We consider data security and privacy as very important. Our data security policy complies with the highest actual standards for the exchange of patient information. Below, we explain the security and accessibility policies implemented in the SlideSpace platform.
Only the members of a project in SlideSpace can see the Project and access its contents. Each user selects his/her own password for
SlideSpace. The user's passwords are stored in a one-way encrypted
format and are not accessible to employees of SlideSpace. After
entering the required registration information as a new user, you will be
able to access your user account immediately. The password is chosen
directly as part of the registration process and not sent to you by any
other means. If you have forgotten your password, or your password is
not working for some reason, you can re-establish your identity with the
system as follows:
An email message will be sent to you with instructions to reset your password. A password system has been established to ensure that only you can access your personal information and communities. The acceptable minimum password length is 8 characters. We recommend that you use a random combination of letters, cases, numbers, and non-alphanumerical characters to provide maximal protection. Each time you login to the system you will be required to authenticate your identity by entering your previously supplied e-mail address and password. Upon successful login, you are issued a unique “session id” (does not include any personally identifiable information) which allows you to remain active as long as actions are performed in the system. In case the session has timed out, it is required to re-enter your e-mail address and password. If an incorrect password is supplied, or if you simply forget your password, you may need to re-establish your identity following the instructions above. After an undisclosed number of unsuccessful login attempts, you will be locked out.
We use encryption technology to ensure the safe transmission of your information and documents when logged into the system. Your browser provides security by allowing us to use Secure Socket Layer (SSL) encryption up to 128-bit key length encryption when transmitting information and documents. The number of bits of secret key length varies between 40 and 128 depending on your browser’s capability. The highest available bit length is always used. All communication between your computer and SlideSpace is encrypted using SSL.
SlideSpace uses the AWS platform to operate the Digital Pathology Platform. AWS is a cloud application platform used by organizations
of all sizes to deploy and operate applications throughout the world.
This platform allows organizations to focus on application development
and business strategy while AWS focuses on infrastructure management,
scaling, and security. AWS applies security best practices and manages
platform security so customers can focus on their business. The AWS
platform inherently protects customers from threats by applying security
controls at every layer from physical to application, isolating
customer applications and data, and with its ability to rapidly deploy
security updates without customer interaction or service interruption.
For detailed information about the security policy of AWS see: https://aws.amazon.com/security.
AWS’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff. Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely. For additional information see: https://aws.amazon.com/security.
We take various measures to protect client and patient information while it is stored. We have taken special steps to ensure that only a few key people are aware of how the security system is designed and implemented. All our employees are bound by a confidentiality and non-disclosure agreement prohibiting access to and dissemination of information.
The SlideSpace application runs within its own isolated environment at the AWS platform and cannot interact with other applications or areas of the system. This restrictive operating environment is designed to prevent security and stability issues. These self-contained environments isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections. For additional technical information see: https://aws.amazon.com/security.
The data in SlideSpace is stored in Oracle databases. It is stored in a separate access-controlled database. Each database requires a unique user name and password that is only valid for that specific database and is unique to SlideSpace. The connection between SlideSpace and Oracle databases require SSL encryption to ensure a high level of security and privacy.
Every change to your data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. In the unlikely event of unrecoverable hardware failure, these logs can be automatically ‘replayed’ to recover the database to within seconds of its last known state. SlideSpace stores the last 7 day back-ups and 5 week back-ups.