The web hosting site/server should meet these minimum environmental requirements. These should be common practice for most web site hosting vendors. • Ensure an anti-virus solution is deployed and active. • Ensure logging is enabled for all logins and services (i.e. SFTP, SSH, etc.). • Ensure all remote console functions are managed through secured VPN services. • Perform regular security scans with a tool similar to Nessus to assure no security deficiencies exist. • Ensure directory transversal has been disabled in the web service configuration. • Confirm web statistics are only viewable to those requiring the information. • Verify that directory indexing is turned off. • Provide for data backup, testing and annual disaster recovery testing. • Ensure that all test and development software code has been removed from the production server. • Maintain latest security patches for operating system, application frameworks, and other utilized services. (Systems that do not have critical patches made within 30 days are removed from the TAMU network per TAMU IT Policy.) • Ensure that all remote RDP sessions are two-factor enabled. The vendor’s technology solution will perform the following three functions, via customized mobile application and stack deployed on ARCMTS servers: 1) Collect research participants’ deidentified mood data via short surveys called EMAs (ecological momentary assessments) delivered within the participant-facing mobile application 2) Aggregate deidentified data from EMA responses and a participant’s wearable research devices (Garmin fitness tracker and Dexcom continuous glucose monitor [CGM]) and deliver for processing on ARCMTS-managed servers 3) Receive triggers from ARCMTS-managed data processing infrastructure and deliver tailored intervention messages to the research participants via the participant-facing mobile application
