Cybersecurity Audits:
OSC is regularly audited for alignment with the NIST SP 800-53 and ISO27002 security standards (see security framework for details) and has completed the HECVAT version 3.0. OSC has a general process for responding to client requests for more details or to fill out specific security questionnaires, as follows:
- OSC and the client must execute an NDA/CDA
- OSC can then share summary reports from existing audits and/or completed industry standard questionnaires
- If client wants a specific security questionnaire completed, client must first execute a computational services agreement with OSC, committing them to an initial $250 project fee
- OSC will utilize that fee evaluate / complete the questionnaire utilized up to 2 hours of staff time. If additional time is required to fully complete it, OSC will provide the partially completed questionnaire to the client along with a cost estimate of how much additional time at $100 / hour will be required to fully complete it.
- If the client approves of the cost estimate, OSC will fully complete the questionnaire and apply the charge to the next monthly bill
Export Controlled Projects:
OSC hosts export controlled / ITAR / EAR projects and handles the corresponding code and/or data within the Protected Data Service. Oversight of this is by the Ohio State Office of Secure Research and is covered by a Facility Control Plan (FCP) and Technology Control Plans (TCPs) as appropriate. OSC does NOT currently support CUI projects / code / data, but is evaluating those requirements for potential future compliance.
HIPAA Projects:
OSC provides support for HIPAA / PHI / PII projects and the corresponding code and/or data within the Protected Data Service. Please contact OSC Help using the information below for more details.
NIH Controlled Data:
NIH data security requirement effective January 25, 2025.
The National Institutes for Health (NIH) has made significant updates to its policy related to data security requirements for researchers wishing to access or renew access to human genomic data stored in certain NIH controlled-access data repositories, such as dbGaP. See the list of the 20 impacted databases.
Effective January 25, 2025, researchers and their institutions will need to "attest" that institutional IT systems used to access and/or store these data meet NIST cyber security standards (NIST SPT 800-171). The Ohio Supercomputer Center (OSC) has performed a gap analysis to identify deficiencies within NIST 800-171 Revision 3 and developed a Plan of Action and Milestones (POA&M) to meet NIH requirements.
Any OSC projects that support NIH controlled-access data need to leverage the Protected Data Service to meet compliance. Should your project require attestation for renewal or if you have additional questions, please contact oschelp@osc.edu.
Digital Accessibility:
OSC, as part of The Ohio State University, is committed to ensuring that all constituents can access digital information and digital services. OSC abides by the OSU policies regarding this.
Websites: OSC clients can make use of OSC resources using a variety of tools and software. The OnDemand.osc.edu and my.osc.edu websites are the preferred interfaces, but everything a client can do there can do via other mechanisms as well, such as traditional command line connections or via the OSC help desk. These websites are regularly evaluated using digital accessibility tools such as Axe, Lighthouse, and NVDA. OSC also hosts a variety of software packages and applications from external vendors, but can not guarantee the digitial accessibility status of each of them.
Events: OSC has provisions to provide live captioning or interpretation, upon request, for any events that OSC coordinates, such as training classes or workshops.
Questions or requests regarding digital accessibilty for any of OSC's resources or services can be directed to OSC help using the contact info below.
Specific Policy Documents:
Here are links to our current policies:
Services | Link to the policy |
---|---|
Compute | Job walltime extension policy |
Storage | Home storage policy |
Project policy | |
Scratch policy |
Policies that are in process of being updated can be found under proposed policies open for public comment.
If you have further questions on any of these topics, please contact OSC Help using the contact info below:
Phone: (614) 292-1800
Email: oschelp@osc.edu