Security

Adminformatics, Inc. ยท Research Logix

Security is a core commitment,
not a feature.

We design, build, and operate Research Logix with security as a foundational principle โ€” protecting the institutions and researchers who trust us with sensitive data.


SOC 2 AUDIT IN PROGRESS ยท SECURITY PROGRAM ACTIVE

๐Ÿ”

Encryption Everywhere

All data in transit is protected by TLS 1.2+. Data at rest is encrypted using AES-256. Credentials are hashed and never stored in plaintext.

๐Ÿ›ก๏ธ

Access Controls

Role-based access controls (RBAC) ensure users only access what they’re authorized to. Privileged access is limited and logged.

๐Ÿ”

Audit Logging

All significant actions are written to tamper-evident audit logs. Logs are retained and available for institutional compliance reviews.

๐ŸŒ

Infrastructure Security

Hosted on hardened cloud infrastructure with network-level isolation, firewall controls, and regular vulnerability scans.

๐Ÿ“‹

SOC 2 Compliance

Adminformatics is undergoing SOC 2 Type II certification. Our controls cover Security, Availability, and Confidentiality trust service criteria.

๐Ÿ”„

Continuous Monitoring

We monitor systems around the clock for anomalous activity, unauthorized access attempts, and service health issues.

01 โ€” Infrastructure

Secure, Resilient Hosting

Research Logix is hosted on enterprise-grade cloud infrastructure designed with defense-in-depth. Network segmentation, web application firewalls, and intrusion detection systems form layered barriers against unauthorized access.

Our infrastructure follows the principle of least privilege โ€” every system component is granted only the minimum access required to perform its function. Production environments are isolated from development and staging systems.

โœ“ TLS 1.2+ encryption for all data in transit
โœ“ AES-256 encryption for data at rest
โœ“ Web Application Firewall (WAF) protection
โœ“ DDoS mitigation and rate limiting
โœ“ Network-level segmentation and isolation
โœ“ Regular automated vulnerability scanning
โœ“ Hardened server configurations (CIS benchmarks)
โœ“ Offsite encrypted backups with tested restoration

02 โ€” Access & Identity

Controlled Access at Every Layer

Access to Research Logix is governed by a strict role-based access control model. Institutional administrators control which users can access the platform and at what permission level. Access is scoped to the minimum required.

All administrative access to production infrastructure requires multi-factor authentication. Shared credentials are prohibited. Access rights are reviewed periodically and revoked immediately upon role change or departure.

โœ“ Role-based access controls (RBAC) per institution
โœ“ Multi-factor authentication for admin access
โœ“ Session management with automatic timeouts
โœ“ Privileged access management (PAM) controls
โœ“ Quarterly access reviews and recertification
โœ“ Immediate access revocation workflows

03 โ€” Data Practices

Your Data Belongs to You

Customer data is logically isolated between tenants. Adminformatics does not access Customer Data except as needed to deliver contracted services or as required by law โ€” and never sells data to third parties.

Practice What We Do Status
Data Isolation Tenant data is logically separated at the application and database layer ACTIVE
Data Retention Customer data retained per agreement; deleted within 30 days of termination upon request ACTIVE
Data Portability Customers can export their data at any time in standard formats ACTIVE
Data Processing Addendum DPA available for HIPAA and GDPR compliance needs ON REQUEST
Third-Party Data Sharing Customer data is never sold or shared with third parties for marketing NEVER
Sub-processor Disclosure List of authorized sub-processors available upon request ON REQUEST

04 โ€” Operational Security

Security as a Continuous Practice

Security isn’t a checkbox โ€” it’s an operational discipline. Our development lifecycle includes security reviews, and our team follows documented change management procedures before any code reaches production.

โœ“ Secure Software Development Lifecycle (SSDLC)
โœ“ Code review required before all production merges
โœ“ Dependency vulnerability scanning in CI/CD pipeline
โœ“ Documented change management and approval process
โœ“ Incident response plan with defined escalation paths
โœ“ Annual security awareness training for all staff
โœ“ Background checks for employees with system access
โœ“ Written security policies reviewed annually

05 โ€” Availability & Business Continuity

Reliability You Can Depend On

Research Logix is built for institutional reliance. Our infrastructure is designed for high availability with redundant components, automated failover, and regular backup validation. We maintain a documented Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

โœ“ Redundant infrastructure across availability zones
โœ“ Automated database backups with tested restore procedures
โœ“ Documented Disaster Recovery Plan (DRP)
โœ“ Business Continuity Plan (BCP) maintained and tested
โœ“ Planned maintenance communicated in advance to customers
โœ“ Incident communication via direct customer notification

Responsible Disclosure

Found a Security Issue?

We take all security reports seriously. If you believe you’ve discovered a vulnerability in Research Logix or any Adminformatics system, please report it to our security team promptly. We commit to:

  • โ†’ Acknowledging your report within 2 business days
  • โ†’ Investigating and assessing the reported issue in good faith
  • โ†’ Keeping you informed of our progress toward resolution
  • โ†’ Not pursuing legal action for good-faith disclosures

Please do not publicly disclose the issue until we’ve had a reasonable opportunity to investigate and respond.