WADA and other Anti-Doping Organizations share responsibility for how your information is protected in ADAMS. Here’s how it works:
WADA has implemented strong security measures to protect ADAMS. Unroll the menus below to learn more.
|Organizational security measures include:
- Implementing written information security and privacy programs that include the assignment of accountability for privacy and information security functions to dedicated individuals;
- Ensuring WADA personnel are subject to a contractual duty of confidentiality;
- Ensuring access to ADAMS by WADA personnel is only granted on a need-to-know basis.
Technical security measures include:
- Strong authentication requirements, such as complex password requirements, two-factor authentication, and personal security questions;
- Exclusive control over administrator accounts: only WADA can create administrator accounts; administrator account holders (i.e., ADOs, laboratories and delegated third parties) are then responsible for issuing appropriate user accounts to users and third parties under their responsibility;
- Granular access permissions that can be managed by ADOs and other administrative account holders;
- Notifications to users in the event of certain atypical activities on their accounts, like password or permission changes; and
- Encryption at rest and in transit.
|Operational measures include:
- 24x7x365 intrusion detection and prevention;
- Automated logging and monitoring of actions performed in ADAMS;
- Firewalls and other network protections to secure ADAMS against malicious attacks and application vulnerabilities; and
- Third-party penetration testing.
| Physical measures to protect facilities where ADAMS infrastructure resides include:
- Ensuring the data center on which ADAMS relies is secure and redundant: ADAMS is hosted in a data center located in Montreal, Canada that is ISO 27001, ISO 27017, and ISO 27018 certified; and
- Physical measures to limit access to WADA facilities such as key-card access, visitor supervision, and video surveillance at entry/exit points.