SN EN 14484 : 2004
Current
The latest, up-to-date edition.
HEALTH INFORMATICS - INTERNATIONAL TRANSFER OF PERSONAL HEALTH DATA COVERED BY THE EU DATA PROTECTION DIRECTIVE - HIGH LEVEL SECURITY POLICY
12-01-2013
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 The European Data Protection Directive (see annex A)
5.1 General
5.2 General aims: (Article 1)
5.3 Scope: electronic and non-electronic (Article 3)
5.4 Principles relating to data quality (Article 6)
5.5 Criteria for legitimacy (Article 7)
5.6 Special categories of processing, including personal
health data (Article 8)
5.7 Information to be given to the data subject (Article 10)
5.8 Right of access to data (Article 12)
5.9 Right to object (Article 14)
5.10 Security of processing (Article 17)
5.11 Judicial remedies, liability and sanctions (Articles 22,
23 and 24)
5.12 Supervisory Authorities (Articles 28 and 18)
5.13 Working party on the protection of Individuals with
regard to the Processing of Personal Data
5.14 Transfer of personal data to Third Countries
6 Requirements for the transfer of personal data to third Countries
6.1 General
6.2 Principles (Article 25)
6.3 Ensuring transfers are permissible
6.4 Grounds by which transfers to third countries are
permissible
7 A Security Policy for third countries
7.1 The requirement
7.2 The purpose of the security policy
7.3 The 'level' of the security policy
8 High Level Security Policy: general aspects
8.1 Levels of abstraction in ensuring security
8.2 Generic principles
8.3 Non-generic
8.4 Guidelines
8.5 Measures
8.6 Elements of a High Level Security Policy
9 High Level Security Policy: the content
9.1 Principle One: overriding generic principle
9.2 Principle Two: chief executive support
9.3 Principle Three: documentation of Measures and review
9.4 Principle Four: Data Protection Security Officer
9.5 Principle Five: permission to process
9.6 Principle Six: information about processing
9.7 Principle Seven: information for the data subject
9.8 Principle Eight: prohibition of onward data transfer
without consent
9.9 Principle Nine: remedies and compensation
9.10 Principle Ten: security of processing
9.11 Principle Eleven: responsibilities of staff and other
contractors
9.12 Principle Twelve: adequacy of third country data
protection
9.13 Principle Thirteen: additional EU Member State
particular requirements
10 Rationale and Observations on Measures to support Principle
Ten concerning security of processing
10.1 General
10.2 Encryption and digital signatures for transmission to
the third country
10.3 Access controls and user authentication
10.4 Audit Trails
10.5 Physical and environmental security
10.6 Application management and network management
10.7 Viruses
10.8 Breaches of security
10.9 Business Continuity Plan
10.10 Handling particularly sensitive data
10.11 Standards
11 Personal health data in non-electronic form
Annex A (normative) EU Data Protection Directive
Annex B (informative) Useful sources of advice
B.1 EU Security projects
B.2 CEN/ISSS
B.3 Non-CEN Standards
B.4 Selected web sites
Annex C (informative) Model declaration
Bibliography
Gives guidance on a High Level Security Policy for third country organisations and is restricted to aspects relevant to personal health data transferred from a compliant country to a third country (see definitions).
DocumentType |
Standard
|
PublisherName |
Swiss Standards
|
Status |
Current
|
Standards | Relationship |
UNI EN 14484 : 2004 | Identical |
BS EN 14484:2003 | Identical |
UNE-EN 14484:2004 | Identical |
EN 14484:2003 | Identical |
DIN EN 14484:2004-03 | Identical |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.