• Shopping Cart
    There are no items in your cart

DD ENV 12924:1998

Withdrawn

Withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

Medical informatics. Security categorisation and protection for healthcare information systems

Available format(s)

Hardcopy , PDF

Withdrawn date

24-04-2012

Language(s)

English

Published date

15-11-1998

€322.53
Excluding VAT

Contents
1. Scope
2. Normative references
3. Definitions
4. Abbreviations
5. Security categorisation model
    5.1 System categories
    5.2 Requirements
    5.3 Healthcare information systems characteristics
         5.3.1 Data
         5.3.2 Hardware & Software configuration
         5.3.3 People
         5.3.4 Environment
6. Procedure for security categorisation and requirement
    specification
    6.1 Recommended Steps of Action
         6.1.1 Procedure step 1
         6.1.2 Procedure step 2
         6.1.3 Procedure step 3
         6.1.4 Procedure step 4
         6.1.5 Procedure step 5
         6.1.6 Procedure step 6
7. Security categorisation methodology
    7.1 Structure of the categorisation
    7.2 ACI attribute values
         7.2.1 Availability (A)
         7.2.2 Confidentiality (C)
         7.2.3 Integrity (I)
    7.3 System categories
    7.4 Environment assumptions
         7.4.1 Environment - Physical environment assumptions
         7.4.2 Environment - Physical connectivity assumptions
         7.4.3 Environment - Logical connectivity assumptions
8. Baseline requirements / Protection profile 1
    8.1 System requirements
         8.1.1 Identification and authentication
         8.1.2 Access control and authorisation
         8.1.3 Accountability and audit
         8.1.4 Accuracy
         8.1.5 Reliability of service
         8.1.6 Data exchange and networking
    8.2 Administrative and operational requirements
         8.2.1 Security management
         8.2.2 Security Manager
         8.2.3 IT security policy
         8.2.4 Security response management
         8.2.5 Contingency planning
         8.2.6 Virus protection
         8.2.7 System maintenance
         8.2.8 Media and documentation control
         8.2.9 Software development
    8.3 Personnel requirements
         8.3.1 Recruitment
         8.3.2 Staff management issues
         8.3.3 Security awareness
         8.3.4 Employment termination
         8.3.5 HCE staff privacy
    8.4 Physical and environmental requirements
         8.4.1 Physical access control
         8.4.2 Protection against theft
         8.4.3 Protection of the operational environment
         8.4.4 Fire, water damage and disaster controle
         8.4.5 Additional requirements for areas which contain
                the main computer resource
9. Additional requirements common to Protection profile II-VI
    9.1 System requirements
         9.1.1 Access control
         9.1.2 Accountability and audit
         9.1.3 Reliability of service
         9.1.4 Data exchange and networking
    9.2 Administrative and operational requirements
         9.2.1 Security management
         9.2.2 Media and documentation control
         9.2.3 Virus protection measures
         9.2.4 System maintenance
    9.3 Personnel requirements
    9.4 Physical and environmental requirements
         9.4.1 Physical access control
10. Protection profile II
    10.1 Baseline requirements
    10.2 Additional requirements
         10.2.1 System requirements
         10.2.2 Administrative and operational requirements
         10.2.3 Physical and environmental requirements
11. Protection profile III
    11.1 Baseline requirements
    11.2 Additional requirements
         11.2.1 System requirements
         11.2.2 Administrative and operational requirements
         11.2.3 Physical and environmental requirements
12. Protection profile IV
    12.1 Baseline requirements
    12.2 Additional requirements
         12.2.1 System requirements
         12.2.2 Administrative and operational requirements
         12.2.3 Physical and environmental requirements
13. Protection profile V
    13.1 Baseline requirements
    13.2 Additional requirements
         13.2.1 System requirements
         13.2.2 Administrative and operational requirements
         13.2.3 Physical and environmental requirements
14. Protection profile VI
    14.1 Baseline requirements
    14.2 Additional requirements
         14.2.1 System requirements
         14.2.2 Administrative and operational requirements
         14.2.3 Physical and environmental requirements
Annex A (informative) Information system categorisation examples
Annex B (Informative) How to proceed beyond the standard
Annex C (Informative) Sources of Threats to HCIS'
Annex D (Informative) Bibliography

Gives a model and a method of categorising automated healthcare information systems in the context of security and privacy. Security means preservation to an acceptable level of data availability, confidentiality, and integrity. A corresponding set of protection recommendations and requirements for each system category specified is given and is appropriate to the level of risks inherent in that category.

Committee
IST/35
DocumentType
Standard
Pages
60
PublisherName
British Standards Institution
Status
Withdrawn

Standards Relationship
ENV 12924 : DRAFT 1997 Identical

BS 7799(1995) : AMD 9911 CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.