Method electronic data
1.3.2.1 Agreement
Zilliz, supplier electronic client-
tracking system
All client data is recorded in Zilliz. ZilliZ is one
internet application provided by Landmerc B.V. in Wageningen. The system
runs as Software as a Service,
d.w.z. trough Internet, where the software and data of the client administration are central
are stored as part of an available online, closed and
secured platform.
To ensure safe storage and use of data the following measures apply:
Protection against loss
- The computers / servers are set up at BIT's secure data center in Ede (www.bit.nl).
- The data will be on RAID-5 drives, so that in the event of failure of one of the disks there is no data loss.
- From the database several times a day made a backup; a weekly integral backup. Backups are kept in a different location.
- For the management and maintenance of the servers is through Landmerc entered into a Service Level Agreement with Site4U Wageningen. Continuous monitoring of the system is part of this.
Login security
- Users log in via a username and password. Passwords must contain at least seven characters, of which at least one number and one special character.
- When logging in, a extra code requested which is shown as captcha image, allowing automatic login through so-called bots are prevented.
- During the logging in, a so-called CF Form Protect protocol is automatically processed for prevention unauthorized automatic login by so-called bots.
- The login time is maximum 2 hours after the last system interaction. After that, the session is automatically interrupted. Leaving an active session unattended is the responsibility of the system user, but is limited by the system.
Encrypted storage and exchange of data
- Passwords are doubly secured key stored encrypted. The key is not stored in the database.
- Personal files are stored separately from the personally identifying data in the database.
- Person-sensitive information is stored under a so-called non-editable or. traceable UUID key.
- For the data transfer between central server and user is used made of the secure HTTPS protocol.
- Access to the use of ZilliZ can be limited to one with an IP address that can be set per employee or user, more or all locations. For example example use by employees are limited to only the work location.
1.3.2.2 Raffel Agreement, supplier internet and automation
The access to the internet and the email addresses with domain name @ titurel.nl will be sent to Titurel provided by the company Raffel Internet, telephony, ICT.
- Data security
The
servers and network equipment of Stichting Titurel are arranged in one
closed space at the Hoogerheide office location. The IT environment is
virtualized based on Vmware, with a RAID-1 set as storage (local
attached storage). Any 24 hours will be a full copy of the virtual
machines stored in a remote location as DR (Disaster Recovery)
provision.
- Backup
Backups are made of the entire virtual environment (data +
configuration + system files). These backups are stored in a data center
location of Raffel Internet in Amsterdam (NIKHEF data center). These backups
be every 24 hours, and are kept with a minimum retention of
14 dagen. A full backup is made every Saturday. Data is being sent
via a 128 bit AES encrypted Ipsec tunnel.
- Authentication
Users
can log in with a username and password of at least 7 characters.
Logging into the Citrix XenApp desktop is only possible from the locations of
Titurel Foundation. External access is only possible for e-mail using.
webmail (Outlook Web Access). For some users is also external Citrix
XenApp desktop access possible through an SSL VPN with 128 bits
encryption. Authentication is done here by means of username and
password, plus a machine-specific certificate. So access is only
possibly from the equipment where this certificate is installed.
- availabilty
No special measures have been taken regarding availability. In case of hardware failure, or otherwise being unavailable the environment will have to be restored from backups. The environment is such set up this under normal indoor conditions 48 hours can be recovered.
Titurel has its own mail server based on Microsoft Exchange. Internal mailing between @ titurel.nl addresses from a "mail client" (Microsoft Outlook, Smartphones in Webmail) is always safe, since connections between the server and the "mail clients" are encrypted using of SSL / TLS and cannot be accessed without a valid username and password. When a mail account is set up on a smartphone, is going to be also enforces a locking mechanism to be activated on the smartphone (e.g. a pin code).
Sending E-mail to external parties is discussed in chapter 1.3.2.3.
1.3.2.3 Healthcare Mail Agreement
Titurel uses the Zorgmail service. This is provided by the VANAD group. The service makes it possible to send e-mail securely.
There are 3 ways to send mail to external parties.
- Normal
Mail just gets sent over the public internet as before, via unencrypted connections.
- Safe through the domain list
To another Participants connected via healthcare e-mail are automatically sent securely. All mail is sent over encrypted connections and through trusted servers sent until it reaches the recipient.
- Safe via “securely ship”
When using the “secure send” button in Outlook, the recipient a notification via email / or a text message with a code, with which he the mail via a web portal of healthcare mail is possible read and answer (via HTTPS). The e-mail will never reach the recipient's PC through unsafe channels.