LACES/Security Features

Security and Role-based Access Features

Data within LACES are protected physically and virtually. LACES application and database servers are separated from the internet by multiple firewalls. Access to data is strictly controlled.

Servers are in physically secure, seismically neutral locations. Main production servers are in facilities that meet the highest standards (Tier IV, Class A) for security (24 hour manned security, limited access with biometric controls) and redundancy to ensure at least 99.995% availability:

• Uninterruptible power (dedicated substation, redundant diesel generators, batteries)
• Diverse routed networking (multiple fiber vaults to center, internet connectivity through eleven different network providers)
• Redundant cooling, very early fire detection and redundant fire suppression systems

Several features deter hacking and intrusion:

• Locking user accounts after a number of failed logins controls intrusion
• Data between browser and server are encrypted
• LACES does not permit access to underlying database tables except through specific views accessible by role
• Key fields in tables (e.g. SSN) unavailable for export or display without proper authorization
• Sessions left idle for predetermined periods of time are logged out automatically

LACES employs a portal membership system for authentication and access control. Default and available screen elements, actions, and views depend on user role.  

Access to the information, as well as or changes to the database are logged, in order to enforce security and maintain an audit trail.