Research Data Management

OneDrive is Microsoft's personal storage solution, similar to Google Drive and Dropbox, allowing you to store all your personal files securely in one place. OneDrive is provided to you as part of your Microsoft Office license at RCSI. Every user is provided with 1TB of storage on their OneDrive. If you need additional storage capacity, please contact the IT Department with your request.  

As OneDrive is a cloud-based storage solution, you can access your files from anywhere using a web browser (Chrome, Edge etc) or mobile device. For Windows users, OneDrive is linked to a special folder on your RCSI-managed device, which can sync files between your device and your OneDrive cloud storage.

Please note that OneDrive is not backed up. If you delete a file from OneDrive it cannot be recovered.

OneDrive can be used for: 

• Temporary file storage e.g. when you are working on a draft
• Storage of personal data that you want to keep private e.g. to store a key file for a defined period of time

OneDrive should not be used for: 

• Critical data that needs to be accessed by others internally or externally
• Long term storage of data. OneDrive is linked to your email account at RCSI. If you leave RCSI or delete your email account, the contents in your OneDrive will be deleted and cannot be recovered. 
• Data that requires resilience against hardware failure or that requires versioning.

SharePoint is Microsoft's team storage solution and is ideal for team work that involves storing, sharing and collaborating on research data and documents. As SharePoint is cloud-based, you can access your files from anywhere using a web browser (Chrome, Edge etc.) or mobile device. When you access SharePoint, you will be able to see all of the different SharePoint sites that you have access to, for example if you are part of several different project teams. 

SharePoint is particularly suitable for storing data and documentation from research projects, including research tools, lab notes and metadata files. The Principal Investigator of a research project can request a 'Teams site' on SharePoint where they and their team can safely store and access all their project files in a single location. SharePoint sites initially come with 10GB but can be increased. If you need additional storage capacity, please contact the IT Department with your request.

SharePoint provides granular security options down to the file and folder level. The owner of the Teams site has full control privileges to this site - they can add and remove members to the Teams site, as staff come and go from the project. 

SharePoint has a number of data resilience features which makes it a good option for team work:

• Per-site recycle bin: Any files deleted are placed in the site recycle bin for 93 days.
• Backups recycle bin: A secondary line of defence against accidentally deleting files.
• File versioning: Files can be restored to previous versions.
• Site restoration: A site can be restored for up to 93 days after its deletion.
• Custom backup: SharePoint backed by RCSI IT backup systems, providing granular, long-term backup of SharePoint sites and data.

SharePoint can be used for: 

• Collaboration with internal and external partners.
• Storage of data for active research projects, especially documents
• For projects involving 1 or more teams.

SharePoint should not be used: 

• When a research project is closed/complete. The data and documentation of a completed project should first be appraised to decide what needs to be preserved, in line with the RCSI's RDM Policy and the associated Data Management Plan. Data and documentation should be preserved in a suitable data repository. Publications and reports can be preserved in the RCSI Repository. 

Common questions about SharePoint at RCSI

Is there a right way to access a Teams site? Some people use the SharePoint online interface to view all of the files and folders belonging to their research project team, while others are more comfortable using the Teams interface to do so - but both options work well.

Is SharePoint suitable for storing personal data from research? Signed consent forms and other personal data gathered in the course of the research can be stored within your project site for the duration of the research project, but must be deleted from your project site when no longer required. Some projects prefer to store these personal data files using OneDrive for added security, such as separating identifiers and anonymised data files, controlling access to direct identifiers using the PI's OneDrive. 

Is SharePoint suitable for large data projects: If you need more than 10GB of storage for your research project, additional storage space can be purchased by the project PI using grant funds. Please contact Research IT to discuss options. If you require extra space for data that contains personal data please flag this with Research IT so they can direct you to a solution that is GDPR-compliant (i.e. data is stored to servers within the EU region). 

How much space will you need? If you know you will need more than 10GB of storage space for your research data when you are finalising your project budget, please include a budget line for purchasing this additional storage space. Please speak to your Research Funding Officer in the ORI for advice on how to include this in your grant proposal. Your Data Management Plan will help you to assess what your file storage needs are likely to be from the outset of a new project. 

To learn more about SharePoint at RCSI please visit: 

• Learn SharePoint Online (SPO) \ MS Teams collaboration
• Navigate to the Teams/SPO Quickstart for an overview on getting started with Teams.
• You can Request a new TEAM / SPO site here: https://evros.uk.cloudradial.com/app/service/request/2861

PowerScale / Research Storage is physical storage located within RCSI. It can be configured to be accessed as a network drive on a user’s device. It is accessed via any toolset that can view network storage mapped to a device. The storage can also be accessed from the RCSI research compute cluster.

PowerScale provides security at the share level. External collaboration is possible but requires any external user to have an RCSI account. Such accounts can be requested using the ‘Contractor/Other Role Access Request’ form here.

PowerScale has a number of data resilience features:

• Snapshots – regular point-in-time snapshots are taken and can be reverted to, and files and folders can be recovered from by the end user.
• Snapshots currently can go back as far as 90 days.
• Snapshots are stored in the same physical storage system so are not protected from site loss (e.g. fire)

The RCSI Research IT Request Form can be used to request access to RCSI Research IT resources, or changes to resources as follows: 
- Local Compute
- Networked Storage
- Long-term archival in Azure Cloud.

There is a small one-time charge to the applicable research grant per TB for the PowerScale / Research Storage. As the controller of the grant funds, the Principle Investigator of your research project should make the request for PowerScale / Research Storage. Additional detail is provided in the “Service Description” on the Research IT Service web site.

PowerScale / Research Storage can be used for: 

• Storing large or very large volumes of data, ideally anything above 100GB where external collaboration is not required.
• Storing data where external collaboration is limited
• Accessing data using local desktop applications, e.g. data for R Studio
• Accesing data is for use on the research compute cluster.
• Archiving data from projects that are closed/complete but require the data to be retained.

PowerScale / Research Storage should not be used: 

• When external collaboration is a major part of the project.
• For MS Office documents or other ephemeral files.

Will you need long-term data preservation at RCSI? PowerScale can be used as a pathway to long-term cloud storage for archive purposes for closed projects where data has to be retained for FAIR data or as required by funders. There is a one-time cost to purchase storage on the research storage system. If you will require PowerScale as a perservation/data rentention solution, please include a budget line for this cost when finalising your project budget. Please speak to your Research Funding Officer in the ORI for advice on how to include this in your grant proposal. Your Data Management Plan will help you to assess what your file storage needs are likely to be from the outset of a new project. 

If you require any of these resources, please contact the Systems Administrator (Research IT Service) (research-it@rcsi.com) to discuss options for your research study. Research IT have provided a helpful visual overview of the Research IT Infrastructure here.

The use of USB drives and other removable storage devices are no longer permitted on RCSI systems. Removable storage devices present significant risks to the confidentiality, integrity, and availability of our data and systems, including:

• Malware and ransomware infections: USB devices are a common means of introducing malicious software into secure environments.
• Data loss or theft: These devices are easily lost, stolen, or misplaced, creating a high risk of sensitive information being exposed.
• Lack of security controls: Unlike approved storage platforms, USB devices typically lack encryption, monitoring, and access controls.
• Regulatory and compliance challenges: Use of unmanaged storage devices makes it difficult to ensure that data handling meets legal and regulatory requirements.

Secure alternatives: Staff and students must use approved and secure storage options, including SharePoint and secure file transfer platforms such as FileShare, all of which provide appropriate protection, monitoring, and support. In certain limited circumstances, the use of removable storage may be necessary for legitimate business purposes but this must be formally approved by the IT Security team.

Confidential data at rest on computer systems owned by RCSI and located within controlled spaces and networks are protected by strict access controls that authenticate the identity of those individuals who access the specific system or data. 

Confidential data should not be copied to or stored on a portable computing device or a non-RCSI owned computing device. However, in situations that require confidential data to be stored on such devices, data owners and device users must acknowledge how they will ensure that data is encrypted and how encrypted data will be accessible by the owner in the event that an encryption key becomes lost or forgotten. Methods to meet this requirement include:

• Maintaining an accessible copy of the data on a server managed by RCSI IT
• Escrowing the encryption key with a trusted party designated by the data owner
• Using whole-disk encryption technologies that provide an authorised systems administrator access to the data in the event of a forgotten key.

For more information see the RCSI Data Encryption Policy. 

Below are some general recommendations to help you secure and protect your devices which may contain research data (these have been adapted from the UCD Device Security Recommendations).

• Update all devices, software, and plug-ins on a regular basis: Check for operating system, software, and plug-in updates often or, if possible, set up automatic updates.
• Install and regularly update protective software.
• Control access to your machine: Don't leave your computer in an unsecured area, or unattended and logged on, especially in public places. The physical security of your device is just as important as its technical security.
• Use secure connections: When connected to the Internet, your data can be vulnerable while in transit. While on the RCSI campus use a wired connection or eduroam for wireless connection. Use remote connectivity and secure file transfer options when off campus.
• Protect sensitive data: Reduce the risk of identity theft by minimizing the storage of sensitive information on your device. Securely remove sensitive data files from your hard drive or use encryption tools to protect sensitive files you need to retain. 

For more information please see the RCSI Data Encryption Policy.

At RSCI, much of our research depends upon the secure storage and processing of health data which are often personal data. The processing of personal data must be carried out in accordance with the General Data Protection Regulation, and researchers working with personal data should use one of the following options to ensure the security of this data: 

RCSI-provided SharePoint and/or OneDrive: Data should be stored using the cloud storage provision at RCSI as these files are hosted in the Microsoft cloud, and the geographical location is restricted to the European Economic Area. Therefore, they are capable of GDPR compliance. 

Alternative file storage systems that are not provided via RCSI, such as DropBox and Google Drive, may not provide any restriction on the geographical location of file storage and are therefore not GDPR compliant. These alternative options must not be used for any data that is subject to GDPR rules, or provided to you by a third party with similar restrictions or user conditions. 

PowerScale is a centrally funded a substantial storage system that is highly scalable (i.e. possible to add more storage nodes in order to handle the increased workload). It provides a single central location for active research data which is highly resilient compared to point solutions. Isilon storage is sufficiently secure and auditable to support the storage of Personal Data. It is integrated with the Active Directory so that access to data is controlled through the Active Directory, and it is easy to audit who has access to any data. For data which the Data Management Plan mandates to be retained beyond the lifetime of the funded project and for which there is no suitable public repository, it can be archived to storage within Microsoft Azure while remaining manageable from the Isilon system.

Local Compute Cluster: This is a small Slurm cluster onsite at RCSI (Dublin) and is physically secure with encrypted disks. It is CIS (Centre for Internet Security) Hardened, which provides additional security to the Linux operating system. The Local Compute Cluster is also integrated to Active Directory so identity is assured. Because of these and other security measures, it can be used to process personal data. The Systems Administrator (Research IT Service) (research-it@rcsi.com) can install required software on the cluster, on request. 

External access: There is a controlled capability to make specific data on the storage system accessible to external collaborators; however, they have to be registered with RCSI in order to maintain audit trails and for technical reasons related to access control.

Encryption is simply the process of translating a file into meaningless code. To translate this code back into the original meaningful information a key (often a password) is required. Recovering information from encrypted files without the key is nearly impossible. The key/password for an encrypted file should never be sent with the encrypted file, an alternative method (such as over the phone, or a text) should be used to send the key/password separately. RCSI uses BitLocker Encryption, TLS. SMTP TLS (Transport Layer Security) for encrypting confidential and other college sensitive data (please see the RCSI Data Encryption Policy). All RCSI Windows laptops come with this BitLocker Encryption. Both devices and individual files can be encrypted.

 Device Encryption:

Device encryption helps to protect information on your device should it go missing or get stolen. If your device is encrypted, the data on it can only be accessed by people who've been authorized (usually through a password). Again, a strong password is required to ensure your encrypted device is truly secure. Device encryption is already available on supported devices running any Windows 10 edition (see Microsoft for further information).

 File Encryption:

File encryption can be used to store sensitive data on portable devices (such as a USB drive), to securely email it, or just to add an additional layer of security onto your existing data management.

A strong password is a key part of ensuring data security, whether you are simply storing your own research files or sending files to collaborators. Access to all RCSI information systems and networks must be controlled via strong password authentication schemes.

The RCSI’s password policy is as follows:

• Passwords must contain a minimum of 8 characters.
• Those characters must include a combination of any 3 of the 4 below items:
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base-10 digits (0 through 9)
• Non-alphanumeric (for example, !, $, #, %)
• User passwords will expire every 90 days and must be reset at that time.
• Password history is enabled and set to 24
• Accounts will lock out after 10 failed logon attempts.

Passphrases are also recommended as they are often easier to remember, but much more difficult to hack. A passphrase is a password made up of (at least) four randomly chosen words. It is as easy to remember as four randomly chosen letters, but it results in very strong passwords. For example a passphrase could be simple (e.g. apple tower africa elephant ) or more complicated to make it compatible with a service that insists on punctuation marks and capitals (e.g. Ap.ple.Tower@fricaElephant). Please see the RCSI System Access Control Policy and the University of Edinburgh's Guide to Choosing a Strong Password for more information and tips.

In order to protect your data and information, all files and documents should be encrypted before transferring them. Researchers should follow RCSI acceptable use policies when transmitting data and must take particular care when transmitting or re-transmitting confidential data received from non-RCSI employees. Transmission of data via RCSI email is automatically encrypted using TLS. SMTP TLS (Transport Layer Security) is the mechanism by which two email servers, when communicating, can automatically negotiate an encrypted channel between them. RCSI has configured mail flow to ensure that TLS is always used for email transmission. For more information please see the RCSI Data Encryption Policy.

Additionally manual encryption of attachments helps to protect your data and information if either the recipient’s or your email account is compromised. The encrypted files cannot be viewed by anyone, including yourself, without the decryption password, which should be sent to the recipient using a different transfer method (e.g. over the phone or via text). 

How to email files securely

• Save the confidential information to a Microsoft Office document, such as Microsoft Word or Excel.
• Encrypt the Microsoft document by password protecting it using a strong password.
• Attach the encrypted document to the email.
• Send the password for the encrypted document separately, either in person, over the phone or by text.

HEAnet FileSender is used within the Irish Higher Eudcation sector as a secure way to share big files. FileSender allows you to send large files to anyone and offers end to end encrytion that is suitable for sending sensitive data. FileSend is a federated service, so you should log in with you RCSI credentials to use this service.More information on HEAnet FileSender.