DD ENV 12924:1998

Contents
1. Scope
2. Normative references
3. Definitions
4. Abbreviations
5. Security categorisation model
    5.1 System categories
    5.2 Requirements
    5.3 Healthcare information systems characteristics
         5.3.1 Data
         5.3.2 Hardware & Software configuration
         5.3.3 People
         5.3.4 Environment
6. Procedure for security categorisation and requirement
    specification
    6.1 Recommended Steps of Action
         6.1.1 Procedure step 1
         6.1.2 Procedure step 2
         6.1.3 Procedure step 3
         6.1.4 Procedure step 4
         6.1.5 Procedure step 5
         6.1.6 Procedure step 6
7. Security categorisation methodology
    7.1 Structure of the categorisation
    7.2 ACI attribute values
         7.2.1 Availability (A)
         7.2.2 Confidentiality (C)
         7.2.3 Integrity (I)
    7.3 System categories
    7.4 Environment assumptions
         7.4.1 Environment - Physical environment assumptions
         7.4.2 Environment - Physical connectivity assumptions
         7.4.3 Environment - Logical connectivity assumptions
8. Baseline requirements / Protection profile 1
    8.1 System requirements
         8.1.1 Identification and authentication
         8.1.2 Access control and authorisation
         8.1.3 Accountability and audit
         8.1.4 Accuracy
         8.1.5 Reliability of service
         8.1.6 Data exchange and networking
    8.2 Administrative and operational requirements
         8.2.1 Security management
         8.2.2 Security Manager
         8.2.3 IT security policy
         8.2.4 Security response management
         8.2.5 Contingency planning
         8.2.6 Virus protection
         8.2.7 System maintenance
         8.2.8 Media and documentation control
         8.2.9 Software development
    8.3 Personnel requirements
         8.3.1 Recruitment
         8.3.2 Staff management issues
         8.3.3 Security awareness
         8.3.4 Employment termination
         8.3.5 HCE staff privacy
    8.4 Physical and environmental requirements
         8.4.1 Physical access control
         8.4.2 Protection against theft
         8.4.3 Protection of the operational environment
         8.4.4 Fire, water damage and disaster controle
         8.4.5 Additional requirements for areas which contain
                the main computer resource
9. Additional requirements common to Protection profile II-VI
    9.1 System requirements
         9.1.1 Access control
         9.1.2 Accountability and audit
         9.1.3 Reliability of service
         9.1.4 Data exchange and networking
    9.2 Administrative and operational requirements
         9.2.1 Security management
         9.2.2 Media and documentation control
         9.2.3 Virus protection measures
         9.2.4 System maintenance
    9.3 Personnel requirements
    9.4 Physical and environmental requirements
         9.4.1 Physical access control
10. Protection profile II
    10.1 Baseline requirements
    10.2 Additional requirements
         10.2.1 System requirements
         10.2.2 Administrative and operational requirements
         10.2.3 Physical and environmental requirements
11. Protection profile III
    11.1 Baseline requirements
    11.2 Additional requirements
         11.2.1 System requirements
         11.2.2 Administrative and operational requirements
         11.2.3 Physical and environmental requirements
12. Protection profile IV
    12.1 Baseline requirements
    12.2 Additional requirements
         12.2.1 System requirements
         12.2.2 Administrative and operational requirements
         12.2.3 Physical and environmental requirements
13. Protection profile V
    13.1 Baseline requirements
    13.2 Additional requirements
         13.2.1 System requirements
         13.2.2 Administrative and operational requirements
         13.2.3 Physical and environmental requirements
14. Protection profile VI
    14.1 Baseline requirements
    14.2 Additional requirements
         14.2.1 System requirements
         14.2.2 Administrative and operational requirements
         14.2.3 Physical and environmental requirements
Annex A (informative) Information system categorisation examples
Annex B (Informative) How to proceed beyond the standard
Annex C (Informative) Sources of Threats to HCIS'
Annex D (Informative) Bibliography

Gives a model and a method of categorising automated healthcare information systems in the context of security and privacy. Security means preservation to an acceptable level of data availability, confidentiality, and integrity. A corresponding set of protection recommendations and requirements for each system category specified is given and is appropriate to the level of risks inherent in that category.