Version3.13–27/02/2017 1/13

CASDUSERGUIDE

TableofContents

BeforeAccess..........................................................................................................................................2

DataAccess.............................................................................................................................................3

1. PresentationandInstallationoftheSD-Box™.............................................................................3

2. Connection..................................................................................................................................3

3. WorkEnvironment......................................................................................................................5

4. AvailableSoftware.......................................................................................................................6

5. Imports/Exports..........................................................................................................................7

a. Imports....................................................................................................................................7

b. Exports.....................................................................................................................................7

6. ClosingyourSession..................................................................................................................10

PreliminaryContractualisation..............................................................................................................11

EndofaSubscriptionoraProject.........................................................................................................11

1. EndofaSubscription.................................................................................................................11

2. EndofaProject.........................................................................................................................11

3. DataRetention..........................................................................................................................12

CitationofDataandPublicationswithAccessforScientificResearchPurposes..................................12

1. DataCitation..............................................................................................................................12

2. InformationaboutPublications.................................................................................................12

ContactCASD........................................................................................................................................12

Glossary.................................................................................................................................................12

Version3.13–27/02/2017 2/13

Youareauthorised,orareintheprocessofauthorisation,toworkonconfidentialdatawhichyouwillaccessfromtheSecureDataAccessCentre

(CASD).Youwillfindinthisguideallthenecessaryinformationtosuccessfullyimplementyourproject.

BeforeAccessImmediatelyuponobtainingyourclearancefromthecompetentaccreditingauthoritydesignatedbythedataownertowhichyouwishtoaccess,youmaysignupforan"enrolmentsession."Duetothehighlevelofsecurityrequiredforaccesstoconfidentialdata,thissessionismandatoryforanyCASDaccess.Thestandardenrolmentsessionisorganisedeverymonthandlastsabout3hours.Registrationforthe session is done via ourwebsite, https://casd.eu/en/home. Registration for each sessionwillcloseoneweekbeforethatsession'sdate.Eachsessionconsistsof:

Ø adescriptionof the legal framework for accessing confidentialdata, inparticular any legalformalitiesthatmayberequired(FrenchAuthorityinchargeofPrivacyProtection-CNIL)

Ø adescriptionofthesecureremoteserverØ ademonstrationof:

o connectiono workenvironmento methodsofImport/Export

Ø anorientationaboutsecurityØ apresentationofstandardsofconfidentiality(i.e.fiscalorstatisticalsecrecy,etc.)Ø theissuingofasmartcardwitharecordingofyourfingerprintsignature.Nobiometricdatais

stored by CASD. Your fingerprint is only present as encrypted data on your smartcard(individualdevice)1.

Ø testingyourInternetconnectionAt this session, organised on CASD's premises2, you will need to sign CASD's User Charter. Itencompasses all of the aspects of your use of CASD. All users involved in the same project, andwishingtohaveanyaccesstodata,arerequiredtoattendthissessionandsignthisdocument.ThesmartcardgivenbyCASDisstrictlyindividualized.Youmustnotunderanycircumstanceslenditormakeitavailabletothirdparties.A standardenrolment session, preceding all useofCASD, is considered valid for four years. If youobtain authorisation for another project during your four-year validation, you may attend an"Express"enrolmentsession.Thisshortersessionexcludestheorientationandinformativesectionsandonlyconsistsofissuingyouanewsmartcardforyournewproject.Beyond the four-year validation date, you will be required to attend a new standard enrolmentsession.1CNILDELIBERATIONn°2014-369of25September20142CASDcannotcoveranytravelcostrelatedtoenrolmentsessionattendance.

Version3.13–27/02/2017 3/13

DataAccessAccesstodataandtoyoursecuredworkenvironmentisdoneviaasecureterminalcalledSD-Box™,by means of your individual smartcard (issued at the enrolment session) and biometricauthentication.

1. PresentationandInstallationoftheSD-Box™TheSD-Box™servessolelyastheterminalforaccessingoursecureserver:dataisnothostedonanSD-Box™.Allconnectionsaredoneontoavirtualserverdedicatedbyproject.

Your SD-Box™ must be installed at the hosting institution declared during the contractualisationphase(seebelow).DonotforgettonotifyyourITserviceofthisinstallation,particularlyinordertofill out the technical formavailable onCASD's site (https://casd.eu/en/technical-form). In order touse the SD-Box™, it is necessary to connect it to a network and hook up a screen, mouse andkeyboardtoit(allnot-included).Herearesomerulesforitsphysicalinstallation:

• neverplaceitinapassageway• alwaysplaceitinalocationthatislockedandsecured• screenshouldonlybevisibletotheuseratalltimes• no other device can be connected to the SD-Box™ apart from the screen, keyboard and

mouse.

2. ConnectionYourSD-Box™mustcontinuouslybefunctional:tostartitup,presstheblackbuttonlocatedonthebackofthecase.YoumayconnectoncethedisplayunitontheSD-Box™reads«Youmayconnect».

Version3.13–27/02/2017 4/13

Please insert your smartcard into thedevice.

You have accessed the log-on screen;please place your finger on the SD-Box's™fingerprintsensortobeidentified.

Youhavenowaccessedtheauthenticationscreen for your workspace; please placeyour finger once again on the fingerprintsensortobeidentifiedforyourworkspace.

Yoursessionisstrictlypersonal;youmustnotgiveanyoneelseaccesstoit.Troubleshooting:

Version3.13–27/02/2017 5/13

InthecaseofconnectionproblemsorforanyfurtherinstructionabouttheconfigurationsoftheSD-Box™ please consult the document given with your SD-Box™ or contact CASD by email at:service@casd.eu.Incaseoflossortheftofyoursmartcard,pleasenotifyusimmediately(byphoneoremail).YouwillneedtopersonallycometoCASDforanewcardtobeissued.

3. WorkEnvironment

Inyourworkenvironment,youhaveaccessto3differenttypesofworkspace:

• Tothedata3 forwhichyouareauthorised:youwill find it inadrivenamed"Sources".Thisspace isaccessible fromtheS:driveof thesystem.Foreachsource,data isaccessible inaseparate folder. You can only read the data for which you have been authorised and westronglyrecommendthatyoucopythedatatothecommonworkspaceofyourproject.Dataforwhich youare authorisedmustnotbeused inotherwaysexcept for those specificallydescribedintheresearchprojectapprovedbythecompetentauthority.

• Toapersonalworkspaceandacommonworkplacedesignatedforhostingthedataandanyfolderusedinthecontextofyourproject:programs,text,etc.

o PersonalworkspaceisaccessibleviaM:driveandwillonlybevisibletoyou.o Commonworkspace is accessible via P: drive and is shared by allmembers of the

project.

3MostdataiscurrentlygiveninSASformat.

Version3.13–27/02/2017 6/13

Toensuretheconfidentialityofalldata,itisimpossibleto:

• recuperatedatafilesinwaysotherthanthespecificprocedure(seepoint5.bExports),• printordoany"copy/paste"(foroutsideoftheworkenvironment).

YouractivitywithinCASDandthefilesthatyoumakeor introduceareyourexclusivepropertyandarecoveredbyprofessionalsecrecytowhichallCASDemployeesaresubjected.

4. AvailableSoftware

InstalledSoftware Optional ContactCASD

Software Installation ForPMSIaccess7-zip

AdobeReader GeoDa

Ghostscript GSView Gvim MikTeX

Notepad++ Office

Philcarto Python Qgis R

Rstudio SAS Scilab SPSS Stata

TeXnicCenter XLStat

For the latest information concerning available software version, please consult the chart on thiswebpage:https://casd.eu/en/faq-en/faq-it.Toaddsoftwareoraskforanupdate,aswellasforallmodificationstothematerialconfigurationofyourworkenvironment(negotiatedduringthecontractualisationphase),pleasemakeyourrequestbyemailat:service@casd.eu.

Version3.13–27/02/2017 7/13

5. Imports/Exports

a. Imports

IfyouwishtoworkonfilesthatarenotcurrentlywithinCASD(programs,documentation,orallothertypesofexternaldata),itisnecessarytoaskforanImporttoyourworkspace.Importingofdatainorder to be joined to that which is already present at CASD is only possible if it was explicitlymentioned within your authorisation. Only 'inactive' files can be imported (no executable fileallowed).ImportingcanonlybedonebytheteamatCASD.Sendyourfiles,alongwithadescription(typeoffile,contents,source)byemailtoservice@casd.euorbyfiletransfer.Youmayalsousexchangefile(https://xchangefile.ensae.fr/).Unlessotherwisespecified,thefileswillbeplacedinthecommonworkspaceofyourproject.Youwillreceivenotificationbyemailthattheimporthasoccurred.

b. ExportsAtcertainstagesofyourworkintheCASDenvironment,youmayneedtoretrievedatasetsofresults(whetherintermediateorfinalresults).Aspecificprocedureexistsforthispurpose.Thesedatasetsmustmeetallconfidentialitypolicies fromthedataowner (statisticalsecrecy, fiscalsecrecy,etc.).Ingeneral,thedatacontainedinthesedatasetsmustnotinanycircumstanceallowfordirectorindirectidentificationofthepersonorcompanyinvolved.

Version3.13–27/02/2017 8/13

SothatthestatisticaldepartmentatCASDisabletocheckanyresultsrelatingtoamountvariables,please provide a control file containing all necessary information that you would like exportedalong with columns indicating the maximum and the percentage of maximum of the amountvariables.Hereisanexample:

NumberofCompanies MaxAmount Total

Amount PercentageofMaximum

Bretagne 139 1668 27800 6%Morbihan 82 1590 19882 8%Finistère 19 590 3476 17%Côtes-d'Armor 36 1103 2567 43%Ille-et-Vilaine 2 1312 1875 70%Nord-Pas-de-Calais 95 1165 19416 6%Nord 94 1165 19379 6%Pas-de-Calais 1 37 37 100%Picardie 99 825 20643 4%Oise 67 825 13750 6%Aisne 5 722 821 88%Somme 27 790 6072 13%

NumberofCompanies

TotalAmount

Bretagne 139 27800HiddenValuesdueto:

Morbihan 82 19882 S1 Numberofcompaniesisinferiorto3Finistère S3 S4 S2 InformationrelativetoS1Côtes-d'Armor 36 2567 S3 TonotcalculateS1usingthesumIlle-et-Vilaine S1 S2 S4 TonotrecalculateS2usingthesumNord-Pas-de-Calais 95 19416 S5 Numberofcompaniesinferiorto3Nord S7 S8 S6 InformationrelativetoS5andPas-de-Calais S5 S6

percentageofmaximumsuperiorto85%

Picardie 99 20643 S7 TonotrecalculateS5usingthesumOise 67 13750 S8 TonotrecalculateS6usingthesumAisne 5 S9 S9 Percentageofmaximumsuperiorto85%Somme 27 S10 S10 TonotrecalculateS9usingthesumFormorepreciseinformationonconfidentialitypolicies,pleaserefertothedocumentsgivenattheenrolmentsession.WealsostronglyencourageyoutoconvertallSTATAimagestojpg,bitmap,pdf,etc.sothereisnounauthorisedconfidentialdataincluded.All exports are reviewed by the statistical team at CASD who may ask for modifications orspecificationswhenneeded.

Version3.13–27/02/2017 9/13

ProcedureforExportingFiles:

• Insertalltheelementsthatyouwishtoexportintoafolderthatwasspecificallycreatedforthispurpose,withoutforgettingtoaddthedescriptivefilethatspecifiesthecontentsofthefilesyouwishtoexport:tables,programs,datasetdescriptors(clearnamesandmeaningsofvariables)

• Zipthefolder

• Right-clickonthezippedfolderandselect"SortieCASD"(CASDOutput)

• Notethekeythatisdisplayed(itwillcontainnumbersandonlylettersAtoF)• Clickonthe"Valider"buttontovalidateyourexportrequest.

Version3.13–27/02/2017 10/13

Finally, send your request by email to the team at CASD at this address: service@casd.eu. Yourmessagehastocontainthenameofyourprojectandthekeygivenbeforevalidating.ThestatisticalteamatCASDmustbeabletoreviewtheexportedcontentwithoutneedingtoaskyoufor detailed information. The team reviews the files and ensures that they do not contain anyconfidentialdata.Oncethedataexporthasbeenreviewedandmatchestheconfidentialityrules,theCASDteamwillsendittoyoubyemail.Theaveragedeliverytimeforexportsisonetotwoworkingdaysforastandardexport(1tableof20variablesorfewer,andamaximumof100observations).Incaseofcomplexorheavyexports,thedeliveryperiodmayincreaseto5workingdaysormore.ExportCredit:Whenstartingaproject,youaregivenexportcredit,whichisdeterminedwhentheprojectiscreated(bydefault,20exportsoverthedurationofyourproject,foramaximumof3years;pleasenotethatitispossibletoaskforextraexportpacks).ThisexportcreditreflectsthetimeCASDtakestotreatastandardexportrequest,whichcorrespondsto30minutesofeffectivereviewing.Arealexportcouldrequireseveralcreditsor,conversely,afractionofcredit(iftheexportrequireslessthan30mn).Your request for an export will only be treated if you have enough export credit the day yourequested it. If it isnot the case, youwill need toorderanextra credit exportpackby contactingservice@casd.eu.

6. ClosingyourSessionTwopossiblecases:

• You are done with your work session, with no ongoing calculations: close your sessionfollowing the regular process (Go to your Windows start menu, then click on "Fermer lasession"(Logoff).Removeyoursmartcardfromthecardreader).

• Youareinthemiddleofacalculationorneedtoleaveyourdesktemporarily:removeyoursmartcardfromthereader.Yoursessionontheserverwillremainopen.Youwillfinditthewayyouleftitwhenreconnecting,aspreviouslyindicated.

Version3.13–27/02/2017 11/13

Itisimperativetoonlyusethislastoptionwhenneeded,aswellastocloseyourserversessioninordertoallowtheservertobeupdated.Additionallythisfreesresourcesontheserver.

PreliminaryContractualisationAccesstoCASDservicesrequiresapreliminarycontractagreement.Thecontractfilecontainsthe3followingsections:

• Fundingsection:the"FinancialContract"intendedfortheentitywhichwillfundyouruseofCASD.Therecanonlybeonefinancinginstitution.

• AccessPointHostingsection: the"SD-Box™HostingAgreement" forthe institutionwhich

will host your SD-Box™ (access point to CASD). It can be the same entity as the financinginstitution. Should youwant toplace several SD-Boxes™ inmanydifferent establishments,you will have to sign as many access point hosting agreements as there are hostinginstitutions.

• Usersection:the"UserContract"giventoeachmemberoftheproject.Therewilltherefore

beasmany"UserCharter"formsasthereareusers.Thesethreedocumentsareaccompaniedbythefollowingappendices:

• Pricelistofourservices(alsoavailableat:https://casd.eu/en/rates)• Technical form, available on our website (https://casd.eu/en/technical-form), to complete

on-linetohostanSD-box™• Quotesignedbytheofficerauthorisedforexpendituresbythelegalentityidentifiedasthe

"FinancingInstitution"ofyourproject,whichwaspreliminarilynegotiatedwithourservicestakingintoaccountyourneedsandthecurrentpricelist.

Tosetupthesecontracts,contactCASDbyemailat:service@casd.eu.In order to proceedwith opening your access and shipping your SD-Box™, these 3 components,alongwiththequoteandorderformcorrespondingtothefinancinginstitution(mandatoryifthisisapublicentity),absolutelymustbereturnedtous(byemailatservice@casd.eu)properlycompleted,dated,andsigned.

EndofaSubscriptionoraProject

1. EndofaSubscriptionAttheendofasubscription,CASDwillsendyouaquoteforrenewingyoursubscription.Ifyouwishtorenew,sendusthefollowingatouremailaddress,service@casd.eu: thequotefullycompleted,datedand signed, accompaniedby theorder formof the financing institution, if needbe.Be verycareful that your authorisation includes this renewal period. If not, it is necessary to ask for aprolongationofyourdataaccessbythecompetentaccreditingauthority.

2. EndofaProject

Version3.13–27/02/2017 12/13

At the end of a project, you must return all of the project's SD-Boxes™ with their chargers. Inagreementwith theUserContract, please remember that youhave committed todestroying yourpersonalsmartcard.

3. DataRetentionShould you not renew your subscription at CASD, you may want to subscribe to CASD’s dataretentionservicesothatallfilesyouhavecreated(scripts,programs,results,etc.)willberetainedfor4yearsasoftheendofanon-renewedsubscription(limitedto20GBtotal).Withoutthis,yourfileswillbedestroyedwhentheserveris,at3monthsfromtheendofyourproject.

CitationofDataandPublicationswithAccess forScientificResearchPurposes

1. DataCitationIfyouhavebenefitedfromasubsidisedrate(seepricelist),partofthisagreementistomentiontheuseofCASDinyourpublicationsasfollows:

• "Cetravailabénéficiéd’uneaidedel’Etatgéréeparl’AgenceNationaledelaRechercheautitreduprogramme Investissementsd’avenirportant la référenceANR-10-EQPX-17 (Centred’accèssécuriséauxdonnées–CASD)"(Frenchpublications)

• "ThisworkissupportedbyapublicgrantoverseenbytheFrenchNationalResearchAgency(ANR) as part of the 'Investissements d’Avenir' programme (reference: ANR-10-EQPX-17 -Centred’accèssécuriséauxdonnées–CASD)"(Otherpublications)

2. InformationaboutPublications

Whenyouhavepublished results stemming fromyourworkatCASD,wewelcomeyou to indicatethatviathison-lineform:https://casd.eu/en/publications-form.Furthermore,CASDcontactsallof itsusers foranend-of-the-year registrationof theirpublicationsusingthisform.

ContactCASDEmail:service@casd.euTelephone:

• ContractsandBilling(incl.renewals):0141176263• IT:0141176656• Data,Enrolment,Import/Exports:0141176252

Glossary

Version3.13–27/02/2017 13/13

Accreditation: decision made by the competent authority (data owner and/ or archivesadministration…)givingclearancetocertaindatawithinaproject.BiometricReader:deviceequippedwithafingerprintsensorandanaccesscardreaderprovidedtotheHostingInstitutionbyCASD.CASD:designatestheSecureDataAccessCentresupervisedbyaboarddedicatedtoitsrunninganddevelopmentwithinGENESand functionsasamanager in themissionswithwhich it is entrusted,includingthehandlingofaccesstoconfidentialdata.Contract: set of contractual documents signed by the parties, including terms and conditions,annexes,forms,andpotentialamendments.Data:setofinformationforwhichCASDprovidesaccesstotheUseraccordingtotheirclearanceandtotheCASDconditionsofuse.Dataowner:moralentitywhichentrustsGENESwithdata,towhichthelattergivestheUseraccessviaCASD,followingtheclearanceprocedurewhichhasbeendefinedbythedataowner.Export: exporting of non-confidential data completed by CASD upon request and under theresponsibilityoftheUser.ExpressEnrolmentSession:separatesessionforUserswhohavecompletedthestandardenrolmentsessionwithinthelast4yearswheretheUserreceivestheirnewsmartcard.FinancingInstitution:titleofthelegalornaturalentity,giventhattheyareplacingorhaveplacedaminimumof oneorder for a CASD serviceofGENES.A Financing Institution can alsobe aHostingInstitution.HostingInstitution:titleofthelegalornaturalentity,giventheyemitorhaveemittedatleastoneaccesspointhostingcertificate.AhostcanalsobeaFinancingInstitution.Import:integrationoffilesprovidedbytheUserintotheirworkspacebyCASD.Maintenance:servicefocusedonmaintainingaconsistentlevelofreliabilityandperformanceofthesystem,withitsconformitytoneedsandspecificationsandtheavoidanceofanydowntime.Pricelist:documentindicatingtheapplicablerates,availableontheCASDwebsite.Project: set of activities, completed within the CASD environment, by one or more directly andnominallyidentifiedUsersonthedataforwhichtheyreceivedclearanceandfortheprecisedurationgivenwiththeirclearance.ProjectExtension:extensionofaproject'sdurationthroughtherenewaloftheinitialauthorisation,thesubscription,andanyrelatedcontracts.SD-Box™: electronic device composed of a case and biometric reader, allowing access to CASDserversandrentedbytheCASD-approvedHostingInstitution.Smartcard: personal card provided by CASD allowing the User to prove their identity whenconnectingtothevariousCASDservicesforwhichtheysubscribed.Standard Enrolment Session: training workshop conducted by CASD for Users in order to orientthemtothevariousaspects includinglegal, IT,andsecurity issues.SessionstakeplaceatCASD. Attheendofthesession,theUserreceivestheirsmartcard.Validationofastandardenrolmentisfouryears.Standard Export: export containing 1 table with 20 or fewer variables and 100 or fewerobservations.TechnicalForm:formavailableontheCASDwebsitetobecompletedbytheHostingInstitution.