Getting Started

What is sciCORE+

sciCORE+ (sciCOREplus) is a secure research platform offering powerful trusted research environments (TREs) in which users can transfer, store, manage and analyze sensitive research data.

It is designed to support research scenarios involving sensitive data, a.k.a. Data Class III (e.g. personal data protected by law):

• Collaboration with hospitals involving (pseudonymized) patient data
• Research with biomedical data from third-parties (e.g. NIH dbGaP, UK Biobank, …)
• Research with sensitive socioeconomic data (e.g. Eurostat)

Additional Information

sciCORE+ is operated by sciCORE, the Scientific Computing Centre of the University of Basel. It is one of the three nodes of the national BioMedIT network, collaborating closely with the partner nodes in Zurich (Leonhard Med, operated by the Scientific IT Services (SIS)) and Lausanne (SENSA, operated by the University of Lausanna and SIB).

Who is it for

The sciCORE+ infrastructure is meant for researchers from institutions around Switzerland wishing to perform research with sensitive personal data in a secure research environment (secure project space).

Within sciCORE+ users can:

• Transfer and store sensitive data
• Securely collaborate on sensitive data with researchers from other institutions
• Analyze sensitive data in a secure environment which offers powerful analysis tools and High Performance Computing
• Combine sensitive data with other laboratory data for a thorough research workflow
• Aggregate research findings derived from sensitive data and export them for publication

How to get access to sciCORE+

Project Leaders interested in using sciCORE+ should send a request to scicore-admin@unibas.ch

Upon receipt of the request our team will contact the interested party and invite them to a detailed discussion regarding the project data and overall project needs. In this meeting we will collaboratively complete the sciCORE+ project onboarding form.

The required information for onboarding a project clarifies, among others:

• Scope of the project (goal and institutions involved)
• Responsibilities of the project lead
• Roles and responsibilities of collaborators of the project (users)
• Data governance (data types and classification, data providers, access control, incident management)
• Technical specifications (hardware, software, connectivity)

Logging to sciCORE+

In order to gain access to a sciCORE+ secure tenant, users are required to have a SWITCH eduID, enabled with 2 Factor Authentication. You can find more information about how to login to your sciCORE+ project in the Using sciCORE+ section.

Guidelines

Prior to accessing a sciCORE+ tenant, users are required to accept the sciCORE+ Terms of Use (ToU), which can be found in the portal. The sciCORE+ ToU are essentially a reminder of the responsibilities and duties of users when working with sensitive data. You can find more information about how to accept the sciCORE+ ToUs in the Using sciCORE+ section.

Data Safety Best Practices

To maintain a safe, respectful, and trustworthy research environment for everyone, we ask that you follow these guidelines:

Respect the data
The research data reflects personal and often sensitive details. It is therefore important to manage it thoughtfully and ethically.

Remember the scope
Only use the data for what your research project has been approved to do. Staying within scope helps protect privacy and trust.

Keep your credentials private
Never share your username or password with anyone, even team members.

Keep within the secure space
Keep all your work within the secure research environment. Don’t copy or move data elsewhere unless it’s been approved.

Keep your device up to date
Make sure any approved device you use is running the latest security updates.

Report security incidents promptly
If you suspect your account was accessed without permission, or anything seems off, report it to the sciCORE+ team immediately at scicore-security@unibas.ch.

Ask for guidance
If something seems unusual or unclear, it’s best to ask or flag it. Raising concerns helps keep the environment safe for everyone.

General Policies

What are Sensitive or Class III Data?

Sensitive (or Class III) data refers to personal data that reflect the inner core of the personality of an individual and that, if disclosed or misused, could cause harm to an individual’s privacy, reputation, or rights. It requires higher protection under data protection laws.

Typical examples include:

• Health and medical data
• Genetic or biometric data
• Ethnic or racial origin
• Political opinions
• Religious or philosophical beliefs
• Sexual orientation
• Criminal records
• Unique personal identifiers (e.g., national ID, social security numbers)

In the context of research, sensitive data often involves human participants and may fall under ethical and legal oversight.

Swiss Legal Frameworks

Working with sensitive data in Switzerland is regulated by several national and cantonal laws to ensure privacy and ethical compliance.

Federal Level

• Federal Act on Data Protection (FADP)
  Governs the processing of personal data by private and federal bodies. Updated in 2023.
  Read more here

• Human Research Act (HRA)
  Regulates research involving human subjects or data/samples from humans, ensuring ethical and legal oversight.
  Read more here

Cantonal (Basel-Stadt)

• Local data protection authorities may impose additional requirements.
• Cantonal ethics committees oversee research involving human subjects and enforce both national and local regulations.

GDPR Considerations

Although Switzerland is not an EU member, the General Data Protection Regulation (GDPR) applies when:

• Data from EU/EEA residents is processed
• EU-based partners are involved
• Data is transferred to or from the EU

Researchers must ensure compliance when collaborating internationally or handling cross-border data.

If you’re unsure whether your data qualifies as sensitive, consult the resources below:

Additional information

• Unibas Research Data Management (RDM) Group
• Ethical Self-Assessment Tool
• RDM Cheat Sheets (PDF)
• University of Basel Data and Information Classification

Working with Sensitive or Class III Data

If you are working with sensitive data, specific procedures and protections are required. Make sure to review the resources below before starting your research:

Additional information

• Data Protection Officer (DPO)
• University of Basel Ethics Committee (UEK)
• sciCORE+: Secure Data Research Environment
• Swiss Federal Act on Data Protection (FADP)

Consider the checklist below:

1. Assess Technical Feasibility with sciCORE

   • Contact sciCORE to discuss a.o.:
     • Data flow and storage
     • Computational/software requirements
     • Cost estimates

2. Identify Legal Entities and Roles

   • Define each institution’s role (e.g., data controller, data processor)

3. Prepare Required Documents

   • Ethics approval
     • Use the Ethics Self-Assessment Tool
   • Data transfer agreements
     • Check our chapter on Data Transfers
   • Optional: Service-Level Agreement with sciCORE (if needed)

4. Validate Contracts via University Process

   • Follow Vertragsfluss guidelines
   • Determine appropriate signatories
   • For the faculty of medicine: contact Unitectra