Our application services deal with sensitive data subject to special data protection, which we know exactly how to protect. For this reason, we operate data security and data protection at the highest level.
Physical Failure and Backups
We are protected against physical failure with redundant RAID hard disks and duplex servers that mirror each other. Continuous backups of the data including the data history between the backups are not only created on the mirrored servers themselves, but also at external, secured locations. This means that in the event of physical failure and data loss, we can restore the system at any time.
Through separate databases, SSL encrypted transmission, cryptographically secured or individually encrypted master data and 2-factor authentication, we can guarantee a maximum level of access security. In addition, we have implemented various other data security measures. For example, all movements in the system are traced, i.e. we can always say who entered or queried what and when.
Data Sovereignty and Data Protection
In principle, the data always belongs to the investigator or his patient. The data collectors determine when what happens to the data and have control at all times: everyone only has access to the data for which they have authorization. In the area of data protection, we work closely and openly with the official authorities (Federal Data Protection Commissioner and Ethics Committees) and our data protection officers. In Germany, we were reviewed by the renowned “TMF – Technologie- und Methodenplattform für die vernetzte medizinische Forschung e.V.” and included in the exclusive TMF pool. In addition, as part of the introduction of the Human Research Act, we had our entire documentation revised by RA David Rosenthal, who specializes in data protection. It is clear that our solution had to withstand all data protection checks as part of the highly specialized medicine projects.
Organizational and Personnel Safety
Additionally our system “AQC” is ISO-certified according to the standard for quality management systems ISO 9001:2015 (since 09/2006, SGS certificate CH06/0722). With around ten employees working solely on register technology and its processing, we are also secured in terms of our human resources.
We know how important data security and data protection are for our customers and their patients. That’s why we don’t shy away from any effort and are constantly developing our system further in this respect as well.
Regular Security Audits
We test the emergency at regular intervals. We have all our systems extensively checked by external security experts. Our servers are secured against unauthorized access and malware according to the latest state of the art. They are continuously tested for weak points (penetration tests) and withstand attack attempts. This was confirmed by the safety reports. The last safety report is from the company Cyllective AG and is dated March 2020. Any feedback from these audits is promptly addressed and implemented. In addition, we subject our programs to a continuous external code review to uncover weak points.