HEALICS

Secure research environments for sensitive data

HEALICS is a platform that provides secure, policy-based environments for research projects involving sensitive data. It is designed for researchers at the University of Bern, Insel Gruppe, UPD and collaborating institutions to jointly access and analyze data within a controlled and compliant setting, restricted to authorised project members and the defined project duration.

Developed within the Digital Medicine program, HEALICS is the service resulting from the project “Development of Research Platform Bern” and is intended to become the standard infrastructure for sensitive data research in Bern. HEALICS stands for Healthcare, Education, Analysis, Life Science, Innovation, Collaboration, and Security.

HEALICS Chart

HEALICS is a research infrastructure for active project work with sensitive data. It provides isolated project rooms (secure environments), in which approved research projects can analyze and process data, work with collaborators and use computing resources within a controlled environment. It is not a general-purpose IT service, but a platform specifically designed for governed research work with sensitive data.

Each project runs in a dedicated environment, configured according to defined policies and operated within a clear institutional framework. This gives researchers a place to work once the scientific, legal and organizational prerequisites of the project are in place.

When you use HEALICS

HEALICS covers the part of the research lifecycle in which approved data is brought into a secure environment and analyzed and processed there.

Before a project starts on HEALICS, the research project must already be clearly defined, and all required permissions must be in place. The project lead must have obtained the necessary clearances for the planned research and the intended data use. HEALICS provides the environment in which the approved project with sensitive data can be carried out.

How to get startet

Once the project has obtained the required approvals and authorizations, the project lead requests a project room on the platform. Once the room is provisioned, the project team can:

  • invite authorised collaborators
  • transfer approved data into the room (encrypted import/export function)
  • work jointly on the data in a controlled environment
  • use project-specific compute and software resources

Responsibility for the project and for the lawful use of data remains with the project lead and the responsible institution.

HEALICS provides you with a secure environment where approved data can be used

Data access, approvals and governance remain with the responsible institutions and follow established processes. Once approved and access to a project room is granted, data can be securely transferred into your project room, from institutional sources, collaborating partners, other sources or your own dataset.

All data transfers follow controlled processes. Data remains within the project environment and is only accessible to authorised users.  For research involving Insel data, HEALICS is aligned with existing data delivery and governance processes.

You can use your standard research tools

Work in a virtual Linux environment where you can use common tools such as R, Python, or MATLAB, run your own code, and install project-specific software.

Depending on the project policy, additional tools can be installed within controlled access rules (e.g. via whitelisting). Compute, storage, and GPU resources are provided based on project needs and can be extended where required.

Please note that software licenses are not included and must be provided by the project if needed.

You can choose an environment that fits your project

Different projects require different levels of security, collaboration and flexibility.

HEALICS addresses this through a policy-based model:

TEST: For exploration, prototyping and training with non-sensitive data.

COLLABORATION: For individual projects working with sensitive data under controlled access conditions, including secure collaboration with internal and external partners.

CLUSTER HUB: For coordinated multi-project environments with structured collaboration and controlled data sharing across related projects or programs.

You can work in a structured and reproducible setup

Each project environment is isolated from other projects and configured according to defined policies. This supports structured work, traceability and reproducibility.

In practice, this means:

  • project-specific environments
  • controlled user access
  • auditable administrative and operational processes
  • a governed lifecycle from setup to decommissioning

At the end of a project, the environment is removed in a controlled and verifiable way. HEALICS is intended for active project work, not for indefinite retention of project environments.

You will access your environment through project-based identity and access control

Access to HEALICS is project-based and identity-controlled.

This includes:

  • authentication via SWITCH edu-ID (Swiss academic identity federation)
  • multi-factor authentication
  • project-specific access rights
  • verification of institutional affiliation
  • access rights are tied to project room roles and managed through defined processes

You will use an infrastructure with defined performance characteristics

The platform runs on the ISO 27001-certified SWITCH Cloud and supports both exploratory and regulated research workflows.

HEALICS provides virtualised research environments with clearly defined compute, storage and network resources.

Compute

Per virtual machine:

  • up to 32 CPU cores
  • up to 256 GB RAM
  • up to 2 GPUs

Storage

Per block storage volume:

  • up to 5 TB
  • 300 IOPS read
  • 300 IOPS write
  • up to 150 MB/s sequential read throughput
  • up to 150 MB/s sequential write throughput

Network

  • approximately 145 MB/s VM-to-VM bandwidth (single stream)
  • approximately 150 MB/s VM-to-VM bandwidth (10 streams)
  • approximately 1 ms VM-to-VM latency

These specifications provide a stable basis for analytical workloads, collaborative work and GPU-supported research scenarios.

What remains your responsibility

HEALICS provides the infrastructure and the operational framework. Responsibility for the lawful use of data remains with the respective project and institution.

For research projects, this means in particular:

  • the Principal Investigator (PI) is responsible for the lawful use of data in the project
  • access rights are tied to defined project roles
  • governance responsibilities remain clearly assigned
  • platform operation and project responsibility are deliberately separated

This is an important principle: HEALICS reduces the burden of setting up secure research environments, but it does not remove project-level responsibility for lawful and appropriate research conduct.

HEALICS is:

  • a secure research infrastructure for active project work
  • a controlled environment for research with sensitive data
  • a platform combining infrastructure, governance and compliance
  • for projects with a defined duration

HEALICS is not:

  • a long-term archive
  • a generic file exchange platform
  • an HPC system
  • (timely unlimited) cloud storage
  • a primary computing environment for non-sensitive data

Project environments are deleted after project completion, and data retention beyond the project lifecycle is outside the platform’s core scope.

Support

Support

Throughout your project

HEALICS is supported by a dedicated team from the Faculty of Medicine. Support includes (i) application for a project space, (ii) onboarding and setup, (iii) selection of the appropriate environment, and (iv) 1st level support and assistance during operation.