There are physical safeguards, physical measures, policies, and procedures to protect our electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion. The standards under physical safeguards include facility access controls, workstation use, workstation security, and device and media controls.

The  entity  hosting  scientific  use files (research entity, access facility) ensure:

  1. appropriate  physical  security  of  the  premises  of  the  body  and  its  computer systems
  2. appropriate safekeeping of the data in computer systems (the computer on which confidential  data for  scientific  purposes are stored  is password-protected and kept in a locked room)
  3. appropriate safekeeping  of  the  medium  containing confidential data
  4. appropriate safekeeping of the results of analysis that contain confidential data.

The facilities are accredited to provide access to secure use files:

  1. strict access procedures for authorising access to secure use files
  2. check the identity of the user of secure files at any time
  3. access only to the authorised part of the confidential data collection
  4. authorise only the use of approved software
  5. check the work of the data user at any time
  6. check the output of the research analysis before releasing it outside secure access facilities    

The facility providing access to secure use files (Firewall) ensures that the access point (workstation, PC or equivalent used to access confidential data for  scientific  purposes) is equipped with special features preventing  the transmission of  any kind  of data outside  the access facilities.

The access point is located in a locked room with access restricted to authorized persons only.

In particular, the facility providing access to secure use files prevent the user from:

  1. printing the data
  2. copying the data outside the secure environment
  3. connecting recording devices to the external interfaces
  4. connecting to internet
  5. installing or removing hardware or software
  6. booting the access point from floppy, CD-ROM, DVD-ROM or any other media