PRODUCTION ENVIRONMENT RECOMMENDATIONS
ATiM database is likely to house confidential health and materials information that cannot be replicated from any other source. Complete loss of this information could result in the stranding of banked biological materials.
Installation of the required computer and related network hardware are a local responsibility. CTRNet provides the following recommendations as a guideline only. They are not intended to replace institutional policy.
Where ATiM is used to collect, store and present sensitive health information, qualified local expertise and resources are mandatory to ensure that installation meets or exceeds the appropriate institutional policies for handling and protecting sensitive personal data for research purposes.
User Access Recommendations
- End-user access should be managed by the login and security features provided in ATiM.
- Access to ATiM application and the related databases should be restricted to personnel trained and authorized to handle personal information on a “need-to-know” basis.
- User authorities must be documented and configured to meet local needs prior to populating the application with confidential data.
- ATiM database and application servers should run behind a managed institutional firewall intended to protect clinical data.
- ATiM database and application server accesses should be limited, secured and controlled.
- A secure connection (SSL connection (https, etc)) is recommended to connect ATiM from any workstation.
- ATiM and the related databases should be backed up on a daily basis and treated as confidential production data.
- Off site storage should be completed on a weekly basis.
- Off site storage access should be limited, secured and controlled.