Hub-4 is hosted on a dedicated EC2 Amazon Web Services (AWS) virtual server
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html
The server is located at an AWS availability zone in Ireland, within the European Union
The server is protected by Amazon EC2 Security Group virtual firewall, in addition to a second firewall installed on the virtual server itself. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
The server virtual machines are replicated and maintained within the AWS cloud.
The servers are monitored by IP Patrol and our own monitoring system for security, health and any downtime.
The AWS availability zones consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. https://aws.amazon.com/about-aws/global-infrastructure/
The Hub-4 servers are managed by Footwork Solutions who develop and support hub-4.
Footwork are currently completing NHS Information Governance Toolkit Version 9 to Level 2 [IG9].
This is based on the ISO 27001/2 standards. Compliance to IG9 covers a wide range of security aspects from physical security, networks and development standards.
A high level overview is available. Information Governance Toolkit.pdf.
All traffic to hub-4 is over an encrypted TLS1.2 channel..
Hub-4 requires a unique email address and password to login.
User accounts are managed by nominated administrators.
Passwords are 12 character system generated alpha numeric.
Passwords can be reset by users or administrators and are emailed to the registered email address for the user.
In addition to the AWS Security Group firewall, the server has it’s own internal, managed firewall..
Both provide intrusion detection.
The server also runs Tripwire and Snort for intrusion detection and prevention.
.
Data segregation is managed by the application, which isolates data by client, unique locality or user.
Daily backups are held for 2 weeks.
Weekly backups are held for 2 months.
Monthly backups are held for 2 years
Daily backups are held for 2 weeks
Weekly backups are held for 2 months
Monthly backups are held for 2 years
Clam AV with nightly updates
Patches are tested on the development server and then uploaded to the production server
Minor and major updates are available on the production server as an optional updated code base.
Users can switch back to the current version whilst any fixes are made.
When the code base is stable it is released as the current version.
All minor and major updates are informed to customers and their administrator users by email.
AWS is ISO 27001 certified. https://d0.awsstatic.com/certifications/iso_27001_global_certification.pdf
AWS is not providing a backup service; backups are managed internally, to offsite locations.
The hub-4 server is monitored 24/7 with email and SMS alerts going out to a number of staff if any component causes the hub-4 application to be unavailable.
In this situation a protocol is followed to assess the point of failure and likely recovery times. Hardware is covered under a maintenance contract.
In the event that the live server cannot be brought back on line within a reasonable time then a failover virtual server is brought on line.

All traffic is secured with 256bit encryption provided by Comodo and as registered Data Controllers we meet the ICO’s standards.
