SSPNet Security Datasheet
Protecting the privacy of clinical information is a responsibility we take very seriously. We understand that medical data is personal and maintaining confidentiality is paramount. We are committed to our established practices and procedures to protect the confidential nature of your data.
The information you store in the SSPNet database encompasses several layers of secure protocols. Our proven development methodology ensures that your data will be protected from hackers and unauthorized audiences. With both physical and binary security measures in place you can rest assured that your confidential data is being stored in secure manner.
Application and Network Security
The SSPNet web application is regularly tested for hacker vulnerability. Our standards based security practices have been established to protect our server from common "hacks" and web-exploits such as SQL injection, cross-site scripting, and unrestricted directory listings. Passwords are stored using a one-way hash algorithm to prevent unauthorized retrieval. Role-based security tokens are encrypted with each user session to secure every level of access to our database.
- A dedicated hardware firewall actively scans each data packet with a comprehensive set of Unified Threat Management (UTM) security features to protect against network and application level attacks.
- Stateful Packet Inspection to perform access control and stop network level attacks
- IPS (Deep Inspection firewall) to stop application level attacks
- Denial of service (DoS) mitigation capabilities
- Best-in-class antivirus based on the Kaspersky Lab scanning engine that includes Anti-Phishing, Anti-Spyware, Anti-Adware protection to stop viruses, Trojans and other malware before they compromise the server
- Daily offsite backup routines are in place to prevent data loss in the event of a hardware failure or a catastrophic event. The daily snapshots are stored for a period of 30 days before they expire. With your data securely housed in an off-site backup facility, you can feel secure about storing your mission critical information on our server.
We believe physical security is just as important as application level security. That's why we chose to house our main server in a Peer1 data center. The area is fully secured and operated by authorized engineers. The following list of physical security practices is in place to protect your data from unauthorized access.
- State-of-the art data center security includes monitored closed circuit TV, 24x7 on-site personnel, military grade pass card access, and biometric hand-scan units
- Dedicated hosting centers in Atlanta GA, Miami FL, and Fremont CA
- Regulated climate control with full particle filtering and humidity control
- Backup power systems including on-site diesel powered generators and centralized UPS
SSPNet is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the SSPNet Web site and governs data collection and usage. By using the SSPNet website, you consent to the data practices described in this statement.
Collection of your Personal Information
SSPNet collects personally identifiable information, such as your e-mail address, name, home or work address or telephone number. SSPNet also collects anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites.
There is also information about your computer hardware and software that is automatically collected by SSPNet. This information can include: your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by SSPNet for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the SSPNet Web site.
Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through SSPNet public message boards, this information may be collected and used by others. Note: SSPNet does not read any of your private online communications.
SSPNet encourages you to review the privacy statements of Web sites you choose to link to from SSPNet so that you can understand how those Web sites collect, use and share your information. SSPNet is not responsible for the privacy statements or other content on Web sites outside of the SSPNet and SSPNet family of Web sites.
The SSPNet Web site use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize SSPNet pages, or register with SSPNet site or services, a cookie helps SSPNet to recall your specific information on subsequent visits. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
Security of your Personal Information
SSPNet secures your personal information from unauthorized access, use or disclosure. SSPNet secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure.
Changes to this Statement
SSPNet will occasionally update this Statement of Privacy to reflect company and customer feedback. SSPNet encourages you to periodically review this Statement to be informed of how SSPNet is protecting your information.
SSPNet welcomes your comments regarding this Statement of Privacy. If you believe that SSPNet has not adhered to this Statement, please contact us at firstname.lastname@example.org. We will use commercially reasonable efforts to promptly determine and remedy the problem.