The Web Hosting Service has designated Linux and Windows hosting platforms that are specifically designed to secure restricted data, as defined by the office of Cybersecurity.
These platforms are more secure for several reasons:
Hosting restricted data requires special precautions. If your site needs to handle restricted data, you must sign up for a Platinum Service Level account.
In addition, before your web hosting account is in production a review with Office of CyberSecurity staff and DoIT's Web Hosting team will take place.
It is incumbent upon the restricted data account contacts to apprise the Web Hosting Service as to when a staff member with access, no longer requires access--we will remove the account(s) and firewall access and update our records.
Note:
PCI
-- The restricted data platforms are NOT fully PCI compliant to process credit card data directly but offer limited PCI compliance for storefronts that are one click away from processing the credit card payment. UW-Madison departments with E-Commerce needs are directed to utilize the CashNet service provided by Business Services.
HIPAA
-- The restricted data platform are NOT fully compliant with HIPAA security standards. However, if patient data is de-identified, and doesn't fall under full HIPAA compliance but considered protected health information (PHI) it can be accommodated. If any clarification is required for HIPAA it should be addressed with the Office of Compliance: https://compliance.wisc.edu/hipaa/ in conjunction with the Office of Cybersecurity.