrated Data Service (IDS) you must be an accredited researcher and complete mandatory security training.
Once you are accredited and your project is approved, you will have access to the IDS Hub. This is a secure platform where authorised users can access IDS products and services.
You must also read and sign our Security Operating Procedure (SyOps) and Security Policy, which will be sent to you with your login information.
By signing your SyOps, you are committing to working safely by:
- always logging out of the IDS Hub or locking your screen when you have finished working or step away from your device
- being aware of others and what they can see when you are accessing data in the IDS Hub – keep it private
- only accessing the IDS Hub from an approved location within the UK
- choosing a strong, unique password that is at least eight characters in length and keeping it confidential
- updating the anti-virus software and software on your device regularly
- ensuring you are using a secure internet connection
Responsible safe working
You must always be aware of the sensitivity of the data you are accessing or working on and the rules on how to handle it. This also applies to your role and the legal responsibilities and General Data Protection Regulation (GDPR) compliance associated with it.
This includes making sure that you do not:
- take pictures or videos of your screen whilst using IDS
- print out information from the IDS Hub
- share your location, for example, by geotagging
- post or comment sensitive details on social media about the work you do, data you use or other business details
Do not email information about or available in IDS to a personal email account. Copies of emails are left on every email gateway the email passes through to reach your personal account. Information stored on personal devices do not always have the same security protection that information stored on a corporate device will have.
Be aware of phishing emails. They are often very well disguised as legitimate emails to acquire personal or sensitive information such as:
- usernames and passwords
- bank or credit card details
- confidential information
If you should receive these emails:
- delete the email without clicking on any links or attachments
- forward onto your organisation's cyber security team for analysis