Security and data protection

We take security seriously at Sealed Envelope. All our systems are built with security considerations as the number one priority. That's why investigators have to enter a PIN number as well as their password to gain entry to our internet randomisation service. After all, how many internet sites do you use the same password for?

We do not allow patient names to be stored on our web servers. Identifiers such as date of birth, initials and local hospital number are sufficient to identify patients locally. On randomisation a unique patient serial number is generated that can be used on subsequent trial paperwork and for linking databases.

Our servers are housed in secure buildings with uninterruptible power suppliers and 24 hour security. Our primary webserver is located in a Rackspace West London datacentre with a backbone connection to the internet to ensure fast and reliable access (see the uptime button below). Our mirror server is located elsewhere in the UK so that even in the event of a natural disaster, internet randomisation should still be available. All randomisation databases are backed up daily to both onsite and offsite storage.

Privileges to modify the randomisation database are kept to the minimum necessary. For instance, investigators may only insert new records and browse records they have previously entered. The trial statistician only has read access. No-one can delete records.

Mirror servers

In the unlikely event that the primary server fails, a mirror server is ready to take over, ensuring that randomisation is always available.

Log-in and all database screens are accessed via an encrypted connection using Secure Socket Layer (SSL). SSL is an industry-standard way of passing sensitive information between computers. It is often used, for instance, for online banking or to securely transfer credit card numbers across the Internet.