Systems/Data Protection Procedures
The Graduate School takes its role in providing a robust and secure computing platform for the online graduate application, MyGradProgram and the Graduate School public website very seriously.
Local and off-site backups are performed regularly. Local backups of admissions data are done every hour, other MyGradProgram data is backed up every three hours. Other public-facing web content is backed up each day. Using UW Technology arrangements, daily full backups are stored off-site in a different seismic zone.
Graduate School systems have been audited for security, and generally follow OWASP guidelines for web application security. Database and system logs are audited routinely and MyGradProgram provides transaction level auditing of data changes. Authentication for student data requires a SecurID token in addition to UW NetID login authentication. All MyGradProgram users are required to submit authorization forms with employee and authorized faculty signatures. These authorizations are regularly monitored.
The Graduate School runs redundant database and web server clusters. In addition each server has redundant server components such as hot-swappable disk drives in RAID protected drive arrays. The application for graduate admission, MyGradProgram, and public-facing web stie uptime has exceeded 99.95% in 2009. We expect annual uptime to be no worse than 99.86%. All Graduate School servers are fully insured, and procedures are in place to quickly procure replacements if the primary servers are lost due to a local building disaster (e.g. fire) or regional disaster (e.g. earthquake). Despite this, the Graduate School needs to improve the recovery interval if the primary servers are lost in a disaster. Since there is currently no remote server location for fail-over, recovery in such a disaster scenario could be as long as several weeks.