Working with Sensitive Data
When creating a new project, actively choose "Germany - Frankfurt" in the account settings as the default storage location. This ensures your research data is stored within EU jurisdiction.
For improved security, Multi-Factor Authentication (MFA) via SURFsecureID (using the tiqr app or a YubiKey) is enabled for all users who log in with VUnetID credentials.
OSF has implemented several measures, including storage encryption, regular backups and the use of Standard Contractual Clauses to increase security of your stored research data and ensure GDPR compliance.
More information on the OSF security policies and implemented measures can be found in the OSF Guide.
Medium-sensitive data
OSF is developed to facilitate Open Science and sharing of digital research objects. Medium-sensitive data (e.g. research data that score ‘medium’ at confidentiality in a data classification, research proposals) can be stored, provided access is restricted to a specific group of users.
VU Amsterdam does not recommend storing privacy-sensitive data in OSF. For privacy-sensitive data, please use a more suitable platform such as Research Drive or Yoda.
If there is no alternative for sharing privacy-sensitive data via OSF, ensure that files are encrypted before uploading them to OSF. You can do this is by adding the files to a password-protected zip file).
High-sensitive data
Storing data classified as ‘high’ or ‘very high’ in a data classification (e.g. directly identifying information, all special category personal data, classified information, data about vulnerable people, key files) is prohibited. Please contact the RDM Support Desk.
In case of a security incident or data leak, consult the data breach response plan. Please report possible incidents at OSF Support and always notify the VU IT Servicedesk via email or phone: 020 598 0000.