Recollective is a cloud-based online research platform. Security and data privacy are of critical importance and are tackled under four sections. Download the PDF at the bottom of this page for a complete overview.
Infrastructure Security
Recollective is hosted within the Amazon Web Services (“AWS”) cloud from locations in USA, Canada, European Union, Australia and South Korea. AWS delivers a scalable cloud computing platform with high availability and dependability. Security responsibilities are therefore shared between Amazon and Recollective.
Recollective also conducts security monitoring of all systems plus external security testing such as regular penetration testing. Details of how Recollective utilizes the AWS security controls and the Recollective-led infrastructure security measures are both included in this document.
Application Security
Recollective is designed to provide a secure environment in which to conduct your research studies. That begins with identity and access management controls for user authentication. Recollective combines user roles, username/password combinations, two-factor authentication and single-sign on features to determine access. It also allows admins to vary password rules (such as complexity, expiration and lockout).
Session management to automatically time-out inactive users, use of strong SSL encryption for all data in transit (plus optional encryption of data at rest), plus numerous technical safeguards to ensure a high degree of security in the application all come as standard and are described in this document.
Data Privacy Controls
Compliance with data privacy laws (such as GDPR and PIPEDA) and best practices for individual users, the ability to mask or remove Personally Identifiable Information (PII), anonymous login capability, data purge on study completion and obtaining informed consent with clearly-worded agreements are all part of ensuring Recollective meets modern data privacy standards.
This document describes the capabilities included in the Recollective platform.
Business Process
While many security and privacy obligations can be met with a technical solution, business processes also play a critical role in compliance and meeting high standards. This document also describes some of the processes put in place for business continuity / disaster recover and secure software development. More information about service team business processes can be found on the Services page and related content.
This document is version controlled. It is reviewed and updated regularly as Recollective expands and adapts to changes to the security and data privacy landscape. Please check to ensure you have the latest version.
.jpg)
.svg)
