Security & Business Continuity

Westat data systems are subject to stringent security and confidentiality standards and procedures. Security procedures are regularly reviewed to ensure their compliance with evolving industry standards and practices.

Westat adheres to government security regulations, including

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Confidential Information Protection and Statistical Efficiency Act (CIPSEA)
  • Federal Information Security Management Act (FISMA)

We have successfully gone through Federal certification and accreditation for projects using low, moderate, and high security systems.

Web Site Hosting

Westat provides a mature, secure environment for housing web-based systems. We host several hundred sites with more than 100 database and Web servers. The sites are centrally managed and maintained by systems and database administrators. The sites are also physically, environmentally, and logically secure and completely redundant.

Methods and technologies to support data security include

  • Advanced operating system features for password protection
  • Data encryption tools, including public-key infrastructure capabilities
  • Continually updated virus protection filtering and scanning on data communications pathways and storage devices
  • Zoned system secured by a programmable firewall
  • Semiannual penetration testing from an outside security firm

Physical Security

Physical data security across all network servers is ensured through the use of secure storage facilities and strict compliance with daily backup protocols. Westat retains privacy data in separate, secure data stores through use of our Secure Identifier Management System (SIMS).

Business Continuity

Remote user access allows Westat employees to access network resources via an Internet connection from home or while away on business. When employees on the Rockville campus are effectively blocked from being at the office, such as during a blizzard, our business continuity measures effectively provide computing resources and help to mitigate serious disruption of many computer-based business and project operations.