Security, Accessibility, and Policies

Icon for Security, Accessibility, and Policies Resources

Cybersecurity Audits:

OSC is regularly audited for alignment with the NIST SP 800-53 and ISO27002 security standards (see security framework for details) and has completed the HECVAT version 3.0.  OSC has a general process for responding to client requests for more details or to fill out specific security questionnaires, as follows:

  1. OSC and the client must execute an NDA/CDA
  2. OSC can then share summary reports from existing audits and/or completed industry standard questionnaires
  3. If client wants a specific security questionnaire completed, client must first execute a computational services agreement with OSC, committing them to an initial $250 project fee
  4. OSC will utilize that fee evaluate / complete the questionnaire utilized up to 2 hours of staff time.  If additional time is required to fully complete it, OSC will provide the partially completed questionnaire to the client along with a cost estimate of how much additional time at $100 / hour will be required to fully complete it.
  5. If the client approves of the cost estimate, OSC will fully complete the questionnaire and apply the charge to the next monthly bill

Export Controlled Projects:

OSC regularly hosts export controlled / ITAR / EAR projects and handles the corresponding code and/or data on all of OSC's available resources.   Oversight of this is by the Ohio State Office of Secure Research and is covered by a Facility Control Plan (FCP) and Technology Control Plans (TCPs) as appropriate. Currently, there is no surcharge for export controlled projects compared to OSC's regular costs. OSC does NOT currently support CUI projects / code / date, but is evaluating those requirements for potential future compliance.

It is the responsibility of the PI of a project to inform OSC whether their project will contain any of these data types and whether that data requires special access controls.

HIPAA Projects:

OSC is piloting support for HIPAA / PHI / PII projects and the corresponding code and/or data with its protected data service.  Please contact OSC Help using the information below for more details.

It is the responsibility of the PI of a project to inform OSC whether their project will contain any of these data types and whether that data requires special access controls.

Digital Accessibility:

OSC, as part of The Ohio State University, is committed to ensuring that all constituents can access digital information and digital services.  OSC abides by the OSU policies regarding this.

Websites: OSC clients can make use of OSC resources using a variety of tools and software. The and websites are the preferred interfaces, but everything a client can do there can do via other mechanisms as well, such as traditional command line connections or via the OSC help desk.  These websites are regularly evaluated using digital accessibility tools such as Axe, Lighthouse, and NVDA.  OSC also hosts a variety of software packages and applications from external vendors, but can not guarantee the digitial accessibility status of each of them.  

Events: OSC has provisions to provide live captioning or interpretation, upon request, for any events that OSC coordinates, such as training classes or workshops. 

Questions or requests regarding digital accessibilty for any of OSC's resources or services can be directed to OSC help using the contact info below.

Specific Policy Documents:

Here are links to our current policies:

Services Link to the policy
Compute Job walltime extension policy
Storage Home storage policy
Project policy
Scratch policy

Policies that are in process of being updated can be found under proposed policies open for public comment.

If you have further questions on any of these topics, please contact OSC Help using the contact info below:

Phone: (614) 292-1800