In order to ensure that no data is lost in case of natural disasters, virus or malicious code attacks, the critical data files, protected system files and certain application files on web servers are replicated onto electronic storage media. These replication servers are in secure locations, separate from the original file servers. Backup copies of software programs are also maintained for every modification. Proper authentication and identification procedures are available to provide role-based access control for all the Personally Identifiable Information (PII) and Protected Health Information. The PII and PHI, IDs and passwords are encrypted in both rest and transit state, as per the Federal Information Processing Standards. TRICARE has comprehensive procedures for risk management for privacy risks and potential security threats ensuring a reliable system. MHS takes measures to keep the system hardware and security software technology updated, to provide a fully secure operating environment for TRICARE.