Case Study: SSCC’s Silo Service for Restricted Data and the Risk Management Framework

Arnold, A., and R. Horrisberger. Case Study: SSCC’s Silo Service for Restricted Data and the Risk Management Framework.

Case Study – Development of the Social Science Computing Cooperative’s Silo service for storing and analyzing HIPAA and other restricted research data including the successes (and failures) of applying the Risk Management Framework. Almost 2 years ago, SSCC was tasked with providing a secure research-computing environment for one of our member agencies in order to work with HIPAA restricted research data (LDS and full PHI). SSCC not only built the environment in collaboration with the Office of Cybersecurity, but expanded the service to work with many types of restricted data used by multiple researchers and research centers across campus.

Anyone interested in how the campus Risk Management Framework was applied to this project including successes and failures along the way should attend. It’s worth noting Silo is one of the first applications of this framework on campus. We will also dive into some of the security controls put in place to protect the research data as well as discuss other outcomes from the entire process.

Document