Skip to end of metadata
Go to start of metadata

Template for Hosted Application Architecture Review Checklist

Architecture Review   

All technical projects managed by UTS and R&HS must complete an architecture review conducted by the Architecture Review Team (ART) in the project's planning phase before it can be moved into the next phase, Project Execution & Control. A second Architecture Review should be conducted during the production readiness assessment.
Project Team should submit the following documents and schedule a review meeting with ART:

  • Architecture Review Checklist (this form)
  • Architecture Diagram(s) of the System
    More information on Architecture Review and Architecture Review Team can be found on Architecture Review Team.

Project Information


Project Name

 Huron Engagement - eIACUC                                               


Project Number



Project Manager

 Kari Meyer


Prepared By

 Kari Meyer


Preparation Date

 August 14, 2017


Project Type



Project Summary

The Institutional Animal Care and Use Committee (IACUC) is a working group that Emory appointed as required by the Animal Welfare Act (AWA) and PHS Policy on Humane Care and Use of Laboratory Animals.  This project proposes the following:

  • implement the Huron IACUC software package
  • establish and implement a protocol and data migration plan from the old systems to the new one
  • establish a number of integrations between¿required¿information¿systems,
  • provide validation of staff training documentation
  • roll out a reporting platform to support the required data reports


Vendor Background and Viability

Huron is the consulting partner we rely upon for the eIRB at Emory University.  Emory conducted a vendor evaluation and validated that the majority of commercial products are niche products, and the only mature IACUC product was Huron. We demoed two vendors and Huron came out as the top choice. Huron has the only product currently on the market with the track record and the solution set to meet Emory's needs. We have based this assertion on the direct experience from other research institutions with our animal research volume as well as our own testing of the product. In addition, since we have Huron’s eIRB module up and running for many years, we have direct experience working with Huron as a solution provider. With the frustration by faculty, administration, and information technology alike and the inability for Topaz (the current vendor that the IACUC uses) to deliver a stable, reliable product, we recommend moving forward with the implementation of Huron IACUC solution set.




System Diagram

Emory eIACUC System Diagram (Cloud)

Architecture Review Questions

Describe what data will be stored on this hosted application

Animal Protocol Information

Describe performance and scalability of this hosted application

Huron Security Overview

Describe authentication/authorization of this hosted application

We will use Emory Shibboleth for Authentication.  Similar to the eIRB, the business office (IACUC office) will maintain the authorization level of the user.  Just like the eIRB, the eIACUC will provide a link for 'first time users' to easily request a level of access to the system.

Describe integration of this hosted application with other Emory applications

The Huron application will export files to be consumed by other Emory applications.   These files will be transferred on a nightly basis.

Describe availability of this hosted application

Huron Security Overview

Huron Consulting Group maintains an Information Security Management System (ISMS) and Business Continuity Management System (BCMS) to mitigate the risk associated with both Huron data and client data. Huron maintains both the ISO 27001 ISMS and ISO 22301 BCMS certifications for IT Infrastructure and applicable systems. Overall the policies provide three security features to the data we are protecting: Confidentiality, Integrity, and Availability.

Physical security at the datacenter is provided via two factor authentication access only to authorized personnel, 24x7 security monitoring, video camera surveillance, motion sensors, and smoke and fire suppression systems.  Network security is provided via redundant firewalls and routers, separate VLANs and subnets, Virtual Server segregation, intrusion detection hardware, and redundant domain controllers.  All servers have antivirus and anti-malware installed.  Additionally, Huron is certified ISO 27001 compliant.

Describe backup and disaster recovery of this hosted application

Huron Security Overview

Describe monitoring of this application and the process of notifying Emory

Included in the maintenance agreement is 24x7 emergency coverage if the production site has a “Site Down”.  Examples of a site down would include: unable to browse site; can browse site, but cannot login; can login, but can’t submit anything; etc.  You can loosely define the 24x7 emergency assistance as critical functionality is unavailable to most users. 

Huron always staffs three on-call software engineers and one network administrator to respond to afterhours emergency issues.  Our Support and Subscription SaaS (Hosting) teams are tightly integrated and use the same process for interaction; you only need contact us through our Support mechanisms to get to any internal team within Huron for assistance.

Describe SLA and maintenance/support plan

Emory’s IACUC subscription has an 8x5 maintenance agreement; M-F 9am – 5pm local time zone.  However, Huron has Software Engineers available from 6am to 6pm Pacific time and all clients benefit from the extra time that would be outside of those hours.

Will this application be used by EHC and, if so, has it been tested on the VDT?

No, this will not be used by Healthcare.

Technical Challenges

List challenges that the project team see with the application that they would like support/guidance from architecture review team.

Architecture Review Team Feedback

1) Investigate policies around obtaining Emory owned data if ever decide to leave the vendor.

I have information here.  The subscription agreement that Emory has w/Huron states that Emory owns the data.  I have attached two images that have information about that.

2) Look at adding CIs for this system in Service Now. (ITSM)

We have a meeting w/the ITSM team on 9/15 to discuss and get the CI's into ServiceNow.  We already know who will be Tier 1 and Tier 2 (ORA Application Support).

  • No labels