Data Considerations

Data Management
Data Security

Where is the data that’s placed into the Penn instance of LabArchives stored?

Our ERN is a cloud service, accessible using a standard web browser from anywhere in the world. It is not located on the Penn campus; LabArchives hosts all of its software and customer data at Amazon data centers located in two regions: the primary is US East (Virginia) and their failover is US West (Oregon). Data is always stored within the United States and does not travel outside of US borders.

Security and availability of research data is a top priority for Penn and LabArchives, and there are numerous technical and administrative safeguards in place. More information is availalbe from the LabArchives KnowledgeBase .

What kinds of data are NOT appropriate to place in Penn’s LabArchives?

A majority of research performed on campus generates data, procedures, observations, and other notes that may be stored in LabArchives.

At this time, some types of data may not be appropriate or may require guidance from compliance and/or security stakeholders on campus. This includes:

  • Some data classified as Highly Sensitive. At this time, some sensitive information (according to the Penn Classification Framework) such as credit card numbers of Social Security Numbers should not be stored on the Penn instance of LabArchives. Consult with your department’s local service provider for guidance.
  • Protected Health Information. At this time, HIPAA-protected information should not be stored on the Penn instance of LabArchives. As of Aua2018, Penn is exploring whether LabArchives can be used for this category of data in the future.
  • Data to be used as part of an FDA submission. If the data you will store will be used at any time in the future as part of an FDA submission, Penn’s edition of LabArchives is not recommended at this time. Data stored may be outside signed vendor agreements and the “systems” involved have not all been validated to all CFR provisions, including 21 CFR Part 11. For PSOM/Penn Medicine research requiring 21 CFR Part 11 compliance, please contact Penn Medicine Academic Computing, Enterprise Research Applications @ 215-898-2558 for discussions on other possible solutions. As of August 2018, Penn is exploring whether LabArchives can be used for this category of data in the future.
  • Data subject to Data Use Agreements. For research subject to Data Use Agreements, there may be provisions that limit what or how data may be stored of shared (e.g. prohibitions on cloud storage). Consult with the appropriate compliance committee or your department’s local service provider for guidance.
  • Other data subject to government and/or campus oversight, such as FISMA, NIST, the Institutional Review Board (IRB) or the Institutional Biosafety Committee (IBC). Consult with the appropriate compliance committee or your department’s local service provider for guidance.

Your responsibility of protecting the data remains the same as accessing Penn data on your computer or device, per Penn’s Policy on the Acceptable Use of Electronic Resources .

How much storage space do I have? My data includes large files.

You have unlimited storage space for your research files, although the maximum file size for upload to the LabArchives ERN is 15GB. To include larger files in your ERN document, you will need to store them elsewhere and link to them from an ERN entry. It may be useful to include information about the server location and file names in the ERN entries that point to linked files. This imperfect approach does not guarantee that files linked remain intact, unaltered, and accessible for many years. Linked files are not protected or verified by the LabArchives software, so policies should be set in place to ensure that linked files are never changed or moved.

The campus ERN platform is provided by LabArchives, a cloud service. Penn’s contracting process with LabArchives included an extensive review of data security controls by Penn IT Security and Procurement teams. Our agreement with LabArchives includes measures that safeguard the intellectual property and security of Penn research data.

How secure is my LabArchives data?

LabArchives utilizes Amazon Web Services for its application, database, storage, and backup servers.  Both the primary and secondary Amazon data centers used to deliver the service are located in the US. See Amazon Web Services Compliance page.

Key security controls in the Penn LabArchives service include:

  • Encryption of data in transit and at rest
  • Firewalls and other security devices on all servers
  • Monitoring of all network traffic for suspicious activity
  • Regular testing, upgrades, and patching for vulnerabilities
  • Regular third party security audits

Security and availability of research data is a top priority for Penn and LabArchives, and there are numerous technical and administrative safeguards in place. More information is available from LabArchives .