Required cookies

This website uses cookies necessary for its operation in order to provide the user with content and certain functionalities (e.g. language selection). You have no control over the use of these cookies.

Website visitor statistics

We collect visitor statistics on the use of the site. The data is not personally identifiable and is only stored in the Matomo visitor analytics tool managed by CSC.

By accepting visitor statistics, you allow Matomo to use various technologies, such as analytics cookies and web beacons, to collect statistics about your use of the site.

Change your cookie choices and read more about visitor statistics and cookies

CSC

Data Policy

Our mission is to develop, integrate and offer high-quality ICT services for research, education, culture, public administration and companies as part of the national research system. In order to achieve our strategic goals, we have to promote and adhere to good data management practices within our own operations and for our designated user communities. For our customers, we provide services together with instructions, tools and guidelines to ensure and improve the quality of their data its appropriate management and readiness for future use.

Purpose

The mission of CSC is to develop, integrate, and offer world-class ICT services for research, education, culture, public administration and companies. CSC provides services for the national research and education system, or for our customers’ research and development. CSC’s ultimate aim is to enable our customers to succeed.

Solid data management is a key requirement for efficiency, compliance, and success. This data policy sets the data management principles of the CSC for us as a company, our customers and users alike. CSC services may have other specific guidelines for data management, CSC For the purposes of this document, both our customers and users will hereafter be referred to as customers.

At CSC we are committed to adhere to the FAIR principles. To ensure good data management, data must be FAIR (Findable, Accessible, Interoperable, Reusable). The principle of “as open as possible, as closed as necessary” is a cornerstone of Open Science and FAIR data, and it serves as a guiding principle for all data management taking into account the binding nature of any agreements on data confidentiality.

Our services support best practices for data management, and our customers can expect high quality and trustworthy services with comprehensive guidelines for data management. We will assist in appropriate data management and readiness of data for future uses. Our data policy emphasizes the importance of responsibilities of managing data. However, our customers as the data holder are ultimately responsible for the data which is processed in CSC environments.

Principles

This data policy communicates what best data management practices mean to us at CSC, and how we commit to support our customers’ success:

  • We ensure that research, education and innovation actors have secure and user-friendly access to top-class computing and data resources.
  • We follow all appropriate measures for our data management and help customers safeguard the availability, usability, confidentiality and retention of their data.
  • We develop and provide trusted and secure solutions for effective data storing, sharing and reuse.
  • We assure as a service provider our compliance with applicable laws and regulations, as well as internal requirements related to data management.
  • We inform through our General Terms of Use for CSC’s Services for Research and other service specific terms of use what the compliance requires from our customers.

This data policy covers both CSC-owned data and data which is processed by our customers in CSC environments. Data types and detailed management needs might vary among different services and sectors of our customers. Whenever personal data is being processed, CSC can be in the role of either controller or processor, depending on the service or action. To assist our customers, CSC identifies various data management practices and solutions required by different data types. These are detailed in the services’ terms of use and customer contracts.

This policy is relevant to all our customers and staff, including contractors and visitors.

The following data management principles are set in this policy:

1. Data governance roles, responsibilities and rights are clearly defined

Our customers are responsible for having necessary rights to process their data in CSC services. We support our customers in exercising their rights over their data. In our internal data management, we define data governance responsibilities clearly. This approach guides our organization ensuring consistent and appropriate access control for information processing systems and services.

In our services, we do not assert any intellectual property rights or other rights, except as defined in contracts or terms to customers’ data.
We utilize systematic tools also within our internal processes, ensuring clarity of roles and responsibilities, that all data is handled effectively and responsibly, promoting utilization and re-usability in interoperable manner. We foster systematic data management throughout data lifecycle utilizing data architecture methods, and in research context data management plans.

In our internal operations, we ensure the implementation of data protection practices and data security requirements. We support our customers in complying with their requirements related to use our services. We react to claims concerning illegal content.

2. Data are documented and their lifecycle managed

Data management aims to ensure data quality, accuracy, retention and availability along its lifecycle. We strive to ensure that data is collected systematically following relevant codes of practices for recognised purposes, empowering also knowledge-based management.

Data quality practices should be guided by priorities determined by the criticality of the data, and the level of risk associated with information security classification.

Data should be systematically produced, structured, identified and documented with metadata and a unique identifier, or with persistent identifier when applicable. We make it easy to manage and document data, and manage data permissions. We guide and enforce on planning the procedures throughout the data lifecycle, including data deletion.

For research community, we promote systematic data management practices to reduce the burden on researchers and making their data and research output more visible.

3. Data management solutions are re-usable by design and secure by default

We develop open solutions that are easy to adopt and contribute back to the open solution community.

Our data management solutions are designed to be interoperable, supporting innovation and collaboration.

We make publicly available data policy related published policies and guidelines, e.g. CSC RI Data management policy, as well as inform our customers on our security, and data protection measures. We also promote our stakeholders to make data related policies publicly available to advance integration and collaboration.

4. Data publicity and protection are appropriately managed

When processing personal data, we comply with the data protection principles.

We recognize our role as a data controller or a data processor when processing personal data. When CSC processes personal data in CSC’s services on behalf of the controller, we always require a data processing agreement.

We promote and guide our employees, customers and entire research community for Open Science that data is as open as possible and as closed as necessary. We promote and enforce national data governance reference architecture.

We recognize the importance of classifying data and choose appropriate data management practices following the needs defined in e.g. legislation, ethics, privacy, and security in data governance. We ensure that the data is classified in our internal operations and access rights are managed accordingly.

We support our customers in implementing robust data protection measures throughout the data lifecycle, providing services covering different protection levels, and providing information on addressing the risks correctly.

When processing data in CSC environments, our customers are responsible for classifying their data according to publicity and protection requirements.

5. Data flows and interoperability are driven by effective data governance

We promote the reuse of data within the constraints of legal, ethical, privacy, and security issues. We aim to ensure that data is recorded only once and promote utilization of data from single source.

We ensure interoperability in internal operations and support it in customer data management, facilitating efficient data exchange and reuse in national and international ecosystems.

To ensure that our customers’ data are accessible and useful, we strongly recommend to adopt best available open file formats and to maintain comprehensive documentation, including metadata, as well as identifiers, and licensing information.

6. Data management competencies are recognized and developed to meet requirements specified in these principles

We foster data management skills within our internal activities, customer interactions, training, and collaboration with other organizations.

We support our personnel’s skills and professional development through regular training activities, opportunities to participate in certification programs (e.g. on IT service management, architecture methods and data management). We also organize mandatory training on data protection and security.

We actively guide our end users, and customer organizations in using CSC services and support their data stewardship.

In addition to this data policy, there might be individual CSC services or projects which may have other specific policies that are applied in data management in special cases.