Data and System Security

Equipment and hosting

  • The AudioSense Transcription Services uses computer equipment owned and operated solely by Square Systems Ltd employees.
  • These computers are located in commercial data centres in Bristol.
  • Only transcribers and people closely related with the AudioSense service staff can access the building.
  • No information, papers or data is stored in the offices so, in case of a break-in, the privacy of customers is protected.
  • At the data centres, the physical access to each rack of computers is controlled by a different combination lock and the combination is changed regularly.
  • Each rack of computers is located in a secure suite.
  • Physical access to the secure suite is controlled by locks and personal security staff.
  • Only Square Systems Ltd personnel are allowed to access to a data suite, always under supervision of the Manager’s services.
  • The computers used for AudioSense Transcription Services run the latest secure stable version of Debian Linux as well as Apache web server and mySQL database.
  • Administration of the computers is performed solely by Square Systems employees.
  • All remote access is via SSH and authentication is by public-private key pairs with all private keys passphrase protected.

Resilience

  • The hosted AudioSense application is a distributed system.
  • Servers are connected via a high speed LAN. There is also an off-site standby system (in London Docklands) providing off-site backup and disaster recovery.
  • All servers run RAID 1 hard disk system with a hot standby disk.
  • RAID level 1 is disk mirroring, which is implemented so that the system will continue to run and boot in the event of a disk failure.
  • The hot standby disk will automatically be incorporated into the RAID in the event of one of the disks failing.
  • The database is replicated between two servers on the main site as well as to a server on the remote site. This ensures that there is live copy of the database on both sites as well two copies on the main site.
  • The main site has two web servers primarily for redundancy but also to provide load sharing if required.

    A web server is also available on the remote site to provide a recovery option.

  • In addition to the replication, the database is backed up every night and a rolling seven day set of backups is kept. This gives the capability to recover data in the event that there is an accidental loss in data which is replicated between the standbys.

Service quality and uptime reliability

We expect our website to be available at least 99.9% of the time. In the event of any system error, however, our team is informed and can take action immediately. The office is staffed from 8.00am to 5.00pm and our team can offer support on logins, access, reporting or site optimisation.

AudioSense security

  • The administrator and all users can only ever see data that belongs to their organisation.
  • Transcribers can only see and work in the areas or languages for which they have been authorised.
  • These rules are enforced by the AudioSense Transcription Services application which uses consistent modules to access data throughout the application.
  • The application is designed in such a way that no AudioSense customer can access any information about other customers.
  • Passwords for each user account are one-way hashed using SHA-256 with a unique salt value.
  • On previously failed logins, or login attempts from unknown IP addresses, a captcha image will appear.
  • All user login attempts, successful or otherwise, are logged to the system.
  • Each user’s IP address is logged to our system.
  • After a period of inactivity, applications are automatically locked. Users must re-confirm their password to unlock the application.
  • All user interaction on the AudioSense website is SSL encrypted.

Data validity

  • AudioSense users are not able to alter the answers to the open questions. Therefore, in the vast majority of cases the transcriptions are an entirely accurate reflection of the information participated in.
  • AudioSense guarantee the quality of the transcribed material by undertaking regular quality controls and external audits.
  • There are particular responses, however, which we do not transcribe:

    -Silent responses;

    -Responses that contain abusive verbatim;

    -Responses that contain information unrelated to the company associated to the transcription.