Issue link: https://read.uberflip.com/i/1182528
Amazon Web Services – Architecting for Genomic Data Security and Compliance in AWS December 2014 Page 17 of 17 Cleaning Up Data and Retaining Results Controlled-access datasets for closed research projects should be deleted upon project close- out, and only encrypted copies of the minimum data needed to comply with institutional policies should be retained. In AWS, deletion and retention operations on data are under the complete control of a researcher. You might opt to replicate archived data to one or more AWS regions for disaster recovery or high-availability purposes, but you are in complete control of that process. As it is for on-premises infrastructure, data provenance 7 is the sole responsibility of the researcher. Through a combination of data encryption and other standard operating procedures, such as resource monitoring and security audits, you can comply with dbGaP security recommendations in AWS. With respect to AWS storage services, after Amazon S3 data objects or Amazon EBS volumes are deleted, removal of the mapping from the public name to the object starts immediately, and is generally processed across the distributed system within several seconds. After the mapping is removed, there is no remote access to the deleted object. The underlying storage area is then reclaimed for use by the system. Conclusion The AWS cloud platform provides a number of important benefits and advantages to genomic researchers and enables them to satisfy the NIH security best practices for controlled access datasets. While AWS delivers these benefits and advantages through our services and features, researchers are still responsible for properly building, using, and maintaining the private AWS environment to help ensure the confidentiality, integrity, and availability of the controlled access datasets they manage. Using the practices in this whitepaper, we encourage you to build a set of security policies and processes for your organization so you can deploy applications using controlled access data quickly and securely. Notices © 2014, Amazon Web Services, Inc. or its affiliates. All rights reserved. This document is provided for informational purposes only. It represents AWS's current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS's products or services, each of which is provided "as is" without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers. 7 The process of tracing and recording the origins of data and its movement between databases.