Assured Confidence through Secured Tools

Auditing as a security tool is important since it establishes user accountability and accountability fosters responsible system usage. All Health E-Docs™ objects have an identified owner and the owner is responsible for determining access rights. The setting of access rights is not an audited system event. However, limiting manager rights to the owner will correctly assess the owner for the current access rights of a document or collection. Health E-Docs™ is more informative regarding document versioning and maintains a history of versions. This history includes the person creating the new version and the time of creation. Health E-Docs™ also maintains an account history and will present information showing last login.

Operating System access controls on the server will prevent unauthorized access to the server and access to the Health E-Docs™ directories will be limited to individuals authorized to view and modify all repository content.

For enhanced system availability, Health E-Docs™ has implemented a virus scanning mechanism to prevent virus introduction and dissemination to the repository.

Overall, Health E-Docs™ provides the facilities to manage object access and implement repositories that have high privacy and integrity. Security requires responsible users who control and use object access policy in accordance with system objectives and who safeguard their access credentials and objects they create. Segregation of material into collections with different access rights can facilitate access rights management. Operating a high-privacy and high-integrity repository with SSL is the only way to assure that user's credentials cannot be stolen from plain text transmission on the Internet. Proper system administration is applied to eliminate security breaches on the server and to assure system availability.