System Security

The DCU employs several layers of hardware/software protection in cooperation with the Medical University of South Carolina to ensure system security. The DCU Servers also use Anti-Virus software to guard against malicious viral attacks. Ensuring data security and integrity is top priority at the DCU. Technology SOP’s are reviewed on an annual basis to ensure the DCU maintains a high level of security while utilizing the latest technologies to coordinate data management activities for large multi-center clinical research studies.

The DCU employs complex network architecture to guarantee system security. Our web system is the only portal into the locked-down internal network. Several multifaceted layers have been created to protect against any intrusion, deliberate or accidental. The MUSC maintains firewall protection between the university and outside computer systems by implementing an Apache reverse proxy on the University’s perimeter network. The proxy protects our internal components from ever having direct communication externally. DCU maintains an additional firewall on web servers because access is not limited to within MUSC. The overhead of this operation is very minimal and provides several additional layers of security the DCU deems necessary to guard against intrusion.

In addition to the firewall protection, two levels of software security are in place at DCU. The first is antiviral protection: McAfee Enterprise v8.0 is being used to protect all servers and workstations from infection. Virus definitions are updated on a daily basis. The second component is password protection. Oracle, Clintrial, Access and Windows all include password protection features to prevent unauthorized access. These are all activated and kept fully functional by the DCU Information Systems Manager.

All computer systems purchased from vendors or self-developed are tested and validated according to DCU standard operating processures prior to being implemented for research projects. All information systems used by DCU in the management and storage of clinical trial data are housed in a limited-access, central office in the DB²E at MUSC.

WebDCU™ (Web-based Clinical Trial Management System) Security

All DCU web-based clinical trial management systems adopt Secure Sockets Layer (SSL) protocol to enable encrypted, authenticated communications across the Internet and require the user to log-in at the beginning and log-out at the completion of the system session. The user authentication process is based on the combined identification of a user ID and password. The user is required to change their password periodically or their account will expire.

When an internet user tries to log-in to the WebDCU™ system, the user’s browser type, IP address, log date and time will be collected for security reasons. If any suspicious log-in attempt is detected, the system begins to trace the possibly malicious attack, immediately refuses any more system access, and notifies the incident to an IS Manager or designee.