Security, Accessibility and Policies

Cybersecurity Audits:

OSC is regularly externally audited for alignment with the NIST SP 800-53 and ISO27002 security standards.  Details of this security framework are available here.  OSC has a general process for responding to client requests for more details or to fill out specific security questionnaries, as follows:

  1. OSC and the client must execute an NDA/CDA
  2. OSC can then share summary reports from existing external audits
  3. If client wants a specific security questionnarie completed, client must first execute a computational services agreement with OSC, committing them to an initial $250 project fee
  4. OSC will utilize that fee evalute / complete the questionnarie utilized up to 2 hours of staff time.  If additional time is required to fully complete it, OSC will provide the partially completed questionnarie to the client along with a cost estimate of how much additional time at $100 / hour will be required to fully complete it.
  5. If the client approves of the cost estimate, OSC will fully complete the questionnarie and apply the charge to the next monthly bill

Export Controlled Projects:

OSC regularly hosts export controlled / ITAR / EAR projects and handles the corresponding code and/or data on all of OSC's available resources.   Oversight of this is by the OSU Office of Secure Research and is covered by a Facility Control Plan (FCP) and Technology Control Plans (TCPs) as appropriate.   Currently, there is no surcharge for export controlled projects compared to OSC's regular costs. OSC does NOT currently support CUI projects / code / date, but is evaluating those requirements for potential future compliance.

It is the responsibility of the PI of a project to inform OSC whether their project will contain any of these data types and whether that data requires special access controls.

HIPPA Projects:

OSC is piloting support for HIPPA / PHI / PII projects and the corresponding code and/or data on it's new protected data environment.  Please contact OSC Help using the information below for more details.

It is the responsibility of the PI of a project to inform OSC whether their project will contain any of these data types and whether that data requires special access controls.

Digital Accessibility:

OSC, as part of The Ohio State University, is committed to ensuring that all constituents can access digital information and digital services.  OSC abides by the OSU policies outlined here regarding this.

Websites: OSC clients can make use of OSC resources using a variety of tools and software. The OnDemand.osc.edu and my.osc.edu websites are the preferred interfaces, but everything a client can do there can do via other mechanisms as well, such as traditional command line connections or via the OSC help desk.  These websites are regularly evaluated using digital accessibility tools such as Axe, Lighthouse, and NVDA.  OSC also hosts a variety of software packages and applications from external vendors, but can not guarantee the digitial accessibility status of each of them.  

Events: OSC has provisions to provide live captioning or interpretation, upon request, for any events that OSC coordinates, such as training classes or workshops. 

Questions or requests regarding digital accessibilty for any of OSC's resources or services can be directed to OSC help at the contact info below.

Specific Policy Documents:

OSC is regularly reviews and updates all policies it has in place.  Policies that are in process of being updated and are open for comments are listed on this page.

 

If you have further questions on any of these topics, please contact OSC Help using the contact info below:

Toll Free: (800) 686-6472
Local: (614) 292-1800
Email: oschelp@osc.edu