Data Security Compliance

The eResearch and High-Performance Computing (HPC) unit safeguards data on behalf of the University of the Free State (UFS) researchers. The HPC unit falls under ICT Services (ICTS) of the UFS. Data stored at the unit includes systems such as Figshare, iRODS (large datasets), South African Geographical Assets, and large data sets internal to HPC processing. All data is stored in compliance with regulatory requirements, such as POPIA and, to a large extent, GDPR (as a non-EU member).

Best practices in data security in accordance with ISO27001:2022 are followed. However, the UFS and ICTS are not ISO27001 certified.

The datasets stored on the eResearch and High-Performance Computing system are under the following scrutiny:

• Data transmission is performed per industry-standard encryption methodologies defined by RFC4250¹, RFC4251², RFC4252³, RFC4253⁴, and RFC4254⁵.
• Data transfer into and out of the system is encrypted end-to-end using industry-standard encryption entropy, such as the Advanced Encryption Standard (AES)⁶ and the revised Secure Hash Algorithm (SHA-2)⁷.
• Secure encryption algorithms such as ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, rsa-sha2-512, and rsa-sha2-256 are enforced during data transit.
• Data is stored on Portable Operating System Interface (POSIX)-compliant file systems, which enforce advanced Access Control Lists (ACLs).
  • The POSIX standard is developed and maintained by the Institute of Electrical and Electronics Engineers (IEEE) association, with the latest version being IEEE Std 1003.1TM-2024⁸.
  • ACLs isolate data between user accounts, disallowing unauthorised access between system accounts.
• The file system supports data snapshots, which allow data retrieval of specific file versions at a particular time.
  • Backups of snapshots are kept at daily, weekly, and monthly intervals.
• Data is stored on six file servers configured in a network storage array with failover and a Redundant Array of Independent Disks (RAID) configuration per host.
  • Three replicas of the data are distributed over the six servers, providing data recovery of up to two physical server failures.
• All servers are hosted in a secure data centre on the university’s premises.
• The data centre has physical access control, fire suppression and uninterrupted power distribution backed up by two diesel generators with sufficient fuel to keep the data centre running for three days under normal load.
• The data centre, uninterrupted power distribution and generator fuel levels are monitored 24/7, with notifications sent to several individuals.
• Data transfers into and out of the data centre go through two independent industry-standard and ISO27001-compliant firewalls.

Relevant legislation and policies considered

• The Constitution of the Republic of South Africa, Act 108 of 1996
• The Protection of Personal Information Act (POPIA), 4 of 2013
• EU GDPR 2016/679 (Regulation [EU] 2016/679 of the European Parliament and of the Council of the 27^th of April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC)
• ISO/IEC 27001:2022

Request a copy

A signed copy of this information can be requested for ethics committees or other contractual obligations by emailing the eRN support staff at ern@ufs.ac.za.

References

---

1. https://datatracker.ietf.org/doc/html/rfc4250 ↩

2. https://datatracker.ietf.org/doc/html/rfc4251 ↩

3. https://datatracker.ietf.org/doc/html/rfc4252 ↩

4. https://datatracker.ietf.org/doc/html/rfc4253 ↩

5. https://datatracker.ietf.org/doc/html/rfc4254 ↩

6. https://www.techtarget.com/searchsecurity/definition/Advanced-Encryption-Standard ↩

7. https://www.encryptionconsulting.com/education-center/what-is-sha ↩

8. https://standards.ieee.org/ieee/1003.1/7700 ↩