ZIMS data security: 4 layers of protection

Safe and secure with ZIMS

ZIMS is easy to use.  You just need a computer, an internet connection, and a browser.  However, this simplicity also demands strong security to make it work. While it may not get noticed that much, ZIMS security is always there protecting our members and their data through our policies and implementation.

Our policy is defined and approved by our member-led, Species360 Board of Trustees and captured in our “Terms and Conditions”. We have had a policy in place since 1995. Our current policy is always available on our website.

Our implementation is based on 4 key elements that are built directly into ZIMS, including data security, technical security, application security, and collection security:

Data Security

• The ZIMS database is hosted at a secure, offsite facility. ZIMS data is backed-up at multiple physical locations and stored on a fault tolerant, expandable storage area network, featuring RAID 5 disk array with hot swappable spare drives.
• It is backed-up on a daily basis with maximum care given to protect our member’s data in case of an emergency.

Technical Security

• The application and database is professionally hosted and operated from an external data center which is maintained by an AT-1-2 SOC 2 Type II audited company.
• This includes full physical and environmental protections including, but not limited to, fire suppression, humidity and temperature control, dual isolated power and network feeds and physical access restrictions to server racks and other equipment.
• The data center includes Cisco firewalls, 256 bit SSL encryption, regular security audits, and 24×7 monitoring against attacks.
• The application and database is built with Microsoft standard authentication, encrypted passwords, role-level security trimming, isolation of Database from UI and business logic, only authorized application servers can access database, audit stamp for each database record, and database-level change audit to track updates.

Application Security

• ZIMS provides role-based access to virtually every component of the application, which provides discreet control for each institution’s administrator to configure users with the ability to add, edit, read, and/or delete records in any combination needed to secure your data.
• ZIMS can limit users to only one active session at a time, if desired.
• ZIMS can limit access to only pre-approved locations, by Internet Protocol (IP) addresses (e.g., the member’s network, specific remote locations, etc.)
• The Local Admin can choose to review a user’s activity log, roll back certain transactions, and terminate any user session or account, if needed.

Collection Security

• ZIMS allows a member to structure and restrict its own staff’s access to its own animal data by taxonomic rank (e.g., mammals, birds, reptiles) or even to a single specific animal.
• Institutions may also choose to share additional information about a given taxonomic rank (e.g., mammals, birds, reptiles) or even to a single specific animal with other institutions, if desired, to facilitate animal move between institutions.  This is an optional feature, and the default setting is to only share data as per standard policy.