Infrastructure Security

The BORN Information System (BIS) is architected using a combination of physical and virtualized servers. Virtualization plays a major role for all system-critical components.  The key architectural cornerstone that enables the high availability of the BIS is the use of clustering with virtualization technologies.  Antivirus and antimalware protection for all virtual machines are installed and configured according to the BORN information security policies.

 Firewalls separate BORN into 3 distinct environments (external/dmz/internal) through a variety of IP and port rules as required for the application to function.

 There are redundant firewalls at the outer edge of the dmz and the outer edge of the internal network to ensure that there is no single point of failure within the application.

 

Physical Security

The BORN Information System is housed at the Children’s Hospital of Eastern Ontario’s (CHEO) Tier III Data Centre.  Safeguards include redundant and dual-powered servers, storage, and network links.  

Physical security for the data centre that houses BORN’s equipment is secured through limited badge access.  Motion activated security cameras within the data centre record all activity.

Accessing the BIS

The BIS is hosted on the CHEO network which resides on the Ontario eONE network.  Public access to the eONE network is tightly controlled.  Access from the public internet requires a VPN client in order to open a tunnel into the eONE network.

End-user access to the BORN application is done using a browser and communications leveraging the encryption in-transit capabilities of HTTPS.  BIS website traffic is encrypted by a 2048-bit SSL certificate. 

 

Data Security

HTTPS controls are in place to protect traffic in transit along with services authentication controls.  All activity in the BIS is continually logged and subject to regular audits.

 The BIS utilizes role-based access controls to ensure that users only have access to data they are actually entitled to.

 

Security Policies

BORN has developed a comprehensive Privacy & Security Policy Manual.  The policy manual includes a comprehensive requirement definition for Information Security.  It defines the Information security safeguards, roles and responsibilities for BORN.