With regular reports of data breaches worldwide, security and compliance are a continuous focus of Skin Cancer Audit and Research Data Inc for the deidentified skin cancer results and databases we maintain.
This article is intended to provide information on the technology used by SCARD Inc for the collection and storage of data as well as the security and compliance measures undertaken. Unsurprisingly, the exact processes used are not published for security reasons.
Core system
SCARD Inc database and storage platforms are built upon Red Hat Enterprise Linux (RHEL) and Percona Server.
RHEL is widely respected as a robust and secure server platform, where its security starts with the solid foundation of the Linux kernel. Percona is a rich, open-source database management system that has gained popularity as a reliable alternative to MySQL.
VMWare vSphere provides the hypervisor for Virtual Machines and an additional layer of security between the physical hardware and Operating System.
Encryption
Encryption is the key to secure data and communications, the most common example being SSL/TLS, used for secure website and email connections.
Apart from SSL/TLS for communications, SCARD Inc uses both hardware and software-based encryption throughout the platform, such as Cryptographic accelerators for routers and native AES256 encryption in database engines.
Location
The digital environment used by SCARD Inc for record storage is wholly Australian-based on privately owned and managed equipment housed in a Tier-III datacentre with Defence Industry Security Program accreditation.
Encrypted data from the primary site is replicated into a second privately-owned Tier-II facility for geographical redundancy.
Backup
LTO magnetic tapes are in place due to the inherent security benefits. The risk of unauthorized access or cyberattacks is mitigated as LTOs are an offline medium. Furthermore, hardware-based encryption capabilities allow for secure backups and ensure the confidentiality of sensitive data.
Compliance
The digital environment is continuously tested against Health Insurance Portability and Accountability Act (HIPAA) “RHEL9” requirements as well as the Australian Cyber Security Centre (ACSC) “RHEL9” and “Essential 8” requirements through Red Hat’s security and compliance portal (Insights). Compliance requires a 100% pass mark for all servers.
Furthermore, firewalls, intrusion prevention and data storage methods are measured against PCI DSS Requirements for broad-spectrum compliance.
Further Information
If you would like more security information, then please get in touch with us.
