Secure Network Design

Download: docx | pdf

ATTACHMENT 8 - ALTARUM SECURED NETWORK (ASN) AND PHYSICAL DESIGN

Data collection and storage. The collected data will be compiled from the provider survey into a dataset with a data dictionary using commercially available SAS Institute Inc. (SAS) © software. The data will be stored on Altarum computers using whole-disk encryption. Additionally, Altarum hosts all survey data on the Altarum Secure Network (ASN), which is a highly secure network used to store CDC, Department of Defense (DoD), and Veterans Administration (VA) data. The ASN is firewalled from outside access and requires two-factor authentication by select Altarum employees. The datasets shall be delivered to the CDC Project Officer(s) on a monthly basis, using a secure method of data transfer consistent with CDC Information Technology Security protocols. The data will be stored on Altarum computers using whole-disk encryption.

The Altarum SMS implements quality control checks and validation scripting routines; collected data is checked for skip logic, patterns in missing data, appropriate patterns of dispositions, and logical consistency across related variables. Using the SMS, monthly reviews of the received survey data will be performed to ensure proper resolution of all discovered errors and inconsistencies within 30-60 days of their identification.

Provisions for protecting privacy/confidentiality: The ASN is a secure network segment/enclave of systems used for collecting, storing, and manipulating sensitive (i.e., protected health information (PHI) and personally identifiable information (PII)) data used in analyses. The storage of such data must meet all applicable security requirements. The ASN is used for contracts where security and controlled network access are key requirements. Once data are collected from participants, PII and PHI (though minimal) are immediately de-linked from dataset. All PII and PHI are held securely within the ASN. At the end of the contract, or no later than December 2020 after completion of data cleaning and analyses, Altarum will securely erase all PII, PHI and survey responses from ASN.

The ASN enclave of hardware and software is in Altarum’s headquarters in Ann Arbor, Michigan. The hardware of the ASN is contained within a steel cage within a secure server room on a secure floor of a secure building. Physical access to the building, the floor, the server room, and the steel cage is restricted by electronic badges keyed to level of access required. Physical and electronic access to the ASN is restricted to people with a valid need, and approval is required from the Altarum Vice President for Corporate Information Security and Technology. People who access information stored on the ASN are only allowed access to specific segregated project information for which they have been approved. Access to the ASN is only allowed from a computer with data at rest (DAR) encryption implemented and only from a virtual private network (VPN) using two-factor authentication.

The ASN is dedicated to storing and analyzing client and internal research data that have special security requirements. The physical design of the ASN is illustrated in Appendix 14. The ASN requires several software applications running co-operatively to function properly; no single software application is used. Initial requirements specified a publicly available survey site, a private file storage device for user collaboration and document sharing, and a SAS server for data analysis. To access the public survey site, Microsoft Internet Explorer v5.0 or higher is required. To reach any application on the secure network (e.g., non-public ASN components) other than the survey site (e.g., public ASN components) requires the installation of a Cisco VPN client. Once the VPN client is installed and operating properly, the following applications may be used, depending on the user’s approved responsibility: Microsoft Internet Explorer (v5.0 or higher), Microsoft Remote Access, Microsoft Office, (version 2002/xp, or higher), and a Secure Shell (SSH) client.

ALTARUM SECURED NETWORK (ASN) PHYSICAL DESIGN

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
Author	Henny, Kirk D. (CDC/OID/NCHHSTP)
File Modified	0000-00-00
File Created	2021-01-23