Issue link: https://read.uberflip.com/i/1182528
Amazon Web Services – Architecting for Genomic Data Security and Compliance in AWS December 2014 Page 3 of 17 Overview Researchers who plan to work with genomic sequence data on Amazon Web Services (AWS) often have questions about security and compliance; specifically about how to meet guidelines and best practices set by government and grant funding agencies such as the National Institutes of Health. In this whitepaper, we review the current set of guidelines, and discuss which services from AWS you can use to meet particular requirements and how to go about evaluating those services. Scope This whitepaper focuses on common issues raised by Amazon Web Services (AWS) customers about security best practices for human genomic data and controlled access datasets, such as those from National Institutes of Health (NIH) repositories like Database of Genotypes and Phenotypes (dbGaP) and genome-wide association studies (GWAS). Our intention is to provide you with helpful guidance that you can use to address common privacy and security requirements. However, we caution you not to rely on this whitepaper as legal advice for your specific use of AWS. We strongly encourage you to obtain appropriate compliance advice about your specific data privacy and security requirements, as well as applicable laws relevant to your human research projects and datasets. Considerations for Genomic Data Privacy and Security in Human Research Research involving individual-level genotype and phenotype data and de-identified controlled access datasets continues to increase. The data has grown so fast in volume and utility that the availability of adequate data processing, storage, and security technologies has become a critical constraint on genomic research. The global research community is recognizing the practical benefits of the AWS cloud, and scientific investigators, institutional signing officials, IT directors, ethics committees, and data access committees must answer privacy and security questions as they evaluate the use of AWS in connection with individual-level genomic data and other controlled access datasets. Some common questions include: Are data protected on secure servers? Where are data located? How is access to data controlled? Are data protections appropriate for the Data Use Certification? These considerations are not new and are not cloud-specific. Whether data reside in an investigator lab, an institutional network, an agency-hosted data repository or within the AWS cloud, the essential considerations for human genomic data are the same. You must correctly implement data protection and security controls in the system by first defining the system requirements and then architecting the system security controls to meet those requirements, particularly the shared responsibilities amongst the parties who use and maintain the system.