ARCHIVED: How secure is IU Alfresco Share?
Note: The Indiana Clinical and Translational Sciences Institute (Indiana CTSI) retired its implementation of the Alfresco Share document collaboration service on August 31, 2015. Currently, site members have read-only access to their documents; the ability to upload new ones is disabled. For alternatives available to researchers at Indiana University, the University of Notre Dame, and Purdue University who want to store and share their documents using another service, see ARCHIVED: After the retirement of Alfresco Share, what other service should I use to store and share my research documentation? If you have questions about the Alfresco Share retirement, or need help choosing a replacement service, contact Indiana CTSI Support.
Alfresco is an enterprise-level content management system used by corporations and governments to manage and share content. Organizations using Alfresco to protect their critical assets include Merck & Co., Inc., Molecular NeuroImaging, NASA, State of Nebraska, the French Air Force, and the US Department of Defense, among others. As a result, security is incorporated in Alfresco Share from the outset. The Alfresco Records Management system, for instance, has the Department of Defense (DOD) 544 rating, the highest bestowed.
Network access to Alfresco Share at Indiana University is protected via SSL encryption (https), while the underlying Alfresco Share service infrastructure is secured using strict physical, administrative, and technical controls consistent with the NIST 800-53 security standard.
Before using IU Alfresco Share, consider these important usage policies:
- Alfresco Share is for use only in support of academic research. Do not use Alfresco Share for other purposes, such as storing official university business data, patient care data, or electronic health records (EHRs).
- Alfresco Share meets certain requirements established in the HIPAA Security Rule that enable its use for research involving data that contain protected health information (PHI). You may use this resource for research involving data that contain PHI only if you institute additional physical, administrative, and technical safeguards that complement those UITS already has in place. For details, see Your legal responsibilities for protecting data containing protected health information (PHI) when using UITS Research Technologies systems and services You can also contact the Advanced Biomedical IT Core for help.
This is document bbti in the Knowledge Base.
Last modified on 2023-02-02 12:41:13.