Facilitating responsible and secure research with sensitive data
The Jill Dando Institute Research Laboratory (JDIRL) is a Police Assured Secure Facility for the storage and analysis of data classified up to OFFICIAL-SENSITIVE, the first facility of its kind at a European university. The JDIRL facilitates world-leading research using sensitive datasets that would not otherwise be easily accessible, allowing you to deliver genuine insight and insight.
What we do
- Providing a secure facility to enable research on a diverse range of societal topics using sensitive data
- Working with providers to bring data to trusted and vetted researchers to generate unique and impactful insights
Services & software
- Why should I use the lab?
For access to world-class, trusted, and duly vetted researchers who can provide unique and impactful insights into your data To securely store sensitive data
To work with highly sensitive datasets e.g., commercially sensitive, personally identifiable, crime, national security data, and more To meet ethical, data protection, and data provider requirements to use a secure platform. The lab is a police-accredited secure facility and is ISO2001 compliant To anonymise sensitive datasets for use outside of the lab
- Who can use the lab?
The lab is available for use to all, subject to the necessary vetting and training requirements. This includes UCL staff, students, and those with honorary contracts, as well as those not-affiliated with UCL
- Data management
User files are stored on a dedicated file store. The user files will be replicated internally within the server room to a second file server for disaster recovery purposes. This second server is only accessible by vetted and trusted JDI staff Postgres – database files are backed up to a dedicated file store. This file store is only accessible by vetted and trusted JDI staff The file stores are dedicated devices with redundant power supplies and RAID files systems. We also have a new tape device and this can be used to provide user and Postgres data backups on encrypted media and disaster recovery backups of infrastructure. This media is kept in a safe within the secure server room. Data can be stored securely, long-term. See our guie to services & software for more information.
To access the lab, all users undergo vetting. The level of vetting is determined by how sensitive the data is, and which zone of the lab you require access to. For more information, download our guide to vetting (below). All users are required to undergo training and an induction before access is granted. Training and induction are usually undertaken in-person and take approximately 1 hour. Once vetted and inducted, users are required to book in via a booking system before accessing the lab
Lab & network
Physical security - The area surrounding the lab is managed by UCL’s security team. The lab’s physical security is managed independently. Access is via security doors which require two-factor authentication from permitted users only. The lab is divided into ‘zones’ divided by doors operating on an interlocking mechanism. The lab is secured by an Intruder Detection System Network security - The network is air-gapped meaning it is offline and physically separated from external networks – remote access is not possible. The different zones use separate, but identical networks, and different levels of security clearance are required to access the different networks
Data are stored securely within an air-gapped network, meaning the lab is offline and remote access is not possible. This reduces the risk of data breaches Data are subject to a data or information sharing agreement which sets out limitations and scope of use. Any agreement is made between the data owner and the lab
How do I apply for access to the lab?
To make an enquiry, please get in touch with us via email at firstname.lastname@example.org
Do I need training to use the lab?
Yes, you will need to undergo an induction before you can start using the lab
How secure is the lab?
The JDI Research Laboratory is a secure computer facility, accredited by the Metropolitan Police Service, London as a Police Assured Secure Facility, able to store and process data classified up to OFFICIAL-SENSITIVE under the UK government classification scheme. The network infrastructure of the lab is air-gapped to minimise the risk of data breach and the lab is ISO27001 compliant. For more information about our secure processes, please get in touch
What type of data can I work with?
The lab is accredited for work with data classified as OFFICIAL-SENSITIVE, OFFICIAL, and data not protectively marked
Do I need security clearance?
Yes, all users of the lab will need to undergo vetting. What level of security clearance you require depends on what sort of data you will be working with, and which areas of the lab you will require access to.
What about data/information sharing agreements?
Some data owners may require a data or information sharing agreement to be put in place before transferring any data. We can draft such documentation to ensure your specific requirements are met. Alternatively, we are happy to work with providers if they have their own data sharing agreements. For researchers, we offer a data sharing agreement writing service, along with templates, for those who are using the lab
What data is available?
We work with data owners to facilitate access to sensitive data for researchers. We store a number of datasets for general use. Get in touch for more information about the data we currently have available
How do I transfer data in or out of the lab?
he lab is completely offline, so data transfers are performed in person at the lab by trained and vetted JDI staff using government-certified encrypted USB sticks
The USB drive is connected to a “sheep-dip” machine which performs a set of anti-virus and malware scans on the device.Once these are complete and assuming no malicious files are found, the sheep-dip machine is temporarily connected to the destination network and the data are transferred to the destination folder. The sheep-dip machine is then disconnected from the network (and, if necessary, the USB drive is reformatted). If the USB drive belonged to a data provider or lab user it will then be returned to them either in person or in the case of users, by leaving the USB drive in a security pouch in the collection point within the JDIRL lobby
Where is the lab located and how do I access it?
The lab is located in central London. The exact location of the lab is not made public. Upon induction, confirmed and duly vetted users of the lab receive instructions on where and how to access the lab. Users are issued with a pass and a pin number for access, and a unique login for the computers
Can I use personal electronics in the lab?
No. Personal electronic devices such as mobile phone or smartwatches are not permitted in the lab. We provide secure lockers for such items outside each zone for users to make use of