OSC is regularly audited for alignment with the NIST SP 800-53 and ISO27002 security standards (see security framework for details) and has completed the HECVAT version 3.0. OSC has a general process for responding to client requests for more details or to fill out specific security questionnaires, as follows:
OSC hosts export controlled / ITAR / EAR projects and handles the corresponding code and/or data within the Protected Data Service. Oversight of this is by the Ohio State Office of Secure Research and is covered by a Facility Control Plan (FCP) and Technology Control Plans (TCPs) as appropriate. OSC does NOT currently support CUI projects / code / data, but is evaluating those requirements for potential future compliance.
OSC provides support for HIPAA / PHI / PII projects and the corresponding code and/or data within the Protected Data Service. Please contact OSC Help using the information below for more details.
NIH data security requirement effective January 25, 2025.
The National Institutes for Health (NIH) has made significant updates to its policy related to data security requirements for researchers wishing to access or renew access to human genomic data stored in certain NIH controlled-access data repositories, such as dbGaP. See the list of the 20 impacted databases.
Effective January 25, 2025, researchers and their institutions will need to "attest" that institutional IT systems used to access and/or store these data meet NIST cyber security standards (NIST SPT 800-171). The Ohio Supercomputer Center (OSC) has performed a gap analysis to identify deficiencies within NIST 800-171 Revision 3 and developed a Plan of Action and Milestones (POA&M) to meet NIH requirements.
Any OSC projects that support NIH controlled-access data need to leverage the Protected Data Service to meet compliance. Should your project require attestation for renewal or if you have additional questions, please contact oschelp@osc.edu.
OSC, as part of The Ohio State University, is committed to ensuring that all constituents can access digital information and digital services. OSC abides by the OSU policies regarding this.
Websites: OSC clients can make use of OSC resources using a variety of tools and software. The OnDemand.osc.edu and my.osc.edu websites are the preferred interfaces, but everything a client can do there can do via other mechanisms as well, such as traditional command line connections or via the OSC help desk. These websites are regularly evaluated using digital accessibility tools such as Axe, Lighthouse, and NVDA. OSC also hosts a variety of software packages and applications from external vendors, but can not guarantee the digitial accessibility status of each of them.
Events: OSC has provisions to provide live captioning or interpretation, upon request, for any events that OSC coordinates, such as training classes or workshops.
Questions or requests regarding digital accessibilty for any of OSC's resources or services can be directed to OSC help using the contact info below.
Here are links to our current policies:
| Services | Link to the policy |
|---|---|
| Compute | Job walltime extension policy |
| Storage | Home storage policy |
| Project policy | |
| Scratch policy |
Policies that are in process of being updated can be found under proposed policies open for public comment.
If you have further questions on any of these topics, please contact OSC Help using the contact info below:
Phone: (614) 292-1800
Email: oschelp@osc.edu
This page lists all proposed OSC policies for public comments. Your comments help inform our policies and are encouraged. We will provide the response to comments on this webpage after the public comment period closes. Please submit your comments via our online form by the deadline.
To help alleviate recent storage stress on our scratch filesystem, we will be changing the purge period for scratch files from 90 days to 60 days. This means that any files not accessed within 60 days will be automatically deleted.
We invite you to share your comments or concerns during the public comment period, which will remain open until August 3. Please submit your feedback via the following webform:
We have collapsed comments into related themes, and provided answers below. If you commented and requested an individual response, those have been sent as well.
Q: Can you provide individualized notifications in advance of files being deleted?
A: Unfortunately, while we have received this comment nearly every time we have adjusted the Scratch policy, and it remains popular, we have not figured out a way to effectively communicate the sometimes millions of impacted files. We strive to conduct the file deletions regularly midweek, but it is worth reminding you that the timer isn't 60 days from creation, it is 60 days from the last time the file was accessed. If you intend to retain the data long term, it probably should not be left on a filesystem that is not backed up for 60 days without being used.
Q: Have you considered reducing the quota per user rather than shortening the time?
A: We have considered reducing the quota per user, but to solve our problem it would likely required a pretty substantial reduction in quota. We have a number of large, active datasets on Scratch and those are better served on Scratch than Project (for us and the clients!)
Q: Can you provide a tool (or make us aware of an existing tool) which tracks which files are approaching the retention deadline?
A: We don't currently have a tool that would do this at a scale that the filesystem could handle queries from potentially hundred of users, unfortunately.