For 20 years, CREDIM has been positioned as an IT Resource Center for the scientific aspects of medical and health data processing for the BPH. The team is composed of 20 members: a manager, 15 IT specialists, a quality manager, an IT security manager, a management assistant and 2 technicians.
CREDIM has University of Bordeaux’s Research Platform Label for 2019. The team supplies the following services :
- The hosting of health databases in a specific environment,
- The management of system, network and equipments (600 workstations and 130 physical and virtual servers),
- The development of custom IT solutions for public health research,
- The provision and administration of calculus resources (based on 10 calculation servers, the most powerful of which (Turing) includes 8 blades of 40 cores),
- administration, management and security of the IT equipment,
- distance learning.
Public health field leads us to host and process particularly sensitive health data. The RGPD (Règlement général sur la protection des données personnelles – General Regulation of Personal Data), the government regulations such as the PGSSI‑S (Politique Générale de Sécurité des Systèmes d’Information de Santé – General Policy for the Health Information Systems Security) or existing regulatory frameworks set internationally (ISO 27001 or ECRIN) impose requirements on the security of this data.
These requirements include PIA and risk analysis. The PIA (Privacy Impact Assessment) assesses the impact on privacy if an unauthorized access to personal data occurs. Risk analysis assesses the sensitivity of an infrastructure to the risk of attack or penetration into the network and equipment. These two aspects are complementary and require in-depth studies on potential flaws, both on organizational and technical points. Constant measures to strengthen security and practices are essential. The RSI drives the security of the information system.
Those are constant risks in our IT domain. In order to block them, software tools for control, encryption and constant monitoring are in place. In addition, a new activity was set up at the end of 2019 and a member of our team is improving skills in security and operational monitoring of sensitive and health data (CNIL, RGPD, SNDS).
Several formalizations of commitments are in place for data protection: security policy, service commitment, fleet policy, user commitment charters. CREDIM is ECRIN certified (European Clinical Research Infrastructures Network) and is preparing for Iso 27001 and HDS (Health Data Host) certification.