Data security

1. What provisions are in place for data security (including data recovery as well as secure storage and transfer of sensitive data)?

Feel++ implements comprehensive security measures across all data operations:

Access Control
  • Role-based access control (RBAC) for different user categories

  • Multi-factor authentication for sensitive data access

  • Regular access audits and permission reviews

  • Integration with institutional identity management systems

Data Protection
  • Encryption at rest for all stored data (AES-256)

  • Encryption in transit using TLS 1.3+ for all data transfers

  • Anonymization protocols for medical and personal data

  • Secure key management through hardware security modules

Infrastructure Security
  • University of Strasbourg certified data centers

  • Redundant power and cooling systems

  • Physical access controls and surveillance

  • Regular security audits and penetration testing

Backup and Recovery
  • Automated daily backups with 3-2-1 backup strategy

  • Geographic distribution across multiple data centers

  • Regular recovery testing and disaster preparedness

  • Recovery time objectives (RTO) < 24 hours for critical data

Monitoring and Incident Response
  • 24/7 security monitoring and alerting

  • Intrusion detection and prevention systems

  • Incident response procedures with clear escalation paths

  • Collaboration with IRMA information security team

2. Is the data safely stored in certified repositories for long term preservation and curation?

Yes, Feel++ utilizes multiple certified repositories for comprehensive data preservation:

Primary Certified Repositories
  • Zenodo (CERN): ISO 16363 certified for digital preservation

  • HAL (CCSD): French national repository with OAIS compliance

  • Cemosis Repository: University of Strasbourg institutional repository

  • Software Heritage: For permanent source code archival

Certification Standards
  • ISO 16363 (Audit and certification of trustworthy digital repositories)

  • OAIS (Open Archival Information System) compliance

  • FAIR Data Point certification for metadata exposure

  • University data governance standards

Quality Assurance
  • Regular repository audits and compliance checks

  • Data integrity verification through checksums

  • Metadata quality validation and enrichment

  • Migration planning for obsolete formats

International Standards
  • Dublin Core metadata standards

  • DataCite schema for dataset citation

  • PREMIS for preservation metadata

  • BagIt specification for data packaging

Redundancy and Reliability
  • Multiple geographic locations for critical data

  • Cross-repository replication for important datasets

  • Automated monitoring of repository health

  • Service level agreements with repository providers