IRIS OpenSpace is hosted on the Microsoft Windows Azure platform in their EU zone and therefore fully complies with UK data protection guidelines.
IRIS OpenSpace relies on Microsoft’s security procedures to ensure physical protection of our systems.
All user passwords are Hashed and Salted. Hashing means that IRIS OpenSpace only stores encrypted passwords and therefore it is not possible for anyone to view an actual password in the database.
Salting means that even in the instance of a rainbow attack it is not possible to crack the encrypted password even if someone were to gain access to our user access database which is protected by Microsoft’s Windows Azure built in security.
Only the actual user of an account sets their password; not even the system administrator can set, view or change an individual user’s password.
The only way a password can be reset is via a uniquely generated password reset link that is emailed to the user.
Files are encrypted in transit using Secure Socket Layer (SSL) and The Advanced Encryption Standard (AES).