Need Help?

Security Overview

The European Genome-phenome Archive (EGA) houses consented human data under controlled access. Access decisions are handled by the relevant Data Access Committee (DAC), which autonomously manages requests through the DAC Portal. This document provides an overview of EGA’s practices in ensuring the security of data stored at EGA. As security is a prime concern of the EGA, the EGA is a member of the Global Alliance for Genomics and Health (GA4GH) Data Security work stream. The EGA contributes and helps develop the recommendations outlined the GA4GH Security Technology Infrastructure document, which defines guidelines, best practices, and standards for building and operating an infrastructure that promotes responsible data sharing in accordance with the GA4GH Privacy and Security Policy.

Explore the EGA dataflow to gain deeper insights!

Accessing data in the EGA involves several steps. First, users need to create an EGA account. Once logged in, they can request access to data controlled by a DAC through the EGA website (see documentation). The DAC oversees these requests through the DAC Portal, and if approved, grants the necessary permissions to the user's EGA account, allowing them to access and download all relevant data and metadata for the requested dataset(s).

The key points of EGA security strategy are:

1 Regular Risk Assessment

2 Risk mitigation

3 Identity and authorisation management

4 Audit Logs

5 Cryptography, communication security, and data integrity

The EGA has a defined protocol defining the response in the event of a security breach, and is continuing to work with the GA4GH Data Security Work Stream to help define best practice and associated standards for breach responses.

Appendix 1

GA4GH Control Objectives

Appendix 2

Refer to the document below to learn more about EGA long-term data preservation policy and procedures at EMBL-EBI.