esg2go Data Security
The esg2go technology has been tested and offers the highest standard of data security and safety. Initially, the technology was developed for a medical registry. In this field, data security and safety for data entry is of utmost importance.
The servers are located in ISO certified Tier-4 high security data centers in Switzerland. To counteract physical failure, redundant RAID-HDs and Duplex-Servers with mirroring functions are used. Continual backups of the data including history between backups are not only made on the mirrored servers, but also at different, safe locations. This means that with and physical failure and data loss, we will still be able to retrieve all data.
Our Standards for Data Entry
The data entry tool is on the highest standard. Separate databases, SSL-encrypted transmission, IP blocking, cryptographically secured or department-specific encrypted master data and 2-factor authentication ensure a maximum level of access security. Additionally, there is a tracing system that tracks every single movement, which essentially shows who worked on what, at any given time.
Who Owns the Data?
In general, the data is owned by the individual who uploads it. The uploader decides what is to happen with the data and is always in control. Everyone has access to the data, for which he/she has rights to. In regards to Data Protection, we work closely with the official positions (Eidgenössischer Datenschutzbeauftrager und Ethikkomissionen) and our Data Protection Officer. In Germany, we were reviewed by the renowned “TMF – Technologie- und Methodenplattform für die vernetzte medizinische Forschung e.V.” and included in the exclusive TMF Toolpool. Additionally, we have overworked our entire documentation through the Data Protection specialized attorney David Rosenthal.
On What System Are We Building?
The cornerstone system “AQC” for esg2go is ISO certified by the standard of quality management ISO 9001:2015 (since September 2006, SGS Certificate CH06/0722). The organizational process is standardized, doubly secured, and transparently documented. There are measures for critical cases and constant improvement is ensured.
Regular Security Audits
Security audits are carried out at regular intervals to test the seriousness of the situation. In the process, all systems are extensively checked by external safety experts. The servers are on the newest and highest technical level to prevent third party access and malware, and are penetration tested. Additionally, all programs undergo a code review to determine any possible weak points. The safety reports confirm these points. Additionally, all programs undergo a code review to determine any possible weak points.