EBP Toolkit is a SAS-based application used by mental health organizations and their health care providers. Our application allows mental health providers to administer, teach, and measure Evidence Based Practices in mental health.
EBP Toolkit's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
For additional information see: https://aws.amazon.com/security
EBP Toolkit's software is managed in a hosted environment provided by Heroku.com, physically managed by Amazon.com
Heroku and Amazon provides hosting privacy and security in a number of areas
- Physical Security - Restricted access for Amazon.com data center employees.
- Environmental Safeguards - eg. Fire Detection and Suppression, Climate and Temperature Control
- Network Security - eg. Firewalls, DDoS Mitigation
- Data Security - Database and secure access, Audit trails
- System Security - Application isolation and and System Authentication.
For additional information see: https://www.heroku.com/policy/security
Data Encrypted in Transit
EBP Toolkit encrypts all data that is transferred from browser to server and back using HTTPS.
Data Encrypted at Rest
All personally identifying data related to the patient are encrypted before being stored in the database using the Advanced Encryption Standard. Decryption keys are unique per organzation and stored separate from the database. Data are decrypted as they are delivered to the client in reports or displayed on a web pages.
Secure information such a passwords are encrypted as well as removed from log files. Passwords are not stored on the server in a decrypted format.