Oct 10 – 13, 2022
Universidade do Algarve
Europe/Lisbon timezone

EPIC Cloud: a secure, GDPR-compliant, open-source cloud platform for life-science applications

Oct 11, 2022, 1:30 PM
30m
Auditório 1.5 (Complexo Pedagógico)

Auditório 1.5

Complexo Pedagógico

UALG - Campus da Penha
Extended Presentation (25' + 5' for questions) R&D for computing services, networking, and data-driven science IBERGRID Contributions

Speaker

Barbara Martelli (INFN - CNAF)

Description

After the entry into force of GDPR in 2018, life-science research communities have had to deal with a brand-new regulatory framework, very restrictive in terms of cybersecurity and privacy measures to be implemented in case personal data (even if pseudonymized) are involved in the studies. In Italy, we have dealt with this new legal scenario creating EPIC Cloud (Enhanced PrIvacy and Compliance Cloud): a region of INFN Cloud with particular security measures in place. An important aspect this work is the construction of an Information Security Management System (ISMS) and its certification of conformance with the international standards ISO/IEC 27001 27017 27018. The adoption of an ISMS is important from the organizational perspective, in fact security measures must be integrated and coordinated to be effective. The certification of conformance is a mechanism which involves an independent third party (an accredited consulting firm) who verifies the status of the ISMS yearly. This is of paramount importance to guarantee users that the security measures are appropriate and actually applied. In this talk we’ll describe the technical and organizational measures adopted in EPIC Cloud and will discuss pain points and achieved results of our journey towards GDPR compliance. Furthermore, we'll describe how real life-science use cases, focusing on genomic and clinica data analysis, are managend in EPIC Cloud. In particular, we'll describe Health Big Data (a ten-year project founded by the Italian Health Ministry), Harmony Alliance (an European founded by the IMI2 Joint Undertaking) and other NRRP related initiatives involving EPIC Cloud.

Primary authors

Barbara Martelli (INFN - CNAF) Dr Davide Salomoni (INFN CNAF)

Co-authors

Dr Vincenzo Ciaschini (INFN CNAF) Dr Cristina Duma (INFN CNAF) Dr Giusy Sergi (INFN CNAF) Dr Alessandro Costantini (INFN CNAF) Dr Diego Michelotto (INFN CNAF) Dr Enrico Fattibene (INFN CNAF) Dr Cristina Vistoli (INFN CNAF) Dr Andrea Chierici (INFN CNAF) Mr Stefano Zani (INFN CNAF) Mr Lorenzo Chiarelli (INFN CNAF)

Presentation materials