CCS ACS Terms and Conditions¶
Use of CCS systems means that you agree to all University of Miami Acceptable Use Policies. In addition to these policies, CCS adds the following:
- No PHI or PII may be stored on the systems
- CCS is not responsible for any data loss or data compromise
- CCS will make a best effort to recover lost data but assumes no responsibility for any data
- CCS personnel will not change, access, or manipulate any user data
- CCS will gather aggregate usage and access statistics for research purposes
- CCS will perform unscheduled audits to ensure compliance with CCS and UM acceptable use policies
All of your data is hosted in the NAP of the Americas Terremark facility in downtown Miami. The NAP is a Category 5 Hurricane proof facility that hosts all critical infrastructure for the University of Miami. Along with being a Category 5 Hurricane proof facility, the NAP is also guarded 24/7 with multi-layer security consistent with a secure facility.
Your data is encrypted at four levels using our vault secure data processing facility:
- Data at rest. At rest data is kept on encrypted partition which must be mounted by individual users requiring command line access
- Data in motion. All data in motion is encrypted using FIPS 140-2 compliant SSL. This encryption is called automatically by using https protocols.
- Application layer access. All applications must utilize multi-factor authentication (currently Yubikey hardware key) for access to data.
- PHI data. All PHI data must be handled by authorized CCS personnel and is NOT directly available from your secure server. All uploads and downloads are handed by authorized CCS personnel only.
- Deleted data. All deleted data is securely removed from the system.
Along with these security precautions, we also conduct regular security tests and audits in accordance with PCI and HIPAA standards. CCS welcomes any external audits and will make every effort to comply with industry standards or we will reject the project.