The Italian Tier1 center is mainly focused on LHC and physics experiments in general. Recently we tried to widen our area of activity and established a collaboration with the University of Bologna to set-up an area inside our computing center for hosting expriments with high demands of security and privacy requirements on stored data. The first experiment we are going to host is Harmony, a project part of IMI's Big Data for Better Outcomes programme (IMI stands for Innovative Medicines Initiative).
In order to be able to accept this kind of data we had to make a subset of our computing center compliant with the ISO 27001 regulation.
ISO/IEC 27001:2013 is a specification for an information security management system (ISMS). Organizations that meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.
Achieving accredited certification to ISO 27001 demonstrates that an institute/company is following information security best practice, and provides an independent, expert verification that information security is managed in line with international best practice and business objectives.
In this talk we will describe the SGSI project (Sistema Gestione Sicurezza Informazioni, System for Safe Management of Information) with details of all the processes we have been through in order to become ISO 27001 compliant, with a particular focus on the separation of the project dedicated resources from all the others hosted in the center.
We will also describe the software solutions adopted to allow this project to accept in the future any experiment or collaboration in need for this kind of security procedures.