REDCap and Data Governance

Slides:

Advertisements

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Advertisements

Mountain Lion Security Mac OS X Strong Passwords Every Mac needs a login name and password Every user on every Mac should have their own account.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

Johnson Logistics Solutions Office of Systems and Information Technology.

Introducing K12Planet.com What is K12Planet.com? Who can access it? Is it secure? What do I need to use it? Can I control the information I see?

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Staying Safe Online Keep your Information Secure.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

General Concerns on WWW Security Name: Huaying Chen ID# Instructor: Dr Mort Anvari.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

Computer Security Sample security policy Dr Alexei Vernitski.

1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.

Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Security fundamentals

ArcGIS for Server Security: Advanced

Learning Intention Legislations impact on security of information

What is Information Security?

Data Virtualization Tutorial… SSL with CIS Web Data Sources

Data security OCR Cambridge Nationals in ICT Level 1/2 © Hodder & Stoughton 2013.

DATA SECURITY FOR MEDICAL RESEARCH

Training Objectives About D2F Download Installation Configuration

Internet Business Associate v2.0

Top 5 Open Source Firewall Software for Linux User

CISI – Financial Products, Markets & Services

Common Methods Used to Commit Computer Crimes

Handling Personal Data

Administrative Practices Outcome 1

Ways to protect yourself against hackers

Configuring Windows Firewall with Advanced Security

Chapter 5 : Designing Windows Server-Level Security Processes

Secure Software Confidentiality Integrity Data Security Authentication

OWASP CONSUMER TOP TEN SAFE WEB HABITS

What Is Tapestry? An Online learning journal system.

Internet Basics.

Information Security Session October 24, 2005

The Data Protection Act & ICT Law

Pam Millington Area 4 co-ordinator

Chapter 27: System Security

Lesson 16-Windows NT Security Issues

Unit 1 Effective Communication in Health and Social Care

Identify the laws and guidelines that affect day-to-day use of IT.

Personal data: electronic capture, storage and security

Information Security Awareness

Firewalls Jiang Long Spring 2002.

Web Servers / Deployment

Understanding Data Protection

Identify the laws and guidelines that affect day-to-day use of IT.

Designing IIS Security (IIS – Internet Information Service)

Handling information 14 Standard.

6. Application Software Security

European Computer Driving Licence Syllabus version 5.0

Presentation transcript:

REDCap and Data Governance Tom Drake

?

Why REDCap? Strongly Tested Large Support network Simple and easy to use Secure!

Security REDCap is run by the Surgical and Perioperative Health Research (SPHeRe), University of Edinburgh under licence from Vanderbilt University. REDCap was developed specifically around HIPAA-Security guidelines. It is hosted within the University of Edinburgh Virtual Machine architecture which is physically secured. Linux web servers running apache2/php5 host the application. Web browser communication to the server is SSL-encrypted by default. All other ports are firewall protected. Data is stored in MySQL databases on a separate server. This server is behind a firewall and can only be accessed from the IP address of the web server. An SSL tunnel encrypts communication between the web and databases servers. File upload is secured between servers using the WebDAV protocol with SSL. "At rest" encryption is in place on the database server. Daily back-ups are made of both servers and stored for two weeks prior to being deleted. Operating security updates are installed automatically. Antivirus software runs to a scheduled protocol on the web server. User passwords are managed directly. Accounts are disabled after 5 failed login attempts. Users are auto logged out after 30 mins of no activity. Users are forced to change password after 90 days. Password strength: AT LEAST 9 CHARACTERS IN LENGTH and must consist of AT LEAST one lower-case letter, one upper-case letter, and one number. Daily audit tracking of users is in place with removal of unused user accounts.

Organisation REDCap Project 1 Project 2 Project 3 Instruments

STARSurg REDCap redcap.starsurg.org Access via starsurg.org Or go straight to: redcap.starsurg.org

Top REDCap tips Use a recent internet explorer browser. (Some of the NHS ones don’t speak internet anymore) Check spam Set a password reminder!

Data Governance Data governance very important! Confidentiality, Privacy and NHS obligations All sites and every collaborator!

The Information Commissioner's Office

The Data Protection Act Used fairly and lawfully Used for limited, specifically stated purposes Used in a way that is adequate, relevant and not excessive Accurate Kept for no longer than is absolutely necessary Handled according to people’s data protection rights Kept safe and secure Not transferred outside the UK without adequate protection

(Practical) Tips No data to leave the trust unless into REDCap This includes on personal laptops and email NHS.net email Paper Hospital IDs in REDCap

Commissioner Vs.

=

Commissioner $ $ Vs.

Find out more here: www.bit.ly/OAKSdata

Summary REDCap- an easy, secure way of transferring data Data governance Few simple rules Any problems email us!

?