• Shopping Cart
    There are no items in your cart

ENV 12924 : DRAFT 1997

Withdrawn

Withdrawn

A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.

MEDICAL INFORMATICS - SECURITY CATEGORISATION AND PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS

Withdrawn date

14-03-2008

Published date

12-01-2013

Sorry this product is not available in your region.

Contents
1. Scope
2. Normative references
3. Definitions
4. Abbreviations
5. Security categorisation model
    5.1 System categories
    5.2 Requirements
    5.3 Healthcare information systems characteristics
         5.3.1 Data
         5.3.2 Hardware & Software configuration
         5.3.3 People
         5.3.4 Environment
6. Procedure for security categorisation and requirement
    specification
    6.1 Recommended Steps of Action
         6.1.1 Procedure step 1
         6.1.2 Procedure step 2
         6.1.3 Procedure step 3
         6.1.4 Procedure step 4
         6.1.5 Procedure step 5
         6.1.6 Procedure step 6
7. Security categorisation methodology
    7.1 Structure of the categorisation
    7.2 ACI attribute values
         7.2.1 Availability (A)
         7.2.2 Confidentiality (C)
         7.2.3 Integrity (I)
    7.3 System categories
    7.4 Environment assumptions
         7.4.1 Environment - Physical environment assumptions
         7.4.2 Environment - Physical connectivity assumptions
         7.4.3 Environment - Logical connectivity assumptions
8. Baseline requirements / Protection profile 1
    8.1 System requirements
         8.1.1 Identification and authentication
         8.1.2 Access control and authorisation
         8.1.3 Accountability and audit
         8.1.4 Accuracy
         8.1.5 Reliability of service
         8.1.6 Data exchange and networking
    8.2 Administrative and operational requirements
         8.2.1 Security management
         8.2.2 Security Manager
         8.2.3 IT security policy
         8.2.4 Security response management
         8.2.5 Contingency planning
         8.2.6 Virus protection
         8.2.7 System maintenance
         8.2.8 Media and documentation control
         8.2.9 Software development
    8.3 Personnel requirements
         8.3.1 Recruitment
         8.3.2 Staff management issues
         8.3.3 Security awareness
         8.3.4 Employment termination
         8.3.5 HCE staff privacy
    8.4 Physical and environmental requirements
         8.4.1 Physical access control
         8.4.2 Protection against theft
         8.4.3 Protection of the operational environment
         8.4.4 Fire, water damage and disaster controle
         8.4.5 Additional requirements for areas which contain
                the main computer resource
9. Additional requirements common to Protection profile II-VI
    9.1 System requirements
         9.1.1 Access control
         9.1.2 Accountability and audit
         9.1.3 Reliability of service
         9.1.4 Data exchange and networking
    9.2 Administrative and operational requirements
         9.2.1 Security management
         9.2.2 Media and documentation control
         9.2.3 Virus protection measures
         9.2.4 System maintenance
    9.3 Personnel requirements
    9.4 Physical and environmental requirements
         9.4.1 Physical access control
10. Protection profile II
    10.1 Baseline requirements
    10.2 Additional requirements
         10.2.1 System requirements
         10.2.2 Administrative and operational requirements
         10.2.3 Physical and environmental requirements
11. Protection profile III
    11.1 Baseline requirements
    11.2 Additional requirements
         11.2.1 System requirements
         11.2.2 Administrative and operational requirements
         11.2.3 Physical and environmental requirements
12. Protection profile IV
    12.1 Baseline requirements
    12.2 Additional requirements
         12.2.1 System requirements
         12.2.2 Administrative and operational requirements
         12.2.3 Physical and environmental requirements
13. Protection profile V
    13.1 Baseline requirements
    13.2 Additional requirements
         13.2.1 System requirements
         13.2.2 Administrative and operational requirements
         13.2.3 Physical and environmental requirements
14. Protection profile VI
    14.1 Baseline requirements
    14.2 Additional requirements
         14.2.1 System requirements
         14.2.2 Administrative and operational requirements
         14.2.3 Physical and environmental requirements
Annex A (informative) Information system categorisation examples
Annex B (Informative) How to proceed beyond the standard
Annex C (Informative) Sources of Threats to HCIS'
Annex D (Informative) Bibliography

Gives a model and a method of categorising automated healthcare information systems in the context of security and privacy. Security means the preservation to an acceptable level of data availability, confidentially and integrity. A corresponding set of protection recommendations and requirements for each system category is given which is appropriate to the level of risks inherent in that category.

Committee
TC 251
DocumentType
Draft
PublisherName
Comite Europeen de Normalisation
Status
Withdrawn

Standards Relationship
NBN ENV 12924 : 1998 Identical
NEN NVN ENV 12924 : 1997 Identical
I.S. ENV 12924:1998 Identical
UNE-ENV 12924:1998 Identical
UNI ENV 12924 : 1998 Identical
DD ENV 12924:1998 Identical
NF ENV 12924 : 2000 XP Identical
DIN V ENV 12924:1998-02 Identical

S.R. CR 13694:1999 HEALTH INFORMATICS - SAFETY AND SECURITY RELATED SOFTWARE QUALITY STANDARDS FOR HEALTHCARE (SSQS)
BS EN 14485:2003 Health informatics. Guidance for handling personal health data in international applications in the context of the EU data protection directive
CR 13694:1999 Health Informatics - Safety and Security Related Software Quality Standards for Healthcare (SSQS)
PD CR 13694:1999 Health informatics. Safety and security related software quality standards for healthcare (SSQS)
CEN/TR 15300:2006 Health informatics - Framework for formal modelling of healthcare security policies
EN 14485:2003 Health informatics - Guidance for handling personal health data in international applications in the context of the EU data protection directive
EN 14484:2003 Health informatics - International transfer of personal health data covered by the EU data protection directive - High level security policy
I.S. CEN TR 15300:2006 HEALTH INFORMATICS - FRAMEWORK FOR FORMAL MODELLING OF HEALTHCARE SECURITY POLICIES
BS EN 14484:2003 Health informatics. International transfer of personal health data covered by the EU data protection directive. High level security policy

ISO/IEC 9594-8:2017 Information technology Open Systems Interconnection The Directory Part 8: Public-key and attribute certificate frameworks
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.