search

Record Protection

Requirement: "Record protection under FDA 21 CFR Part 11 ensures that electronic records are safeguarded against unauthorized access, tampering, loss, or destruction, maintaining their integrity and reliability".

Ubidots Assessment: Ubidots is committed to protecting records through strong technical and organizational measures, as outlined in our Privacy Policyarrow-up-right and Ubidots Architecturearrow-up-right. Key measures include:

  1. Encryption: All records are encrypted in transit and at rest:

    • Database Encryption: Ubidots databases are fully encrypted using AWS EBS with AES256 encryption. Database backups use AWS Backup with the same AES256 encryption standards. Sensitive client data is further secured using Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit private keys and HMAC with SHA-256 hashes. Learn more.

    • In-Transit Encryption: All data in transit uses TLSv1.2 cryptographic protocol, and Ubidots maintains an "A" grade from SSL Labs. Digital certificates are renewed every 30 days to minimize security risks. Additionally, HSTS policies enforce HTTPS connections for all interactions with the Ubidots web app and API. Learn more.

  2. Access Control: Access to records is strictly limited to authorized individuals:

    • Direct database access is restricted to only two DevOps engineers and Ubidots’ CTO, all using secure SSH connections. Details can be found here.

    • API access requires secure tokens, with token revocation supported to ensure compromised credentials are invalidated. Role-based access control and Two-Factor Authentication (2FA) further restrict access, ensuring that only authorized users can access or modify data. For more information, refer to Authentication for Clientsarrow-up-right.

  3. Redundancy and Backup: Ubidots employs AWS Backup with AES256 encryption to ensure that all database backups are secure and recoverable. These backups, along with redundant systems, protect against data loss in case of hardware failures or other incidents. More details are available in the Ubidots Architecturearrow-up-right and backup policy.

  4. Data Handling and Confidentiality: To prevent any data leakage or security issue:

    • Only authorized personnel can access sensitive systems, and secure access is ensured through strict SSH policies.

    • Industry-standard encryption protocols and secure infrastructure safeguard data confidentiality and integrity.

    • Learn more in our Data Management and Retention Policy

PreviousRecord Retention

Last updated