Server and data storage security?

Online experiments
2

Oh, yes, just to be clear we are certainly GDPR compliant )and we will remain so after Brexit transition period ends).

We are also super-secure and careful with your data. We can help you with the documentation you need for that but, to give you an idea:

  • our server is a physical server, bolted into a highly secure datacenter with ISO 27001 certification
  • our encryption meets very high standards (including NIST, HIPAA and PCI DSS)
  • we subjected the server to serious “penetration testing” from a CREST-certified security firm (Nettitude) who found no issues for sensible users (choosing sensible passwords etc)
  • we’re happy to sign privacy and data-sharing agreements (we don’t share data with anyone so it’s easy)
  • unlike other providers, we have minimal cookies throughout our sites and, to be on the safe side we turn off things like GoogleAnalytics during participant data collection (surprisingly, others don’t!)
  • unlike certain competitors we don’t store PII like IP addresses on your behalf (although it you want to do that yourself in your JavaScript code you can of course). Note that, like all online sites, we do store these in security logs, as required for security reasons, but they aren’t combined with participant data
  • we have security software in place to detect and automatically respond to attacks (Intruder Detection Software and Intruder Prevention Software)
  • granting admin access to the server is considered very carefully (currently only 2 people)

As well as avoiding data theft, we are also careful about avoiding data loss. We provide 3 levels of backup to prevent data loss in the event of

  • a broken disk (immediate duplication via RAID array)
  • an entire broken server (duplicate server that can be activated within hours)
  • an entire destroyed datacenter (nightly backups to another city)!

All in all, we are really extremely secure and careful with your data and we have had no incidents regarding security.

If your institution needs documentation about these sorts of things (HECVAT or similar documents etc) then we’ll be happy to help. You could email sales at opensciencetools.org and I’ll pick it up with you there

best wishes,
Jon

2 Likes