ELN - Advice from the Information Security team

In keeping with the rules for SSO accounts, you must never share your login credentials with anyone else.

The University's Information Security team have also stated that users must ensure that their SSO password is set to a value of at least 16 characters before using the ELN.

The University has started implementing multi-factor authentication for all SSO enabled users. Access to information and services which are protected by SSO username and password will require an additional authentication method to verify your identity. You may be prompted for multi-factor authentication when accessing LabArchives.

Subject to the above, the Information Security team have determined that the ELN implements appropriate technical and organisational controls for the storage of any data which belongs to the University of Oxford. However, this does not supersede any pre-existing agreements on the use of data which has been shared by another organisation, and which may include controls on data location, data disclosure, or data ownership. Such agreements include, but are not limited to:

  • Restrictions on the sharing of personal or medical data
  • Agreements which cover the physical location of data
  • Non-disclosure agreements

It is the responsibility of the principal investigator and the data owner to confirm that no such agreements are in place which would prevent research from being stored in the ELN.

  • The software is installed in AWS London: the data centre is ISO 27001 compliant
  • LabArchives have signed the University SaaS contract, with strong assurances around their responsibilities and liabilities around data protection
  • The software is CFR Part 11 compliant
  • Because Oxford users  have to log into the system with their SSO, their account profile in the system will be automatically populated with their name as in the HR database, along with the SSO username (unique identifier)
  • All content in the system will be saved with these signature attributes
  • All content exported from the system will also contain these signature attributes, and all exports will automatically generate a SHA-2 hashcode. This means Oxford researchers can export their content at any time and still be able to assert their IP