Topics Map > User Guides
Topics Map > REDCap
REDCap: General Security Overview
Infrastructure and Security
General Practices
|
User Accounts
LDAP and Table-based
|
User Privileges
Granular Permissions
|
Data Considerations
Logging, Data Export, Retention
|
Data Interoperability
API Tokens
|
---|
Infrastructure and Security
REDCap is deployed in a multi-tiered architecture with separate web, file and database servers. All communications between tiers are encrypted. The database is replicated in real-time to a second database, which is used for backups, reporting and local disaster recovery. Full database backups are performed nightly, and file system backups are taken every 15 minutes. In the event of a significant disaster, a secondary data center located hundreds of miles away is available to restore functionality. Servers are patched regularly and scanned for vulnerabilities as well as viruses and malware. Servers are monitored internally for degradation of services and availability is monitored externally.
In REDCap, all incoming data gets intentionally filtered, sanitized, and escaped to protect against methods of attack, such as Cross-Site Scripting (XSS) and SQL Injection. REDCap has implemented mitigation techniques to prevent common cybersecurity attacks, such as Cross-Site Request Forgery (CSRF), Denial of Service (DoS), and BREACH attacks.
User Accounts
Account Types
REDCap implements authentication to validate the identity of end-users that log in to the system. UW-Madison staff access REDCap with their university provided NetID once added to an allow-list.
External (non-UW) users are granted an account after confirmation of collaboration with UW staff. A unique username will be created by REDCap administrators and a password will be set by the external user.
Auto-logout & Suspensions
REDCap contains an auto-logout setting that will automatically log a user out of the system if they have not had any activity (e.g. clicking, typing, moving the mouse) on their current web page for the set amount of time. Additionally, REDCap will lock a user out of the system after a set number of failed login attempts for a specified amount of time.
A user account may also be automatically suspended due to overall inactivity for a set number of days. Suspending a user allows their account to remain in the system but denying them access to the entire REDCap application until their suspended status has been revoked by a REDCap administrator. An account may also be suspended by an administrator due to an inappropriate use of the system as deemed by the administrators.
User Privileges
Each user has their own account, and their user account will only have access to REDCap projects that they themselves have created or to projects to which other users have granted them access.
User privileges are granular on the project level and can be modified within any given project by someone with proper privileges. The creator of a project will automatically be given full rights to the project, after which they may grant other users access. External (non-UW) user accounts will not be allowed to create their own project to ensure they have a collaboration with UW-Madison staff on each project.
Data Access Groups can be implemented to help segregate users and the data they enter by placing users into data access groups, after which they will only be able to access records created by someone in their group. This particular feature is entirely optional but is especially helpful in certain situations, such as for multi-institutional projects where the data entered by one institution should not be accessible or viewable by other institutions with access to that same project.
Data Considerations
Logging and Audit Trail
REDCap has a built-in audit trail that automatically logs all user activity and logs all pages viewed by every user, including contextual information (e.g. the project or record being accessed). A project user granted 'logging' privileges will have the ability to view an audit trail on their own project. This built-in audit trail also allows REDCap administrators to be able to determine all the activity and all the data viewed or modified by any given user.
Data Export and De-Identification
REDCap allows users to export any and all data from their REDCap projects, supposing they have been given full data export privileges.
The Data Export Tool has advanced export features that allow one to implement data de-identification methods. User privileges can also be set so that some users may be allowed to export data from the project but will have the data de-identification methods imposed as a means of preventing them from exporting sensitive data, either mistakenly or intentionally.
Data Retention
If a project has been inactive for a period of time, REDCap administrators will request the project be moved to either "Analysis/Cleanup" to allow for the cleaning and analyzing of data or "Complete" to indicate the project is no longer being used. Even in "Complete" status, the data will remain intact and stay in the database.
In general, UW staff are instructed to follow institutional policies for records retention especially relating to research data.
Data Interoperability
The REDCap API is an interface that allows external applications to connect to REDCap remotely. The REDCap API implements the use of tokens as a means of authenticating and validating all API requests that are received.