NCIRNational Cancer Imaging Repository

Compliance & Governance

NCIR is committed to responsible data stewardship. This page summarizes our privacy, security, access, and audit policies and provides tools to request compliance-related artifacts.

Privacy-first
Data minimization & de-identification
Policies
Downloadable governance artifacts
Audit Ready
Retention & logging practices

Privacy Policy

How we protect patient privacy and handle PHI.

NCIR implements strong de-identification, access controls, and minimum necessary principles. Data contributors and approved projects access only the metadata and de-identified imagery necessary for their analyses.

Data Use Agreement

Terms for researchers accessing NCIR data.

Access requires a signed Data Use Agreement (DUA) that specifies permitted use, publication rules, and obligations for data security and acknowledgment.

Security & Controls

Encryption, access controls, and testing cadence.

Data at rest and in transit are encrypted. Role-based access and regular security assessments ensure only authorized researchers can run experiments on the datasets.

ISO aligned
HIPAA-aware

Compliance Contacts

Primary points of contact for compliance requests
Data Protection Officer
dpo@ncir.gov.ng
Security Team
security@ncir.gov.ng

Certification & Attestations

Third-party certifications
  • Annual security assessment completed
  • Privacy impact assessments for new datasets
  • Third-party penetration testing (select projects)

Quick Links

Common compliance artifacts