We take security, data protection and data integrity very seriously. EPPI-Reviewer 4 and all accessory services (this site, the management application and the upcoming payment gateway) were designed according to the highest security standards to ensure that your data are always safe and protected from unauthorised access.
It is not uncommon for us to receive enquiries about security-related issues; below you’ll find a short summary explaining the main data-protection measures that are used within the EPPI-Reviewer eco-system.
Preventing Data loss:
When working in EPPI-Reviewer 4, all data you enter are quietly sent to our servers and committed to our central databases in a quasi-real-time manner. Should you lose your connection to the server a notification will appear at the bottom of the screen. This makes it virtually impossible to lose hours of work because of a sudden failure: within EPPI-Reviewer 4 a power-surge or a Windows crash should never result in a catastrophic data loss.
Our servers are built, maintained and protected according to the best industry-standards and EPPI-Reviewer 4 central databases are configured in such a way that all data-changes are logged, giving us the possibility to restore data from virtually any point back in time. This information is backed up daily and the backup tapes are locked away in a fire-resistant safe. One backup tape from the previous week is also moved off-site as an additional protection against catastrophic events. This provides the best possible protection against hardware or software failures on our side. Additionally, if you delete or modify some data by mistake, we will be able to use our backup facilities to recover your data for a fee (please note that backup tapes are not kept forever; we re-use them following typical weekly and monthly cycles).
To prevent accidental deletions and similar user-driven problems, we take special care in designing the user interface: we try our best to make it clear when an operation is not undoable and when it has the potential to delete or hide some data permanently. Specific “are you sure?” confirmation dialogs are used whenever possible and our design follows standard ergonomics principles to prevent accidental and destructive mouse clicks.
Guarding against unauthorised access:
Information Technology security is a very complex subject, and it is not possible to explain in detail all the security safeguards that are implemented within and around EPPI-Reviewer 4. However, one thing should be clarified: the URL of EPPI-Reviewer 4 is http://eppi.ioe.ac.uk/eppireviewer4/, suggesting that data are sent to and from our servers in non-encrypted form. While this is true for ordinary data exchange, it does not apply to the logging-on phase: when authenticating, your data are transmitted through an https/ssl encrypted connection. After successful authentication, additional mechanisms are used to ensure that data are exchanged only with clients that have been properly authenticated.
Time is money, and round the clock productivity is paramount. Even so, we cannot guarantee that our systems will never become unexpectedly unavailable. EPPI-Reviewer 4 needs an active Internet connection between your client computer and our servers in order to work properly.
Our Internet connection is provided by JANET (the UK’s Education and Research Network); as such it conforms to the highest standards of reliability and availability. All our servers and networking appliances are protected from power cuts through suitable Uninterruptable Power Supply (UPS) units. Taken together, these structural and architectural arrangements mean that unexpected connection failures are (if present) very rare.
EPPI-Reviewer 4 integrates a messaging system that regularly polls the main servers to gather status information: when we need to interrupt our services to perform a software upgrade or other maintenance, a notification (brightly coloured) message will appear at the bottom left of the screen. In this way, you will be always notified in good time about our programmed service interruptions. Typically, such interventions occur to update the software itself and will last only a few minutes.