Data Safe Haven (DSH)

This service provides a technical solution for storing, handling and analysing identifiable data.

Service updates

Changes to the Security & Tokens Portal and the way your password is changed

We have made some changes to the Security & Tokens Portal which means that the process of changing your password is different and the terminology we use is also different. Here is a summary of the changes made, full details are available in the FAQs.

If you need to change your password where you know the existing one and it hasn't expired, use the Self-Service Console which requires that you enter your Token code, PIN and password. Use the Reset Password Console if you do not know your password or it has expired, this will use an authorisation code sent to your email.

In the Self-Service and reset password console you no longer enter your token code and PIN in the same line. Instead they are entered on separate lines:

One-Time Password Code - This is the random 6-digit number which is displayed on the MobileID app on your mobile (formerly known as just token)

Token PIN - This is the 4-digit number which you chose when you set up your account (or changed at a later date)

When you log into the Applications & Data Portal you still enter your PIN and token code in the form of PIN+code (forming a 10-digit number)

DSH Service Portals

File Transfer Portal

Portal for secure transfer of data into the Data Safe Haven.

Applications & Data Portal

Portal for secure handling of data using applications available in the Data Safe Haven and Securely transferring data out of the system.

Security & Tokens Portal

Select one of the following options:

Self-Service Console - For changing your password using your existing one
Reset Password Console - For resetting your password when existing one forgotten or does not work
Emergency Access Console - For an emergency code when you have no access to your token or authenticator app

Key Features

Provides a secure channel to handle and upload data, ensuring only those with assigned access are able to view and manage the data
Provides a protected environment with a number of applications for data management and transformation
Available at no additional cost to researchers

If you have any problems or queries please email dsh-support@ucl.ac.uk

Overview

The Data Safe Haven has been certified to the ISO27001 information security standard and conforms to NHS Digital's Information Governance Toolkit. Built using a walled garden approach, where the data is stored, processed and managed within the security of the system, the DSH avoids the complexity of assured end point encryption. A file transfer mechanism enables information to be transferred into the walled garden simply and securely.

Getting started with the Data Safe Haven

Before requesting access to the Data Safe Haven you must complete the Information Governance assurance process. You will be required to complete approved training on data security, which will involve enrolling and completing the NHS Digital’s Data Security Awareness (NHSD) course. Once you have completed this course, you will have to attend a Data Safe Haven Induction session, through which you will learn more about the service as well as set up your own password and passkey.

If your project has already completed the Information Governance assurance process you may request access using the self-service forms. Use the search box and the search term 'Data Safe Haven'. Requests can only be made by the Information Asset Owner or their nominated Information Asset Administrator.

Top FAQs

Two-factor authentication (What is a One-time password code? What is a Token PIN?)

Two-factor authentication is an extra layer of security for your Data Safe Haven account designed to ensure that you're the only person who can access it.

To access data in the Data Safe Haven you will require your DSH User ID, DSH static password, PIN and a one-time password code. To keep your account as secure as possible, there are a few simple guidelines you should follow:

Remember your DSH static password Remember your PIN

Your token for the Data Safe Haven has a PIN, this is the 4-digit number you chose at your induction. This is referred to as a “Token PIN” or “PIN”. A Token PIN is an extra password attached to your token. For instance, if your token displays the code 000123 and the PIN is 0987 then the PIN+Token submitted in the authentication process is 0987000123. You set your PIN when your Token is issued to you during your induction.

DSH Static Password

This is the password composed of letters, numbers and symbols you created during the induction and is changed every 3 months (see the password policy in the previous section).

Token

A token is a device or an app that displays a temporary 6-digit number - one-time password code (OTP). The token is set up on your mobile phone at the induction using the OTP generator app called MobileID. This number changes continuously every 30 seconds, when you view the number it could be at any point within the 30 second cycle. For instance, you look at the 6-digit number on your token, but it changed in just 5 seconds, this means you viewed the number on the 25th second of its cycle. You must complete an authentication process before the number changes.

Token PIN

How to transfer files to the Data Safe Haven?

Files can be transferred from your physical device to the Data Safe Haven using the File Transfer Portal.

Click the Upload button to open a File Explorer

Select the file to upload

DSH file transfer portal upload button
Log into the DSH Applications and Data Portal

Go to This PC > MFT Arrivals (Q:) > <Your username> and your file should be available. It may not be visible immediately, depending on the size of the file it may take a bit of time for the transfer to complete in the background.

You should transfer the file to a Share on Group (S:) as soon as possible. Files in the Arrivals folder will be deleted 30 days after they were created.

DSHarrivalsfolder

How do I change my DSH password when I know my existing one and it hasn't expired?

Go to the Security Portal Self-Service Console
https://registration.idhs.ucl.ac.uk/dsc

1. Enter your DSH User ID and click Next

DSH self-service username

2. Enter your DSH password and click Verify

DSH self-service password

3. Enter your DSH 6-digit One-Time Password Code (Token) in the first box and 4-digit PIN in the second box

DSH Self-service OTP

4. Click on My Account in the left hand menu and click on Change Password

DSH self-service console

5. Enter in your old and new passwords and click Save Changes

DSH self-service console change password

How do I reset my password if I have forgotten it or it has expired

1. Log in to the Security Portal Reset Password Console
https://registration.idhs.ucl.ac.uk/drp

DSH Reset password enter username

2. Enter your DSH 6-digit One-Time Password Code (Token) in the first box and 4-digit PIN in the second box

DSH reset password enter one-time password code

3. Click on the Mail icon to email you an authorisation code
4. Go to your email and enter the authorisation code when you receive it and click Verify

DSH Reset password send authorisation email

5. Enter a new password and click Reset

DSH reset password enter new password

What are the password requirements? My new password does not work?

The password must be at least 12 characters long. The password must follow these rules:

Include all of the following:
1. Lowercase characters
2. Uppercase characters
3. Numbers
4. Symbols, i.e. ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/
Cannot exceed 8 repeated characters in the password
Cannot exceed 5 characters in a sequence (123456 or abcdef)

Do not use British Pound (£) or Euro symbols in your password. You will be able to set a password with these symbols but it may not work when attempting to log on since it is not counted as a symbol.