pdotd:general-security
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| pdotd:general-security [2022/10/31 16:10] – created kerhart | pdotd:general-security [2022/10/31 18:35] (current) – [Security Statement (Risk Profile)] dpatenaude | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| The purpose of this document is to provide a concise description of the major security philisophy of the .decimal p.d software and related systems. This document should provide an understanding of the risk profile to end users of the software, which will help establish the mindset necessary to answer many of the commonly asked questions regarding the safety and security of the application. | The purpose of this document is to provide a concise description of the major security philisophy of the .decimal p.d software and related systems. This document should provide an understanding of the risk profile to end users of the software, which will help establish the mindset necessary to answer many of the commonly asked questions regarding the safety and security of the application. | ||
| - | ===== Security Statement ===== | + | ===== Security Statement |
| - | p.d ... | + | The first question to consider when assessing the safety or security of a system is typically, what is the risk of a breach. To answer this question regarding the p.d software (and the entire process of ordering patient-specific medical devices from our company) we need to first understand the following: |
| + | * p.d is a desktop software installed on customer supplied workstations | ||
| + | * (customers are free to configure their workstations to meet their IT/IS requirements) | ||
| + | * All data is stored on customer systems behind their firewall | ||
| + | * p.d communicates to our company servers via [[pdotd: | ||
| + | * All external communications are initiated by customer end users through the p.d software | ||
| + | * (i.e. all communications are outbound only and our company has NO access to your network) | ||
| + | * p.d sends only the [[pdotd: | ||
| + | * (i.e. no PHI or PII or sensitive billing information is included in the order files) | ||
| + | * A third party service, [[https:// | ||
| + | |||
| + | Based on these high level system features, it should be evident that the Information Security risk to our customers due to a breach of p.d or .decimal company systems is very low, as: | ||
| + | - No patient information would be exposed | ||
| + | - No sensitive customer information would be exposed | ||
| + | |||
| + | ===== Conclusions ===== | ||
| + | |||
| + | Our goal at .decimal is to make it easy for customers to do business with us. This is precisely why we have implemented processes that use the minimal data necessary to place orders and why we provide standalone software that is compatible with most workstation configurations. By framing the review of the p.d software and the .decimal device ordering process in the context of a "Low Risk" service, we hope that customers are better able to streamline the IT/IS review process and help facilitate the quick adoption of our outsourced manufacturing services into their clinic to improve patient care. | ||
pdotd/general-security.1667232640.txt.gz · Last modified: 2022/10/31 16:10 by kerhart