Skip to content

Information security

Forbidden content

The following categories of information may not be stored in the CATS application database or the IndeVets data warehouse to avoid exposure to high-risk and regulated data:

  • Highly sensitive personal information, including but not limited to Social Security numbers
  • Records about users under 13 years of age
  • Healthcare records for humans

Practices

  • All access to production web interfaces must be over an encrypted (HTTPS) connection at all times
  • No unencrypted ports should be exposed publically
  • Services that don’t need to be exposed publically should only be reachable over private networks
  • Data backups must be encrypted in transit and at rest with keys stored separately from central backup infrastructure
  • All changes to infrastructure must go through review and automated deployment