OH2022 - GDPR and SEC

Owned by Alessandro Domanico
Last updated: Sept 13, 2023Version comment
1 min read

Status

DONE

Impact

MEDIUM

Driver

@Alessandro Domanico

Approver

@Claudio Rosazza

Contributors

@Alessandro Domanico @miz

Informed

@Ilario Gavioli @Alberto Mandelli

Due date

Jun 30, 2022

Resources

https://docs.google.com/document/d/1BdFftm-clRKweuIBHRf7NTDqtv1mgThihs_EXvEsmCM/edit?usp=sharing document

 

 

 Relevant data

The goal is to adapt the software to more stringent requirements for the treatment and management of health information, to protect the rights of data subjects, guaranteeing privacy and confidentiality.

The aim is to fully adhere to the EU GDPR, and therefore to widely welcome (and to implement) several indications for the best data protection.

These indications cover the following areas: spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privileges, library weakness.

 Background

The software has been assessed in security and GAP analysis (along the lines of ISO27001 cert.) for security and data protection requested by the EU GDPR Compliance.

 Action items

To create Jira issues with analysis' outcome @Alessandro Domanico and to group them under an Epic issue (See issues)

 Outcome

To implement all the recommendations lited in the attached documents, in order of priority.

Open Hospital powered by ISF
2005 - 2016 ISF © Informatici senza frontiere - ONLUS