Transport security. Each Participant Member’s security policy shall include written policies and procedures to ensure a secure channel for communications between Participant Members and Participants.
Transport security. Entry control Technical and organizational measures to monitor whether data have been entered, changed or removed (deleted), and by whom, from data processing systems, include: Logging and reporting systems; Audit trails and documentation. Control of instructions Technical and organizational measures to ensure that Personal Data are processed solely in accordance with the Instructions of the Controller include: Unambiguous wording of the contract; Formal commissioning (request form); Criteria for selecting the Processor. Availability control Technical and organizational measures to ensure that Personal Data are protected against accidental destruction or loss (physical/logical) include: Backup procedures; Mirroring of hard disks (e.g. RAID technology); Uninterruptible power supply (UPS); Remote storage; Anti-virus/firewall systems; Disaster recovery plan. Separation control Technical and organizational measures to ensure that Personal Data collected for different purposes can be processed separately include: Separation of databases; "Internal client" concept / limitation of use; Segregation of functions (production/testing); Procedures for storage, amendment, deletion, transmission of data for different purposes.
Transport security. Each QHIN’s security policy shall include written policies and procedures consistent with the technical requirements specified in the QHIN Technical Framework to ensure a secure channel for communications between QHINs and between QHINs and Participants.
Transport security. Entry control Technical and organizational measures to monitor whether Personal Data have been entered, changed or removed (deleted), and by whom, from data Processing systems, include: (a) logging and reporting systems; and (b) audit trails and documentation. Control of instructions Technical and organizational measures to ensure that Personal Data are Processed solely in accordance with the instructions of the Controller include: (a) unambiguous wording of the contract; (b) formal commissioning (request form); and (c) criteria for selecting the Processor. Availability control Technical and organizational measures to ensure that Personal Data are protected against accidental destruction or loss (physical/logical) include: (a) backup procedures; (b) mirroring of hard disks (e.g. RAID technology); (c) uninterruptible power supply (UPS); (d) remote storage; (e) antivirus/firewall systems; and (f) disaster recovery plan. Separation control
Transport security. Biohazardous materials must be secured during transport from unauthorized access or theft and not left unattended in unlocked vehicles. A chain-of-custody should be established when shipping biohazardous materials, for example, using a courier service.
Transport security. (i) Data carriers are removed from the data centre only if they cease to be functional;
Transport security. The <TransportSecurity> tag provides the security specifications for the transport layer of the TPA. It may be omitted if transport security will not be used for this TPA. Unless otherwise specified below, transport security applies to messages in both directions. For each party which is represented by a role parameter in a prototype TPA, the corresponding tags under <Party> and <LogonParty> must be given values when the role parameter is replaced by an actual name. Transport security may be either encryption or authentication. Both encryption and authentication may be used in the same TPA, especially if authentication is by userid and password. Authentication verifies the sender of the message. Encryption prevents the message from being read by unauthorized parties but by itself performs no authentication or nonrepudiation For encryption, the protocol and protocol version (optional) must be supplied by the appropriate tags. Examples of encryption protocols are RC2, RC5, and RC6. Only certificate-based encryption is defined. For authentication, the authentication type must be specified with the <PasswordAuthen> or <CertificateAuthen> tag. The protocol (e.g. SSL), protocol version (optional), and certificate parameters or optional starting userid and password must be specified. A public key certificate must be supplied for each party (except as specified below). Authentication is bi-directional if each party has to authenticate to the other during a given message exchange. The alternative is that the client authenticates to the server but not vice- versa. In most cases, the choice is determined by other factors. If SSL Ver. 3 is specified for encryption, authentication is always bi-directional. If the authentication type is PASSWORD, the client authenticates to the server. If the authentication type is CERTIFICATE, the authentication could be bi-directional or not. For the purpose of this TPA, it is defined as bi-directional unless otherwise specified below. It should be understood that in a TPA in which each party can act as either a server or a client for different actions, the security definitions must enable each party to authenticate to the other, though not necessarily in the same message exchange. The <Certificate> tag provides the parameters needed to define the certificates. The <CertType> tag identifies the type of certificate. Examples are X.509V1, X.509V2, and X.509V3. The <KeyLength> tag gives the key length in bits (e.g. 512). All parties must...
Transport security. ☐ none ☐ Basic128 ☐ Basic256 ☐ Basic256SHA256 ☐ Selfsigned ☐ Chained CAs
