Below are our frequently asked questions regarding security and compliance of the Referral System.
We help you to identify your areas of responsibility as a Referral System administrator, what documentation and processes you are required to implement to your users and subscribing organisations via your terms of use documentation.
Existing subscribers may be willing to help you with this process, based on their experience as a system administrator. Email us to be put in touch with existing Referral System administrators.
Is the service secure?
Case details submitted via the platform are stored in a secure database, along with further case notes and files.
The data is stored (at rest) on Heroku, below are the technical details:
All production plans (Standard, Premium, Private and Shield) are encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
In transit (including during user login) we https encrypt, SHA-256. https://www.heroku.com/policy/security
Both the intermediate and end-entity certificates (where the signatures matter) use SHA-256.
Case files are stored in AWS S3 and are only accessible through the use of a specific Identity and Access Management (IAM) policy which is used by the application and is not exposed to users of the platform.
As a managed service, Amazon S3 is protected by the AWS global network security procedures that are described in the Amazon Web Services: Overview of Security Processes (https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf)
The Supplier will treat all personal data in accordance with the requirements of the Information Commissioner’s Office.
Where is the data stored?
The data is stored in AWS RDS and AWS S3. You can find out more about the security principles in place by visiting the link below.
https://aws.amazon.com/compliance/gdpr-center/
Is the data centre accredited with ISO27001 certification?
Yes, a copy of the data centre’s certificate can be viewed by visiting the link below:
https://d1.awsstatic.com/certifications/iso_27001_global_certification.pdf
How long is the data retained?
Entries are anonymised 2 years after the creation date.
At this point, all personal information is removed.
Data retained for statistical analysis is limited to:
- Title
- Date of Birth
- Voicemail Consent
- Text Consent
- Town
- County
- Partial Postcode
- Urgency
- Issues
- Has checked criteria
- Client consent
- Consent date
- Email notifications consent
- Created by username
- Updated by username
- Status
- Status Updated date / time
- Created by staff
- Updated by staff
- Referred to organisation
- Created by organisation
System administrators are able to periodically review the data and remove it in the event that they are requested by a client to do so.
What type of data is to be transmitted?
Personal information relating to a specific case and case management information such as; notes and/or any pertinent document is both stored on the database server and transmitted via the service as outlined in ‘Is the service secure?’ above.
How do you store your passwords?
The password attribute of a User object is a string in this format:
<algorithm>$<iterations>$<salt>$<hash>
Those are the components used for storing a User’s password, separated by the dollar-sign character and consist of: the hashing algorithm, the number of algorithm iterations (work factor), the random salt, and the resulting password hash.
Iterations describe the number of times the algorithm is run over the hash. Salt is the random seed used and the hash is the result of the one-way function.
We use the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST (https://www.nist.gov/). This is very secure, requiring massive amounts of computing time to break.