The brief
The institute had accumulated four parallel document archives, each from a different generation of internal IT. None of them had a satisfactory audit trail; one of them was a network drive. The national audit office had flagged the situation in a recent review. The institute needed a single, role-aware, auditable portal that could swallow the legacy without breaking the science already running on top of it.
What we did
We built a bespoke portal on top of the institute's existing identity layer (ORCID-backed, federated through eduGAIN), with role definitions matched to the project taxonomy already in use. The legacy archives were migrated in waves, with provenance metadata preserved. Every document carries a chain-of-custody record visible to the DPO; every access event is logged, queryable, and retained against the audit policy.
- › Role-aware document access (Principal Investigator, Collaborator, External Reviewer, DPO, Auditor).
- › A migration tool that classified documents by sensitivity before move, not after.
- › A read-only "historical" view of legacy archives kept live for the first six months.
- › A DPO console that surfaces every cross-jurisdiction access in a single report.
"For the first time in fifteen years, the audit answer is shorter than the audit question."
Data Protection Officer, the institute
Outcome
The portal went live in October. The legacy archives were retired sequentially over the following six months. Active research programmes ran without interruption, the migration tooling was designed to make that promise, and the post-migration audit confirmed it. The portal's ongoing operation is on an LCFD-managed hosting contract with EU residency, on the same stack we use for our published products.