DataFinch Technologies, Inc. protects our users’ data from theft, disaster and misuse by adhering to comprehensive industry standards and guidelines. Below is a list of features and measures DataFinch takes to ensure the security of users’ information and data.
Mobile Device Security
As Catalyst is a cloud based data system, meticulous design and planning has gone into securing the mobile application.
- All traffic to and from the device is encrypted with industry standard 4096 bit AES "bank level" encryption. This prevents snooping of the internet traffic by unwanted third parties.
- All PHI data (if sent to the device) is encrypted on the mobile device using keys that DataFinch securely manages centrally.
Regardless of any encryption in place, users have the option to NOT send PHI data to the device. By entering a value in the "Student Code" field under "Demographics" you can ensure that no identifying information is sent to the device.
- Trial data recorded on the device also never contains any PHI data. An example of the captured data can be seen below. This is the information that is tranferred over the "wire".
Note About Public Hotspots
Catalyst uses SSL for both mobile device and portal and is secure over public hotspots. Only a public key and encrypted messages are transmitted (and these too are signed by root certificates) during the setup of TLS, the security layer used by SSL. The client uses the public key to encrypt a master secret, which the server then decrypts with its private key. All data is encrypted with a function that uses the master secret and pseudo-random numbers generated by each side.
- the data is secure because it is signed by the master secret and pseudo-random numbers
- the master secret and pseudo-random numbers are secure because it uses public-private key encryption when the TLS handshake occurs
- the public-private key encryption is secure because:
- the private keys are kept secret
- public-private key encryption is designed to be useless without the private key
- the public keys are known to be legitimate because they are signed by root certificates, which either
- came with your computer
- or were specifically authorized by you (pay attention to browser warnings!)
Thus, your HTTPS connections and data are safe as long as:
- you trust the certificates that come with your computer,
- you take care to only authorize certificates that you trust.
- Our data centers can only be accessed by authorized personnel. All Visitors require photo identification, and access is controlled via fingerprint scanners.
Redundancy & Integrity
- DataFinch utilizes 3 data centers in the United States. All customer data are replicated amongst those three centers and backed up nightly to off-site backup locations. DataFinch data is protected from natural disasters, power failures as well as computer malfunctions.
- DataFinch does not delete any data. All data recorded in Catalyst are stored indefinitely.
- The DataFinch network, much like the DataFinch data is protected in several ways. These include firewalls at all data centers and access to the DataFinch site is only allowed from approved countries. At this time, these include the United States and Canada.
- No physical access to the network can be obtained except for by authorized personnel.
- DataFinch has multiple hardware systems, such as intrusion prevention and audit trails in place to protect against theft and attacks/intrusions.
- All traffic to/from our servers through public internet access points are encrypted using industry standard SSL protocol(s). This is the same technology used for credit card purchases made using the internet.
- Each data center has multiple links to the internet via several service providers. In the event that a particular link is “down,” DataFinch will automatically “fail over” to a secondary link.
- Firewalls, servers, and other network appliances are deployed in pairs to minimize potential issues that might result from hardware failure(s).
Application Level Compliance
- The application (both iPad and portal) timeout after 20 minutes of inactivity.
- All passwords must meet specific complexity requirement, including upper AND lower case characters, as well as at least one numeric digit.
- iPads can be remotely wiped of Catalyst data if lost or stolen.
- Users and groups can be created to allow for more restricted security for specific users of the system, such as support staff.