Security of Data Storage
The application database is hosted on servers that reside in the Assured Computing Platform (ACP), a FISMA compliant data center, located in the RUST Data Center Facility on campus at the University of Alabama at Birmingham (UAB). Location of the building is 815 18th Street South. Birmingham, Alabama 35233 (on the UAB Campus).

For more information on FISMA and its standards, please check these links: https://www.dhs.gov/fisma

The ACP is classified as FISMA moderate, based on the NIST 800-53 revision 4 publication, found here: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

The databases are hosted on Microsoft SQL Server 2012 instances, and use TDE for data encryption, which ensures at-rest security of all data, including backups.

For more information on TDE, please check this Knowledge Base article: https://msdn.microsoft.com/en-us/library/bb934049(v=sql.110).aspx

Data Transfer encryption (such as between a user's computer and the servers, or between the Application and the database) adheres to up-to-date, industry-standard TLS protocols with valid certificates. (TLS ECDHE RSA with AES 256 CBC SHA 265bit TLS 1.2)


Backups
Full data backups are taken nightly, and incremental backups are taken hourly. All backups are encrypted via TDE at the database level (SQL Server 2012). Full backups are replicated off site for Disaster Recovery purposes.


Administrative Responsibility of Servers
All servers involved with the World Database application are monitored by the ACP System Administrators, who are employees of the IT organization at UAB.