Date: Thu, 28 Mar 2024 12:33:08 -0400 (EDT) Message-ID: <1560510615.28292.1711643588115@lyrasis1-roc-mp1> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_28291_1320195531.1711643588115" ------=_Part_28291_1320195531.1711643588115 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This page consists of common security related questions pertaining to th= e DSpaceDirect hosted service. If you have additional questions not answere= d below, please contact d= spacedirect@lyrasis.org
DSpaceDirect provides the following security-focused monitoring:
Amazon Web Services (AWS) is the data center for DSpaceDirect. AWS provi= des very detailed documentation on their security compliance:
The data center we use for DSpaceD= irect is AWS (Amazon Web Services). It is SOC certifie= d. See: https://aws.amazon.com/co= mpliance/soc-faqs/
DuraSpace / DSpaceDirect does not = have any independent ISO certifications. However, AWS (Amazon= Web Services), wh= ich provides our data center, is ISO 27001 certified. See: https://aws.amazon.com/compliance/iso-27001= -faqs/
We support:
Please be aware that configuring/managing authorization plugins often re= quires extra support and/or coordination with local staff at your instituti= on.
No. DSpaceDirect is intentional ab= out not putting any barriers in place for access, preservation or reuse of = data. You are welcome to encrypt data yourselves before putting it into sto= rage, however DSpaceDirect will then only share the encrypted data with use= rs. Simply put, whatever you upload into DSpaceDirect is what is then= shared (there is no built in facility to encrypt or decrypt data dynamical= ly).
Yes, all calls to DSpaceDirect are= encrypted using Transport Layer Security&= nbsp;protocols (HTTPS). We require HTTPS for all sites, and do not al= low site data to be sent via plain HTTP. All sites also enable HSTS (HTTP Strict Transfer Security) t= o tell all web browsers to only use HTTPS.
Note, however, there is one ex= ception to this rule. As OAI-PMH requires HTTP, we do allow HTTP access= via the OAI-PMH interface only. That said, OAI-PMH only allows access= to publicly available metadata, and does not provide any means for file ac= cess, authentication, etc.