Skip to content
Please enter a keyword to search

  • DD ENV 12924:1998

    Withdrawn A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

    Medical informatics. Security categorisation and protection for healthcare information systems

    Available format(s):  Hardcopy, PDF

    Withdrawn date:  24-04-2012

    Language(s):  English

    Published date:  15-11-1998

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Contents
    1. Scope
    2. Normative references
    3. Definitions
    4. Abbreviations
    5. Security categorisation model
        5.1 System categories
        5.2 Requirements
        5.3 Healthcare information systems characteristics
             5.3.1 Data
             5.3.2 Hardware & Software configuration
             5.3.3 People
             5.3.4 Environment
    6. Procedure for security categorisation and requirement
        specification
        6.1 Recommended Steps of Action
             6.1.1 Procedure step 1
             6.1.2 Procedure step 2
             6.1.3 Procedure step 3
             6.1.4 Procedure step 4
             6.1.5 Procedure step 5
             6.1.6 Procedure step 6
    7. Security categorisation methodology
        7.1 Structure of the categorisation
        7.2 ACI attribute values
             7.2.1 Availability (A)
             7.2.2 Confidentiality (C)
             7.2.3 Integrity (I)
        7.3 System categories
        7.4 Environment assumptions
             7.4.1 Environment - Physical environment assumptions
             7.4.2 Environment - Physical connectivity assumptions
             7.4.3 Environment - Logical connectivity assumptions
    8. Baseline requirements / Protection profile 1
        8.1 System requirements
             8.1.1 Identification and authentication
             8.1.2 Access control and authorisation
             8.1.3 Accountability and audit
             8.1.4 Accuracy
             8.1.5 Reliability of service
             8.1.6 Data exchange and networking
        8.2 Administrative and operational requirements
             8.2.1 Security management
             8.2.2 Security Manager
             8.2.3 IT security policy
             8.2.4 Security response management
             8.2.5 Contingency planning
             8.2.6 Virus protection
             8.2.7 System maintenance
             8.2.8 Media and documentation control
             8.2.9 Software development
        8.3 Personnel requirements
             8.3.1 Recruitment
             8.3.2 Staff management issues
             8.3.3 Security awareness
             8.3.4 Employment termination
             8.3.5 HCE staff privacy
        8.4 Physical and environmental requirements
             8.4.1 Physical access control
             8.4.2 Protection against theft
             8.4.3 Protection of the operational environment
             8.4.4 Fire, water damage and disaster controle
             8.4.5 Additional requirements for areas which contain
                    the main computer resource
    9. Additional requirements common to Protection profile II-VI
        9.1 System requirements
             9.1.1 Access control
             9.1.2 Accountability and audit
             9.1.3 Reliability of service
             9.1.4 Data exchange and networking
        9.2 Administrative and operational requirements
             9.2.1 Security management
             9.2.2 Media and documentation control
             9.2.3 Virus protection measures
             9.2.4 System maintenance
        9.3 Personnel requirements
        9.4 Physical and environmental requirements
             9.4.1 Physical access control
    10. Protection profile II
        10.1 Baseline requirements
        10.2 Additional requirements
             10.2.1 System requirements
             10.2.2 Administrative and operational requirements
             10.2.3 Physical and environmental requirements
    11. Protection profile III
        11.1 Baseline requirements
        11.2 Additional requirements
             11.2.1 System requirements
             11.2.2 Administrative and operational requirements
             11.2.3 Physical and environmental requirements
    12. Protection profile IV
        12.1 Baseline requirements
        12.2 Additional requirements
             12.2.1 System requirements
             12.2.2 Administrative and operational requirements
             12.2.3 Physical and environmental requirements
    13. Protection profile V
        13.1 Baseline requirements
        13.2 Additional requirements
             13.2.1 System requirements
             13.2.2 Administrative and operational requirements
             13.2.3 Physical and environmental requirements
    14. Protection profile VI
        14.1 Baseline requirements
        14.2 Additional requirements
             14.2.1 System requirements
             14.2.2 Administrative and operational requirements
             14.2.3 Physical and environmental requirements
    Annex A (informative) Information system categorisation examples
    Annex B (Informative) How to proceed beyond the standard
    Annex C (Informative) Sources of Threats to HCIS'
    Annex D (Informative) Bibliography

    Abstract - (Show below) - (Hide below)

    Gives a model and a method of categorising automated healthcare information systems in the context of security and privacy. Security means preservation to an acceptable level of data availability, confidentiality, and integrity. A corresponding set of protection recommendations and requirements for each system category specified is given and is appropriate to the level of risks inherent in that category.

    General Product Information - (Show below) - (Hide below)

    Committee IST/35
    Document Type Standard
    Publisher British Standards Institution
    Status Withdrawn

    Standards Referencing This Book - (Show below) - (Hide below)

    BS 7799(1995) : AMD 9911 CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
    ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective