All communications with QTool, for both the administrative user and participant sites, are sent over SSL encrypted connections. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
All data within QTool is stored in Leeds in the UK, in data centres owned and run by IT and LIDA at the University of Leeds. QTool is hosted on the IRC PLatform within LIDA. The IRC (Integrated Research Campus) platform within LIDA is certified to the international standard for information security management ISO/IEC 27001:2013, and is compliant (level 2) with the NHS Digital information governance requirements now known as NHS DSPT (Data Security and Protection Toolkit) (formerly NHS IG Toolkit).
New administrative user and participant user passwords will comply with the University of Leeds Password Policy. In addition, administrative users and/or participant users changing their own passwords will also be required to comply with the password policy: a “strong” password that is a minimum of 8 characters and a mixture of uppercase, lowercase and a digit.
QTool passwords are hashed using SHA-256 with a random 64-bit salt.