SEC Core Platform Account

Open a SEC Account with Central IT

A SEC Core Platform Account is an autonomous member AWS account in the UCSF Master Payor Organization controled by the security demands for UCSF sensative data. This account can run the AWS services listed in our available service list. Access to the account is granted using the UCSF Single Sign On and is restricted to individuals who have an Active Directory account. 

SEC Core Platform Accounts have a baseline cost regardless of the number of users or resources used. This is approximately $76 per month and the details of this can be reviewed here.

The SEC Core Platform Account Team is comprised of:

  1. Unit/Department Head
  2. Account Owner
  3. Unit Information Security Lead
  4. Workforce Manager
  5. Primary Point of Contact
  6. Technical Point of Contact

A Department Head for a cost center must approve the account and accept responsibility for all the charges incurred in the account. 

The Department Head approves an Account Owner who will then be able to approve individual user access to the account. The Account Owner is responsible for ensuring all data governance acctivities are adheard to for every user that has access to the account. Including but not limited to all IRB requirements for the data that will be housed in the account.

The UC System has negotiated a discount on services for the member accounts in the Master Organization. This is negotiated at the UC level and the prices charged in the account are automatically reflected. Each account has a separate invoice section on the master bill. These discounted charges on the invoice will be recharged to the appropriate cost center.

In addition to the UC negotiated discount, UCSF Central IT will actively seek to purchase RIs and acquire further credits and and price reductions based on usage aggregated across the organization. The cost for running the network and security infrastructure is considerable. The additional discounts and credits above and beyond the UC negotiated enterprise discount will first be used to offset the services needed to run the environment. Any remaining savings will be distributed to the member accounts periodically. If you have questions about this process please don't hesitate to ask.

This account operates in a Shared Responsibility Model as pictured below. (credit for this image goes to our friends at UCD who run a NIST compliant environment.)

Shared Responsibility