Policy Volume: DA
Responsible Executive: CISER Senior Data Librarian
Responsible Office: Cornell Institute for Social and Economic Research
Revised: 2014-03-21, 2020-10-30
The Data Security policy describes physical and information technology measures undertaken to protect CISER digital data collections from unauthorized access.
All CISER file servers, which house the Data Archive, have Symantec Antivirus virus protection software installed, and data files are scanned for viruses prior to being added to the environment. Security on the CISER file servers is monitored by the collection and review of system log files generated on all the systems and the Cisco ASA.
Data Center: The CISER file servers are located in an environmentally controlled secure University data center, as part of CISER’s commitment to take all necessary precautions to ensure the physical safety and security of the Data Archive. The data center maintains uninterrupted power supplies (UPS), fire prevention and protection system, physical intruder prevention and detection systems and environmental control systems.
Access to the data center is granted by an authorized proximity card (Cornell University ID card) issued only to Cornell staff with the required credentials according to Cornell University Policy 8.4 — Management of Keys and Other Access Control Systems. Entrance and exits to the data center are automatically logged and monitored by Cornell Information Technology staff within the data center, and the CISER file servers are housed in racks with locked doors, to which only authorized system administrators have keys.
- Public Access: Authentication is not required for access to public-use datasets, if accessing via the CISER web catalog. Unauthenticated guests must pass a reCAPTCHA test prior to download.
- Managed Access: Where the Data Provider obligates, the user would be required to authenticate with CUWebLogin (Cornell NetID required) via the CISER web catalog.
Authorization: Access to the Data Archive digital collection is managed by the archive’s restriction levels. Access to non-public, restricted resources is granted by archive personnel through the archive management system. Access terms are granted based on the provider’s data use agreement. Authorization is linked to Cornell NetID authentication.
Receipt of original media: CISER will employ the highest standard of ingest processing to ensure the quality, integrity, and secure storage of datasets. Refer to the Data Archive Collection Policy for ingest details.
Storage of original Media and electronic copies: Any original media/electronic data that is retained, will be stored in compliance with the Data Archive Preservation and Storage Policy.
Disposal/Decommissioning of data: CISER reserves the right to decommission data and/or dispose of physical media. The data will be decommissioned/disposed of in line with the directives of the Data Provider.
Backup: Data is backed up by Cornell Information Technology EZ-Backup service.
Security Incidents: Reporting security incidents is mandated by Cornell University Policy 5.4.2, Reporting Electronic Security Incidents.
Policy Review Process: CISER will review these policies every three years in conjunction with the CoreTrustSeal certification process or any future certification process.
- CISER Data Archive Data Collection Policy: https://ciser.cornell.edu/about-us/ciser-policies/data-archive-collection-policy/
- CISER Data Archive Preservation and Storage Policy: https://ciser.cornell.edu/about-us/ciser-policies/data-archive-preservation-and-storage-policy/
- Cornell University Policy 8.4 — Management of Keys and Other Access Control Systems: https://www.dfa.cornell.edu/policy/policies/management-keys-and-other-access-control-systems
- Cornell University Policy 5.4.2, Reporting Electronic Security Incidents: http://www.dfa.cornell.edu/treasurer/policyoffice/policies/volumes/informationtech/incidents.cfm