enanomapper.adma.ai security policy
Introduction
The Nanosafety Data Interface at https://enanomapper.adma.ai is an online user interface enabling user friendly access to the aggregated search index of (sub)set of eNanoMapper database instances. Usually the user interface is project specific and protected but can be also publicly available.
A project eNanoMapper database consists of data from individual research project and may be protected by role-based access to keep data confidential. The database instances offer a user-friendly web interface and an Application Programming Interface (API). They serve as building blocks to feed the aggregated search index and provide interoperability across all or subsets of the instances.
The https://enanomapper.adma.ai is dedicated to ensuring the confidentiality, integrity, and availability of data associated with various EU research projects. This policy outlines the key security measures and practices that govern our platform.
User Access and Authentication
- User Registration: Users can self-register on the eNanoMapper platform. However, newly registered users do not receive access to non-public projects by default.
- Access Rights: Access to restricted data is granted only upon request by authorized representatives of the respective projects.
- Authentication Protocols: We use industry-standard OAuth2 and OpenID protocols for authentication and authorization.
- Identity Management: User authentication and access management are handled by Keycloak, a trusted open-source single sign-on and identity management system.
Data Access and Security
- Public vs. Restricted Data: Our platform hosts both publicly accessible data and restricted data. Access to restricted data is tightly controlled and monitored.
- API Access: Programmatic access to project data is provided through the open-source API management platform Gravitee at https://api.ideaconsult.net . The same user access rights apply as for the database and tools.
- API Keys: Users can obtain API keys from Gravitee for accessing project data programmatically. OAuth2/OpenID access can be configured as needed and must be authorized by project representatives.
Authorization Process
- Access Requests: Users must request access to restricted data through authorized project representatives. Only authorized personnel can approve and grant access.
- Monitoring and Review: Access rights are regularly reviewed and monitored to ensure compliance with project-specific security requirements.
Data Protection Measures
- Encryption: All data transfers are encrypted using secure protocols to protect against unauthorized access and data breaches.
- Regular Audits: We conduct regular security audits and assessments to ensure our platform meets the highest security standards.
- Incident Response: An incident response plan is in place to address any security breaches or vulnerabilities swiftly and effectively.
User Responsibilities
- Credential Security: Users are responsible for maintaining the confidentiality of their login credentials and API keys.
- Reporting Issues: Users should promptly report any security concerns or suspicious activities to the eNanoMapper support team.
Conclusion
The https://enanomapper.adma.ai platform is dedicated to providing a secure and reliable environment for hosting and accessing research project data. By adhering to these security practices, we aim to protect the valuable data entrusted to us and support the collaborative efforts of the scientific community.
For further information or assistance, please contact our support team