We take security, data protection and data integrity very seriously. EPPI-Reviewer and all accessory services (this site, the management application and the upcoming payment gateway) were designed according to the highest security standards to ensure that your data are always safe and protected from unauthorised access.
It is not uncommon for us to receive enquiries about security-related issues; below you’ll find a short summary explaining the main data-protection measures that are used within the EPPI-Reviewer eco-system.
Preventing Data loss:
When working in EPPI-Reviewer, all data you enter are quietly sent to our servers and committed to our central databases in a quasi-real-time manner. Should you lose your connection to the server a notification will appear at the bottom of the screen. This makes it virtually impossible to lose hours of work because of a sudden failure: any kind of Windows crash should never result in a catastrophic data loss.
Our servers are built, maintained and protected according to the best industry-standards (see below for hosting details) and EPPI-Reviewer central databases are configured in such a way that all data-changes are logged, giving us the ability to restore data from virtually any point back in time. This information is backed up daily. This provides the best possible protection against hardware or software failures on our side. Additionally, if you delete or modify some data by mistake, we will be able to use our backup facilities to recover your data for a fee (please note that backups are not kept forever).
EPPI-Reviewer data are stored in two Azure "locations". The production data are held in the Azure "West Europe" zone, which translates to the Netherlands. Backup data are kept in a double copy (both encrypted), one in the same location, and one in the Azure "North Europe" zone (Ireland). This ensures that all EPPI-Reviewer data are kept in locations under the jurisdiction of the European Union.
To prevent accidental deletions and similar user-driven problems, we take special care in designing the user interface: we try our best to make it clear when an operation is not undoable and when it has the potential to delete or hide some data permanently. Specific “are you sure?” confirmation dialogs are used whenever possible and our design follows standard ergonomics principles to prevent accidental and destructive mouse clicks.
Guarding against unauthorised access:
Information Technology security is a very complex subject, and it is not possible to explain in detail all the security safeguards that are implemented within and around EPPI-Reviewer.
However, one thing should be clarified: the URL of EPPI-Reviewer's previous version is http://eppi.ioe.ac.uk/eppireviewer4/, suggesting that data are sent to and from our servers in non-encrypted form. While this is true for ordinary data exchange, it does not apply to the logging-on phase: when authenticating, your data are transmitted through an https/ssl encrypted connection. After successful authentication, additional mechanisms are used to ensure that data are exchanged only with clients that have been properly authenticated. The Coding App deploys equivalent measures to protect the connection after authenticating. Moreover, all data exchanges initiated within the Coding App are transmitted through an encrypted (HTTPS) connection.
(The newer version of EPPI Reviewer has a conventional URL including the https prefix - https://eppi.ioe.ac.uk/EPPIReviewer-Web/.)
Time is money, and round the clock productivity is paramount. Even so, we cannot guarantee that our systems will never become unexpectedly unavailable. EPPI-Reviewer needs an active Internet connection between your client computer and our servers in order to work properly.
The servers on which EPPI-Reviewer is hosted are Microsoft Azure Virtual Machines. These are incredibly reliable, but even these systems cannot guarantee uninterrupted service. Using this environment does mean that we benefit from the economies of scale that come from running huge server facilities, and we no longer need to worry about maintaining uninterruptable power supplies, and interruptions due to maintenance on the university network. Microsoft guarantees availability well in excess of 99% of the time (their Service Level Agreement for virtual machine is here), and we have only had one interruption since moving to this environment several years ago.
EPPI-Reviewer integrates a messaging system that regularly polls the main servers to gather status information: when we need to interrupt our services to perform a software upgrade or other maintenance, a notification (brightly coloured) message will appear at the bottom left of the screen. In this way, you will be always notified in good time about our programmed service interruptions. Typically, such interventions occur to update the software itself and will last between 10 and 20 minutes.