Getting started with the Data Safe Haven (DSH)

The DSH can be used only with permission from the Head of Research Governance, Ethics and Integrity (RGEIT).

All projects requiring use of the DSH need to go through the following steps, including requests by supervisors for student projects. Unfortunately, we cannot accept requests from students or non-UoM employees.

Step 1

Contact the HRDS team, prior to applying for funding, via the ITS Support Portal (search ‘DSH’ and submit a ‘Find out more about DSH’ ticket) to discuss your requirements and costing. We can provide a cost estimate for inclusion in your funding application. DSH local and DSH cloud are listed in the BlackDackel costing tool under ‘Non Staff Costs’.

Step 2

PI completes, or updates, a Data Management Plan (DMP) in which they describe the nature of the data. Question 4 of the ‘Manchester Data Management Outline’ section of the DMP asks “Where will the data be stored and backed-up during the project lifetime?”. The data owner will stipulate the requirements for storage of their data e.g. ISO27001 compliant.

RGEIT, the HRDS Team and the Information Governance Office (IGO) can advise the PI about which UoM provided storage environment will meet the data owner’s requirements.

Step 3

The Library’s Research Data Management (RDM) team processes newly created DMPs on a daily basis and sends feedback on the completed ‘Manchester Data Management Outline’ section to the DMP Owner.

If a PI has selected the option of storing their data in the DSH, the Library RDM Team alerts the HRDS Team to check that we have spoken with the PI about requirements and likely costs.

Step 4 (once funding has been awarded)

PI submits a request for a new project space to be created on the DSH. Use the ITS Support Portal (search for ‘DSH’, select the ‘Create a new project space on the DSH’ option). When the HRDS Team receive the request, they alert RGEIT. Using Support Portal tickets, as opposed to email, is important for creating an auditable trail of communications.

The items listed in the checklist below must be provided to RGEIT. RGEIT, the HRDS Team and the IGO can support the PI in meeting the checklist requirements.

Step 5 (once RGEIT has approved use of the DSH)

HRDS Team creates the new DSH project space and notifies the PI, users and RGEIT.

Training and on-going support in using the DSH will be provided by the HRDS Team.

It is understood that users may need to work on more than one project and therefore require access to different project folders in the DSH. In this instance, users will only be provided access to the project folder for which all the above conditions are met. Access to one project will not automatically grant access to other projects

Checklist

All users must have completed the University’s Data Protection & Information Security online training.

If working with 3rd party data (e.g. NHS Digital data) a data sharing contract must be in place between the University and the data provider which confirms authorised users and the specific data they are entitled to access. This must be checked by RGEIT.

A System Level Security Policy (SLSP) must be completed by the HRDS Team together with the PI, based on the requirements of the data provider, and detailing those users who require access to the data.

An Information Governance Risk Review (IGRR) must be submitted by the PI.

An IG Master File will need to be developed, which outlines the quality assurance processes that must be put in place in order to use the DSH. This will be overseen by RGEIT.

An Investigator Agreement signed by the PI, which states the responsibilities of the PI and the Study IG Lead, where appropriate. This will be overseen by RGEIT.