Infrastructure and Security General Practices	User Accounts LDAP and Table-based	User Privileges Granular Permissions	Data Considerations Logging, Data Export, Retention	Data Interoperability API Tokens

Infrastructure and Security

REDCap is deployed in a multi-tiered architecture with separate web, file and database servers. All communications between tiers are encrypted. The database is replicated in real-time to a second database, which is used for backups, reporting and local disaster recovery. Full database backups are performed nightly, and file system backups are taken every 15 minutes. In the event of a significant disaster, a secondary data center located hundreds of miles away is available to restore functionality. Servers are patched regularly and scanned for vulnerabilities as well as viruses and malware. Servers are monitored internally for degradation of services and availability is monitored externally.

In REDCap, all incoming data gets intentionally filtered, sanitized, and escaped to protect against methods of attack, such as Cross-Site Scripting (XSS) and SQL Injection. REDCap has implemented mitigation techniques to prevent common cybersecurity attacks, such as Cross-Site Request Forgery (CSRF), Denial of Service (DoS), and BREACH attacks.

User Accounts

Account Types

REDCap implements authentication to validate the identity of end-users that log in to the system. UW-Madison staff access REDCap with their university provided NetID once added to an allow-list. 

External (non-UW) users are granted an account after confirmation of collaboration with UW staff.  A unique username will be created by REDCap administrators and a password will be set by the external user.

Auto-logout & Suspensions

REDCap contains an auto-logout setting that will automatically log a user out of the system if they have not had any activity (e.g. clicking, typing, moving the mouse) on their current web page for the set amount of time. Additionally, REDCap will lock a user out of the system after a set number of failed login attempts for a specified amount of time.

A user account may also be automatically suspended due to overall inactivity for a set number of days. Suspending a user allows their account to remain in the system but denying them access to the entire REDCap application until their suspended status has been revoked by a REDCap administrator.  An account may also be suspended by an administrator due to an inappropriate use of the system as deemed by the administrators.

User Privileges

Each user has their own account, and their user account will only have access to REDCap projects that they themselves have created or to projects to which other users have granted them access.

User privileges are granular on the project level and can be modified within any given project by someone with proper privileges. The creator of a project will automatically be given full rights to the project, after which they may grant other users access. External (non-UW) user accounts will not be allowed to create their own project to ensure they have a collaboration with UW-Madison staff on each project.

Data Access Groups can be implemented to help segregate users and the data they enter by placing users into data access groups, after which they will only be able to access records created by someone in their group. This particular feature is entirely optional but is especially helpful in certain situations, such as for multi-institutional projects where the data entered by one institution should not be accessible or viewable by other institutions with access to that same project.

Data Considerations

Logging and Audit Trail