Ledidi’s cloud solutions are based on the most secure global cloud infrastructure (Amazon Web Services) and use industry standards for encryption, multi factor authentication, logging, Virtual Private Network, backup, data restoration and prevention of attacks.
PRJCTS is developed with built-in security measures in all components of the architecture of the solution with multiple layers of security. Ledidi uses security standards that satisfy most regional and local regulatory requirements, data privacy laws and regulations, including EU-GDPR and US-HIPAA rules.
|Secure communication from browser||
|Secure API gateway||
|Authentication / authorization in all components||
Ledidi has complete control over the physical location of data storage, and the EU-US Privacy Shield agreement ensures that research collaborations can be established between the EU and US.
Ledidi uses best practices in cloud computing and industry leading technologies in data security and privacy including:
- Encryption of all data communication over the internet and and at rest (AES-256)
- Multi factor authentication
- All actions in the solution are logged for future audit
- All data entries have full version history
- Variables can be marked as containing personal data with privileged access
- Advanced users can access data for analysis using APIs (from tools like R and Python) and thereby avoid export of data to local discs
- The components of the solution are established in and run on a separate logical network in AWS, i.e. a Virtual Private Network (https://aws.amazon.com/vpc/), and all components are protected by AWS’s network firewall
- Industry standards for preventing attacks (i.e. Dos and DDoS)
- Redundancy and scaling
- Backup and restoring of data, including disaster recovery to a separate cloud environment
- Security governance according to EU-GDPR and US-HIPAA
- Regular security audits with penetration tests by independent partners (reports are available upon request)
Ledidi will provide additional information upon request by local or institutional IT security personnel or institutional review boards (IRB).