All data privacy principles are incorporated by design into Allyfe.
All studies conducted via Allyfe are logically separated to keep them safe from cyberattacks and internal threats.
Advanced organizational and technical measures are implemented to face cybersecurity threats.
Allyfe’s cloud-based platform has been architected and engineered to incorporate by design the most critical principles of data protection. Our firm conviction is that data privacy in data processing is best guaranteed when it is already integrated in the technology right from the conception. The strictest security and organizational measures have been implemented and embedded by design in every single part of the application’s architecture and its frontend and backend systems. Data minimization, user authentication, access control, pseudonymization, anonymization and encryption are only a few examples of the technical security features that we have adopted to secure data. A thorough Data Protection Impact Assessment (DPIA) has been conducted on Allyfe’s technology to identify, eliminate and mitigate potential risks affecting the individual freedom. We relentlessly focus on ensuring that individuals’ rights are guaranteed and privacy requests are handled with care.
Data isolation is important to keep data safe from external cyberattacks or internal threats, but also to prevent unauthorized access to data.
Allyfe's cloud platform offers different levels of data isolation: physical, network and operational separation of data are implemented by design. Allyfe's platform can be deployed in any geography in the world to accommodate specific regulatory requirements regarding data processing and storage according to customers' specific needs.
Customers can have a tenant in their own country shared with other Allyfe’s customers. They can also use a private tenant, where only their data is stored in the infrastructure, physically isolated from any other customer. The platform is data location agnostic and can be deployed according to the geographical coverage of Allyfe's cloud providers. Data is logically isolated to prevent unauthorized access. All study-specific data are marked so that they cannot be shared with any other study. Access is granted study by study, and user accounts can select and access the specific study they want to operate, avoiding any data exchange between the studies.
Automatic tests are done with every change in the software to check access paths are correct and safe. Data is encrypted at rest and in transit using top notch technologies. Replications in other data centers to cover any disaster recovery scenario use strongly encrypted channels. Offline backup data are stored using encryption at rest on the device and are protected with encryption keys changed at every run. They are stored safely in a different geographical place and operated by a different cloud provider. Allyfe's internal network is physically separate from platform networks, to avoid any unauthorized access also from insider threats.
To successfully face the most dangerous cybersecurity threats the Allyfe infrastructure has taken the most appropriate technical countermeasures. They secure network infrastructure and communications. State of the art services are used to identify known attacks and block resources.
Also, artificial intelligence and machine learning techniques are deployed to identify possible attacks, based on historical usage data. Network connections are separated in multiple layered networks, with public servers running in a public network, isolated from the data by an intermediate network containing the application servers. Data storages cannot be accessed directly from the public network.
Network connections are protected with at least two different firewall technologies from the public and internally; automatic management of firewall rules and continuous analysis and logging of data and actions contribute to keeping the network environment safe.
Moreover, we have established a comprehensive set of measures to prevent major threats such as attacks to web forms as well as Structured Query Language (SQL) and Cross-site scripting (XSS) attacks. We have also implemented Web Application Firewall (WAF) and deployed inspector services to filter out all BOT/spam/ attackers’ traffic, to prevent unauthorized traffic from hitting the application. We continuously inspect all software and libraries to be deployed to identify known issues and block deployment if any High or Critical issues are found. Security alerts have been set by default to warn the Allyfe security team about strange patterns and behaviors.