Using the industry’s best practices to ensure all of your data is kept private and secure.
Security of personal information is paramount in the creation and implementation of IRIS. To ensure that you and your participants’ information is kept both private and secure, we follow the industry’s best practices.
IRIS includes the following security features:
- Access to IRIS is password-protected. All passwords are passed through hash and salt functions so that the only person who will ever know a password is the one who created it.
- The server which hosts the IRIS code and the IRIS database is protected by a software firewall. Only users with the correct Secure Shell (SSH) credentials, or a registered username and password with IRIS, can gain access to it.
- The database which contains IRIS data does not host any other applications, reducing the number of vulnerabilities.
- All incoming and outgoing traffic to an IRIS installation is encrypted using Transport Layer Security (TLS/SSL).
- All changes to content and user activity is monitored and can be used to perform an audit for electronic health record auditing purposes or to fulfill the requirements of privacy legislation.
- The level of access granted to a user of IRIS is based on that individual’s role. For example, an administrator is able to access every part of IRIS whereas a staff user will only be able to access the parts of IRIS necessary to perform their job, limiting the risk of unauthorized access to participant personal information.