General Information
If you are looking for answers to questions related to RDCP, please take a look at the following RDCP GSite before submitting any request.
Within this GSite, you will find information, updates, and resources that are directly related to RDCP from a commercial perspective.
This GSite will act as a one-stop shop for all the tools, playbooks, and general information that is generated about RDCP so that you can be informed and ready at all times and provide a great service to the end customer.
Security & Privacy Additional Information
The following table includes frequently asked questions and answers provided that may be useful for you.
In case your potential customer has requested additional information on Security & Privacy that is not included in the frequent Q&A table below, please use this zendesk service. Read the steps below to submit your request:
-
Contact your Product Network Lead to fill the documents / questions as much as possible
-
Send filled documents in this zendesk service and include global.rdc-gdpr-internal@roche.com
CC antonio.rodriguez.ar4@roche.com
CC global.rdc_security@roche.com if it's clear that Security needs to be involved.
-
-
No more changes from local/region from this point onwards
-
-
Global Security fills, review and sends back final documents [expectation: 3 weeks]
Frequent Q&A
Warning: This information might not be updated or accurate for your situation.
| Question | Answer | Date of answer | Origin (redacted) | Product |
| Which protocols are used to transfer data from meters to RDCP (e.g. HTTPS, JSON, REST etc.)? | Communication with API's is via socket secure (HTTPS). | February 2022 | RU REG | RDCP |
| Is data transferred from meters and stored in RDCP protected? If yes, which protection/encryption methods are used? | Yes, all data is encrypted at rest (AES256) in RDCP databases and in motion (TLS1.2). | February 2022 | RU REG | RDCP |
| What is the maximum volume of data that can be stored in RDCP (both on user devices and on the backend?) For which period of time the data is stored? | No limit on data volume stored in Backend (due to the Cloud elasticity). Personal data is deleted once the contract is cancelled unless required by applicable law or regulation. RDCP does not store sensitive information in local storage nor in any other personal device. | February 2022 | RU REG | RDCP |
| What are the data protection measures that are used in RDCP (exact protection, data anonymization/pseudonymization and encryption methods that are used)? |
ommunication with API's is via socket secure (HTTPS). All data is encrypted at rest (AES256) in the databases. RDCP is compliant with the ISO27001 security standard, and the cloud platform is HiTrust and ISO27001 certified. All products are HIPAA and GDPR compliant, and compliant with the applicable laws and regulations as well. The solution allows data anonymization (personal identifiers removal) and pseudoanonymization (tokenization) in the Big Data environment. |
February 2022 | RU REG | RDCP |
| What cryptographic/encryption algorithms are used for data protection and encryption, for false data entry prevention, for getting electronic signatures (if any)? |
Data at rest: AES256 Data in motion: TLS1.2 False data prevention entry: Data validation / checksums Digital certificates: SHA256 (2048 bits) / RSA |
February 2022 | RU REG | RDCP |
| What are the criteria that are used for choosing data protection methods? | Risk analysis metodology according to the ISO27001 standard. | February 2022 | RU REG | RDCP |
| Who provides and supports meter to platform connection? (RDC, 3d party vendors etc) | RDC, with Accenture as partner for RDCP and AWS as a Cloud Service Provider. | February 2022 | RU REG | RDCP |
| Describe the nature of the processing: how will you collect, use, store and delete data? What is the source of the data? Will you be sharing data with anyone? You might find it useful to refer to a flow diagram or other way of describing data flows. What types of processing identified as likely high risk are involved? |
Patients will provide the data to the healthcare provider, who will include it in the system. Therefore, the data is provided by the data subject him/herself. This is also applicable for the data collected by the healthcare provider. The purpose of the main data processing is to provide the service (enhancing disease management for healthcare providers and patients with diabetes) to the data subject, and this processing is based on consent. Data will be deleted when no longer necessary, and it will be archived if required for legal reasons in a non-transactional environment. The source of the data is a non-public source. Data will be shared with service providers (sub-processors) with whom Roche Diabetes Care has data protection agreements in place. These sub-processors provide sufficient guarantees to implement appropriate technical and organizational measures. In particular, these sub-processors are: Roche Diabetes Care Affiliates, Accenture (hosting, storage, support and testing), SAP (access management). |
August 2021 | UK N DPIA | RDCP |
| Describe the scope of the processing: what is the nature of the data, and does it include special category or criminal offence data? How much data will you be collecting and using? How often? How long will you keep it? How many individuals are affected? What geographical area does it cover? |
The solution processes sensitive personal data from patients. The legal basis for the data processing is consent. The number of data subjects whose personal data is processed can be more than 200.000. Data will be deleted when no longer necessary, and it will be archived if required for legal reasons in a non-transactional environment. The solution is live worldwide and, in particular, in several countries in the UK, several countries in the EU, USA, India, certain countries in Asia, certain countries in South-America |
August 2021 | UK N DPIA | RDCP |
| Describe the context of the processing: what is the nature of your relationship with the individuals? How much control will they have? Would they expect you to use their data in this way? Do they include children or other vulnerable groups? Are there prior concerns over this type of processing or security flaws? Is it novel in any way? What is the current state of technology in this area? Are there any current issues of public concern that you should factor in? Are you signed up to any approved code of conduct or certification scheme (once any have been approved)? |
Roche Diabetes Care is the processor, and obtains the data from the use of the solution by the patients and the healthcare providers. The relationship with the individuals (patients) is built through the controller, who is the healthcare center. The user (healthcare provider o patient) can log into the system, and will have to accept and acknowledge the required legal texts. At the moment strong authentication process is in place for healthcare providers, and it uses the email to verify the healthcare provider for first login. All patients when registering must acknowledge that they are 18 or over to be able to use the platform. Patients can be considered a vulnerable group. There are no concerns over this type of processing or security flaws. It is not novel in any way. The solution does not make innovative use of technology. There are no current issues of public concern. Roche Code of Conduct is followed by all Roche employees. In addition, Roche is ISO27001 certified and our service providers are also ISO27001 and HiTrust certified among other market certifications |
August 2021 | UK N DPIA | RDCP |
| Describe the purposes of the processing: what do you want to achieve? What is the intended effect on individuals? What are the benefits of the processing – for you, and more broadly? |
- Main processing: provide the service (enhancing disease management for healthcare providers and patients with diabetes) to the patient. This processing is based on consent. - Roche will use the personal data collected via the platform to provide the healthcare provider with a platform account. The legal basis is performance of a contract. This processing achieves the following: 1. to enable the healthcare provider to open and log into the Platform account 2. to enable the healthcare provider to set up and manage a healthcare center through your Platform account, manage your patient personal data therein and instruct us how to process your patient personal data within the functionality of the Platform and in accordance with the user documentation 3. to provide user support and fix technical issues as well as user handling issues with the Platform, including where we contact the healthcare provider regarding important product or performance issues, or where we respond to the user’s questions or respond to the user’s request for support, troubleshooting or any performance issues; and 4. to handle and invoice for optional subscriptions such as the Premium Service, if the user has subscribed. - Use of personal data for product improvement purposes: we analyze, develop, test, and improve our products and their interactions, in order to ensure that our content benefits users in the most effective way. This processing is based on legitimate interest, and the user may opt out of this use at any time. - Use of data for statutory purposes. The legal basis is legal obligation. |
August 2021 | UK N DPIA | RDCP |
| Consider how to consult with relevant stakeholders: describe when and how you will seek individuals’ views – or justify why it’s not appropriate to do so. Who else do you need to involve within your organisation? Do you need to ask your processors to assist? Do you plan to consult information security experts, or any other experts? |
As part of the ISO13485 medical device certification, a human factor test has to be completed, where external companies work which with HCPs and Patients to test the product in order to verify is compliant with the standard. In addition, the security information management system and controls are reviewed every year as part of the ISO27001 certification. Moreover, security experts are involved in the security testing of the solution (i.e. vulnerability scan and penetration test) which is performed every major release or annually, whatever happens first. Finally, many different departments in Roche are involved in the risk assessment process of the solution, involving experts in the legal, privacy, compliance, regulatory, quality, etc. teams. |
August 2021 | UK N DPIA | RDCP |
| Describe compliance and proportionality measures, in particular: what is your lawful basis for processing? Does the processing actually achieve your purpose? Is there another way to achieve the same outcome? How will you prevent function creep? How will you ensure data quality and data minimisation? What information will you give individuals? How will you help to support their rights? What measures do you take to ensure processors comply? How do you safeguard any international transfers? |
The lawful basis for the main processing activity is consent from the patient. To see the rest of the processings and lawful basis, please refer to the question above “Describe the purposes of the processing”. We prevent function creep applying measures such as: regularly performing privacy impact assessments where we analyze how data is processed; we have a Data Protection Officer and a Data Protection team who monitor internal compliance; we have trainings in place for employees; access to data is given in a need-to-know basis; al sub-contractors with whom we engage are bound by an agreement that ensures that they provide sufficient guarantees to implement appropriate technical and organizational measures an comply with the applicable data protection laws when processing data on our behalf. Data quality is ensured by: processing data for the intended purpose; documenting all data processing requirements; regularly conducting impact analysis; undergoing monitoring and cleansing of data; managing access controls; backing up the data to prevent permanent loss of data; regularly checking the quality of the systems used; applying segregation of duties and need to know basis principles in all our systems; applying measures such as encryption, checksum verification, etc; implementing data input and output validation controls. Data minimization is ensured by: collecting data that is adequate, relevant and limited to what is necessary. This is achieved by performing impact analysis where the data that needs to be collected is assessed; deleting data that is no longer needed. Data subjects are informed of the processing by the data controller, who is the Healthcare Center. Therefore, the Healthcare provider must inform the patients of the processing. With regards to Healthcare providers, the solution requests them to accept a privacy notice included in RDCP. When a healthcare provider creates a new patient, RDCP will remind the healthcare provider that consent must be gathered from the patient. Also, data subject rights can be exercised contacting Roche. International transfers are safeguarded by regularly conducting impact assessments where the data flows and transfers are carefully evaluated. We ensure all data transfers can rely on one of the valid transfer mechanisms under GDPR (adequacy decision, appropriate safeguards, derogations, etc). We conduct Data transfer agreements. If needed, an assessment of the recipient country is done, and additional measures are applied. |
August 2021 | UK N DPIA | RDCP |
| The solution should enable management (creation, maintenance and revocation) of users and access rights, allowing locking or disabling users when access is no longer needed. | Partially. Blocking must be requested to Roche. HCP Master Plus can create new HCPs. HCP Master Plus and HCP can create and disable PwDs. Roche can disable HCPs under request. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow for the segregation of access rights through profiles, preferably by function. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The user interface used for typing credentials to access the system (User Id + password) to prevent memorization and previous data visualization (list of already entered logins, automatic memory of passwords associated with a login, etc.). | Yes. Roche uses multiple methods to achieve this. However, some browsers or browser updates might overwrite the behaviour, and Roche cannot control this. | April 2021 | BR IM Assessment | RDCP |
| Any direct typing passwords must be made by means of character mask to prevent them from viewing by others. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow integrated authentication to Active Directory (AD) or LDAP. | No. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow integration via web services securely. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must allow integration with IAM tool CA. | Can be assessed. It is possible to federate current IAM solution with 3rd parties but not recommended for a unique user experience provided by the single sign on with other Roche apps. | April 2021 | BR IM Assessment | RDCP |
| The solution should utillizar the complexity of AD default passwords - Active Directory. | Yes. Currently Gigya offers complex password requirements upon user registration. | April 2021 | BR IM Assessment | RDCP |
| For authentication cases out of GNDI network all integration should be done via web services and secure encryption of passwords as hash and add SALT method, these controls should be guaranteed in traffic and storage of passwords. | Yes. The current solution provides encryption of all data (including password) in transit. Password encryption uses HashSALT as per Gigya documentation. | April 2021 | BR IM Assessment | RDCP |
| Authentication is not possible via AD, the solution should allow the use of personal ID with a strong password as guidelines below. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow use of strong password (minimum 8 characters for composition, use of special characters, combination of uppercase letters, lowercase letters and numbers). | Yes. | April 2021 | BR IM Assessment | RDCP |
| Have mandatory exchange of the initial password at first logon of a newly created account. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should enable automatic password expiration warning with the expired password user, offering trading opportunity. | Yes. This is configurable in Gigya and capability is available | April 2021 | BR IM Assessment | RDCP |
| The solution must allow the automatic locking inactive users for a fixed according to GNDI policy. | Yes. This is configurable in Gigya and user account disabling is available | April 2021 | BR IM Assessment | RDCP |
| The solution should prevent prevent reuse passwords. Minimum last 4 passwords. | Partially. | April 2021 | BR IM Assessment | RDCP |
| The solution must allow the automatic locking after all invalid access attempts (e.g. block has invalid were trying after 5). | Yes. Um delay exponencial é adicionado a cada nova tentativa. Após 10 é feito o bloqueio. | April 2021 | BR IM Assessment | RDCP |
| Passwords should be stored in the database, so encoded by hash algorithm SHA2 or MD5 with SALT. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The data entered by the user in the input fields (input, text boxes, etc.) must be validated before being processed, to prevent buffer overflow and data injection attacks. | Yes. | April 2021 | BR IM Assessment | RDCP |
| All data validation procedures must be performed on the server side. Optionally, there may be data validation initially on the client side since then validation on the server side. | April 2021 | BR IM Assessment | RDCP | |
| The application must allow the limitation of concurrent sessions by the same user (User Id). | Yes. This is configurable in Gigya in order to limit multiple logins from the same account. | April 2021 | BR IM Assessment | RDCP |
| Terminate the user session after configurable time period of inactivity. And after the end of the user session, the screen information should no longer be visible, requiring re-authentication for the resumption of activity. | Partially. Encerrá automaticamente após 15 minutos. | April 2021 | BR IM Assessment | RDCP |
| The logout functionality should completely end the session or connection associated. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution is to use only one token per session to avoid user session hijacking. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must generate a new session identifier when there is any new authentication. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Register log access and attempts to access the information system. The record must contain at least: user ID, date and time of login and user logout, terminal identification (IP address) and number of invalid access attempts. | Yes. These records are kept but access to logs are only allowed by the Security Team in case of a breach or by the authorities. | April 2021 | BR IM Assessment | RDCP |
| Register audit trail containing at least the user ID, date and time of action, action taken (inclusion, alteration and data deletion) by the user and record all activity of privileged users. | Yes. These records are kept but access to logs are only allowed by the Security Team in case of a breach or by the authorities. | April 2021 | BR IM Assessment | RDCP |
| The solution must have an interface for viewing the logs records and be able to export logs as necessary. | Yes. Implemented but access to logs are only allowed by the Security Team in case of a breach or by the authorities. | April 2021 | BR IM Assessment | RDCP |
| The solution will integrate with SIEM tools (Security Information and Event Management) or be compatible with syslog. | Yes. The solution currently provides data to a compatibla SIEM system which is only accessible by the Operations vendor. | April 2021 | BR IM Assessment | RDCP |
| Do not expose information in error messages or log that can be used for possible exploitation of vulnerabilities, such as session identifiers, user account information or personal and business information. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Audit logs generated (logs) should be protected against unauthorized access and against any kind of change and should be stored for configurable period in accordance with the applicable regulations. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should be in accordance with the formal procedure for the granting, maintenance, withdrawal and periodic access review. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The design of the solution architecture should be available, as well as any other documentation that deal with safety requirements | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must support segregation infrastructure and functionalities, Web servers, APP and BD should stay in Vlans DMZs and set apart, separating access by firewall rules. | Yes. This is covered. RDCP has the functionality strongly seggregated: Frontend componentes (HCP and patient portal) , api manager, backend microservices, databases (single responsability). All except frontend apps are in private network. RDCP also has WAF in ths public subnet | April 2021 | BR IM Assessment | RDCP |
| The Solution to Allow / Provide separate areas for application maintenance with unique environment for development, testing, approval, production and with segregation to interfaces that need to be exposed on the Internet. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should be developed to prevent SQL injection, HTML and Javascript Injection Injection. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must be developed in order to prevent vulnerable broken authentication. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should be developed to prevent Cross-Site-Scripiting attacks (XSS). | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must be configured at least with the security level recommended by the manufacturer. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Components with known vulnerabilities should not be used in the project. | Yes. | April 2021 | BR IM Assessment | RDCP |
| It is appropriate that data that is received by the application and are then displayed in a web environment, must undergo a validation on the web server upon receipt by forms (get parameters, cookies or any other source). | Yes. | April 2021 | BR IM Assessment | RDCP |
| It is recommended that browsers do not memorize the personal and sensitive information. | April 2021 | BR IM Assessment | RDCP | |
| The solution before available automátiocs must undergo tests and tests of security and records manuals should be kept, as well as the actions taken after the tests. | Yes. | April 2021 | BR IM Assessment | RDCP |
| There must be entres firewalls GNDI the networks and partners. | Can be assessed. There is a firewall and WAF where the solution is hosted. If a dedicated connectivity is needed this should be out of the scope of the platform itself. | April 2021 | BR IM Assessment | RDCP |
| There should be monitoring of attempted attacks (IPS) between GNDI networks and partners. | Yes. | April 2021 | BR IM Assessment | RDCP |
| There should be segregation DMZ for applications that are exposed to the Internet or other type of security. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Using encryption in the transmission of all data (personal, sensitive etc.) with key equal to or greater than 128 bits. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Using encryption in the transmission of user authentication credentials (user ID + password) with equal or greater than 128 key bits. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Using digital certificate always within the validity period in addition to not accept the certificate if it is on the list of revoked certificates of AC. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Using digital certificate using SSL or TLS cryptographic protocol-1.2. | Yes. | April 2021 | BR IM Assessment | RDCP |
| When failure occurs in encrypted connections, the system should not return an insecure connection (HTTP). | Yes. | April 2021 | BR IM Assessment | RDCP |
| Developed systems should follow the three-tier model - Presentation Layer, Business Layer and Database Layer, physically targeted. | Yes. This is how it is implemented. In addtion, between the presentation and business layer, RDCP has the api manager, where we expose all the functionality that frontend apps required. There is no way to overpass this component. Api manager acts as first layer of security. | April 2021 | BR IM Assessment | RDCP |
| For public-facing applications, accessible via external networks, physical separation of the layers must be implemented through Firewall. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Every web application must use secure protocol (https). | Yes. | April 2021 | BR IM Assessment | RDCP |
| The application should not record any information on the local device used and should be sent all the data / images / code readings for the servers that host the application without generating additional temporary files. | Yes. | April 2021 | BR IM Assessment | RDCP |
| When closed the application, all personal and sensitive data should be deleted from the device used cache (when APP Android / IOS). | RDCP does not store sentive information in the local storage of the browser | April 2021 | BR IM Assessment | RDCP |
| Use a second authentication factor, where applicable, may be via TOKEN, SMS TOKEN or biometrics, for example for applications exposed to the Internet and accessed via the Internet. a risk assessment should be performed for making the decision to use or not the Token. | Yes. Por e-mail. | April 2021 | BR IM Assessment | RDCP |
| When necessary to use Captcha in the process of authentication / validation client / server web applications, in order to inhibit the use of robots. | No. Existe a autenticação em 2 fatores. | April 2021 | BR IM Assessment | RDCP |
| In situations where the application to use sampling methods to complement Register (such as "Login with Facebook" for example), such information should be linked with the Internal bases via CPF or Contract Code only. | N/A | April 2021 | BR IM Assessment | RDCP |
| It's premise before finalizing the Registry by the client (when scope), sending a confirmation code via SMS Token on the client device or email, having to be entered in the register page for confirmation. | N/A | April 2021 | BR IM Assessment | RDCP |
| The Application / Site developed should be subjected to a vulnerability test generating a report to be sent to the Security Information area, before the entry into production. This test should be carried out by a market firm specializing in Information Security. | Yes. The vulnerability management process is performed at the platform level every month by Accenture. In addition, Roche conducts application risk assessments and vulnerability management at the application level. External pentest are required to be conducted once a year or every major release whatever goes first. Additionally, the build process within the CI/CD Pipeline includes checks of dependencies for known vulnerabilities as well as Static and Dynamic Application Security Testing (SAST & DAST). | April 2021 | BR IM Assessment | RDCP |
| All changes, maintenance and application changes should be made in development environment and duly authorized and tested then in homologation environment before the change to the production environment. | Yes. | April 2021 | BR IM Assessment | RDCP |
| All modifications to the packets acquired from suppliers must be tested in environment approval before implementation in a production environment. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Protect the source code present on the server so that it is not unduly accessed by any user. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The routing of connections to the database should always be from the application layer, should never be any computer user, developer or support directly connected to the database in production systems. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The development and approval of systems should be performed only with masked databases and / or data fictitious, but must be kept the same structure of the original production bases and volume sufficient data for the tests, aiming to achieve consistent simulations the reality of the business. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Do not store passwords, connection strings or other sensitive information in clear text or in any way unsafe cryptographically on the client side. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should not allow sensitive data cache. | Yes. No data cache is allowed | April 2021 | BR IM Assessment | RDCP |
| The solution is to distinguish between mandatory and optional data fields. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must have the ability to validate the fields that accept data inputs (personal and sensitive) and parameters against calls to external sources. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must allow the correction and updating of incomplete personal data, inaccurate or outdated by the responsible for the activity or has an interface that allows the holder to have direct access to your data with the ability to correct them when necessary. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow the blocking of access to personal and sensitive data, so that they become unavailable to users when necessary. (For example: Blocking access the database, temporary withdrawal of personal data published on a website). | Yes. | April 2021 | BR IM Assessment | RDCP |
| The application must allow data access restriction (personal and sensitive), through per-user access and permissions profile of segregation (eg consultation, inclusion, change, export and delete), including the level of data field . | Partially. RDCP restricts data access to the patients managed by the logged-in doctor and to those in the same center as the doctor is enrolled | April 2021 | BR IM Assessment | RDCP |
| The solution should allow the anonymisation of data (personal and sensitive) stored, including the level of data fields. | Yes. The solution allows data anonymisation, mainly for the Big Data storage and PHI + PII | April 2021 | BR IM Assessment | RDCP |
| The solution should allow the elimination of data (personal and sensitive) unnecessary, excessive or treated in disagreement with the provisions of law LGPD. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution will generate a copy of the data (personal and sensitive) relative to the holder, in a structured way in an electronic format in common use. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution must allow report generation with data (personal and sensitive) relative to the holder. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow encryption of data (personal and sensitive) stored, including the level of data fields. | Yes. | April 2021 | BR IM Assessment | RDCP |
| All additions, changes and deletion of data (personal and sensitive) must be recorded through logs, containing at least the user ID, date and time of action and action taken. | Yes. Audit info is kept internally in RDCP. A part from data manipulation, we also register what doctor is accessing what patient data | April 2021 | BR IM Assessment | RDCP |
| The solution should allow the identification of the data (personal and sensitive) imported and whenever possible to its source. | Yes. When it comes to clinical data, system is able to record who is doing what and from what source | April 2021 | BR IM Assessment | RDCP |
| The solution should enable data limitation (personal and sensitive) to be imported. | Yes. Solution only supports importing data from trusted sources (uDTC, mySugr, etc) and data imported is limited to specific data types (BG, Carbs, etc). When integration with health care centers is enabled , data is limited to patient/proffessional creation. | April 2021 | BR IM Assessment | RDCP |
| The solution should allow the identification of the data (personal and sensitive) exported and whenever possible to your destination. | Yes. Access to sensitive data is possible only by the owner of the data or by the healthcare professional upon consent. If data needs to be copied to another place, this should be managed by the authorized personnel. | April 2021 | BR IM Assessment | RDCP |
| The solution must enable data limitation (personal and sensitive) to export and restrict copying of these data type. | Yes. Default RDCP behaviour does not extract nor export any data other than specific portal features that allows to extract page context into PDF format. On the other hand, if RDPC has the integration with health care center enabled, data exchanged is controlled by RDCP backend and it depends on the agreement between the center and RDCP. | April 2021 | BR IM Assessment | RDCP |
| Data backups (personal and sensitive) should be made and retained in accordance with the determined retention period to meet the Data Protection Act (LGPD) and relevant legislation to the segment of Health. | Yes. | April 2021 | BR IM Assessment | RDCP |
| When the collection of personal data is associated with legal basis "consent" should be a mechanism for obtaining and OPT-IN record, specifying the purpose of the collection of relevant data and information about their treatment and agents involved, subject to the commercial secrets and industral. In the record must contain date / time and user ID that made the OPT-IN. | Yes. | April 2021 | BR IM Assessment | RDCP |
| When data collection (personal and sensitive) is associated with legal basis "consent" should be a mechanism for obtaining and recording the OPT-OUT. In the record must contain date / time and user ID that made the OPT-OUT. | Can be assessed. User can withdraw consent and request the disablement of the access. We'd have to check if we collect the required data requested in this specific case. | April 2021 | BR IM Assessment | RDCP |
| When data collection (personal and sensitive) is associated with legal basis "consent" should be a mechanism for the opposition's consent and the registration of opposition implemented, stating which of the negative consequences that specific consent. | Can be assessed. User can withdraw consent and request the disablement of the access. We'd have to check what is being requested in this specific case. | April 2021 | BR IM Assessment | RDCP |
| When the transfer of data (personal and sensitive) to countries or international organizations is necessary, it should be provided that: 1. The country of destination provides degree of personal data protection equivalent to that provided in LGPD; 2. principles of compliance Warranty and rights holder and data protection provided for in LGPD, as: standard contractual clauses and specific to individual transfer, stamps, certificates and codes of conduct issued regularly, global corporate standards. Examples of international data transfer: Data storage in data centers physically located abroad, service provider cloud hiring abroad, hiring e-amil foreign provider, customer service service outsourcing. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Existence of confidentiality agreement between the parties, where the provider of services ensures that not disclose the data involved in providing the service. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The Cloud Service Provider must meet the principles of personal data protection and rights holders provided for in the Data Protection Act (LGPD) and similar legislation in force in the foreign country or international organization. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The Service Provider Cloud should meet the security and infrastructure standards according to the model (CSA https://cloudsecurityalliance.org) | Yes. AWS is in compliance with CSA - https://cloudsecurityalliance.org/star/registry/amazon/ | April 2021 | BR IM Assessment | RDCP |
| The cloud service provider must comply with ISO standards / IEC 27001, ISO / IEC 27018, ISO / IEC 29100 and other industry security standards (cite the patterns seen at the observation field). | Yes. | April 2021 | BR IM Assessment | RDCP |
| The cloud environment available, you must have in your infrastructure, mechanisms that mitigate attacks on code development failures, intrusions, information leaks among others, such as the use of mod_security (Apache), WAF (Web Application Firewall) FW's, IDS (Intrusion detection system), AV (Anti Virus) among others. (Cite security mechanisms met in the observation field). | Yes. Anti Vírus and WAF | April 2021 | BR IM Assessment | RDCP |
| The network environment must be segregated in development, approval and production and have ACLs controls or firewalls between Vlans. | Yes. Environments are deployed in separate VPCs and Networks. We use specific mechanisms to make deployments from DEV, TEST, QA and PROD | April 2021 | BR IM Assessment | RDCP |
| The database stored in the cloud shall be segregated from other customers of the provider or multitenant container. | No. RDCP has a centralized database. We do not segregate the database per customer. | April 2021 | BR IM Assessment | RDCP |
| The cloud service provider must provide firewall layer 7 (WAF) for the cloud application hosting service (SaaS). | Yes. | April 2021 | BR IM Assessment | RDCP |
| The cloud service provider must have mechanisms to prevent denial of service attacks to any services that are publicly exposed on the Internet. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The cloud service provider must have a vulnerability analysis of periodic process in any environment that supports the service contract GNDI. | Yes. | April 2021 | BR IM Assessment | RDCP |
| It is recommended that the service provider cloud to provide means (APIS, data format, etc.) to integrate with existing systems in GNDI Group. These systems can be in the group's own datacenter GNDI or another cloud provider. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The service provider shall have Continuity Business Plan and reference documentation, ensuring contingency and recovery in case of incidents. These should be suitable for the Service Level Agreement with the GNDI Group. | Yes. Business continuity, disaster recovery, contingency plan, etc. is all documented and carried out by the Infrastructure Operations Services | April 2021 | BR IM Assessment | RDCP |
| The consumer must follow standard API's authentication (OAUTH / JWT). | Yes. RDCP is implemented using openID standard. We use opaque tokens (access and refresh tokens) between frontend and api manager and identity tokens (JTW) between api manager and backend. | April 2021 | BR IM Assessment | RDCP |
| Communication between API's should be via socket secure (HTTPS). | Yes. | April 2021 | BR IM Assessment | RDCP |
| It is recommended that the cloud service provider dispose of VPNs to restrict access to the application hosted in the cloud for users who have permission to access it. | Yes. Accesses are limited via VPN per each group of people and environments. | April 2021 | BR IM Assessment | RDCP |
| personal and sensitive data at rest, stored by the cloud service must be encrypted. The chosen algorithm should be recommended by a standard as FIPS 140-2. | Yes. | April 2021 | BR IM Assessment | RDCP |
| Encryption keys must be handled properly, in particular, the keys should not be stored together with the data. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The cloud service provider should not perform any data sanitization (overwriting, degaussing, media destruction, among other means) without the prior permission of GNDI Group. | Yes. | April 2021 | BR IM Assessment | RDCP |
| It is recommended that the availability of logs by the cloud service provider is held in one of the following formats: txt, csv, tab, fixed length or XML. | Yes. | April 2021 | BR IM Assessment | RDCP |
| The GNDI Group should be allowed to audit the cloud service provider's environment whenever you want. This audit includes verification of all the configurations that support the environment. | No. Since RDCP platform hosts multiple customers, no company is allowed to audit the environment. | April 2021 | BR IM Assessment | RDCP |
| It has environmental safety assessment process? | The vulnerability management process is performed at the platform level every month. In addition, application risk assessments and vulnerability scans are performed at the application level. In addition, external pentest are required to be conducted once a year or every major release whatever goes first. Additionally, the build process within the CI/CD Pipeline includes checks of dependencies for known vulnerabilities.. RDPC pentest attestation of completion can be shared with you on request. | April 2021 | BR CP Assessment | RDCP |
| Incident Management | Our apps undergo risk assessements and code scans for every change and at penetration tests for each major change or at least annualy. Our backend has additional weekly vulnerability scans.. mysugr pentest attestation of completion can be shared with you on request. | April 2021 | BR CP Assessment | mySugr |
| Has policies that limit access to personal or sensitive data from the Customer on mobile devices? | No such policies have been implemented so far. RDCP can be accessed from any browser with internet conectivity, with a user and password and MFA.. | April 2021 | BR CP Assessment | RDCP |
| Has policies that limit access to personal or sensitive data from the Customer on mobile devices? | Administrative access to PHI and PII is very limited e.g. we use AWS Aurora - so no DB Servers. Where access is possible we restict access through bastion hosts, strong authentication and AWS security services. | April 2021 | BR CP Assessment | mySugr |
| Maintains an updated inventory of the assets used to support the processing / data storage? | An asset inventory is in place which includes sw and hw version and systems. Devices such as employee laptops are not included in this inventory.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| Maintains an updated inventory of the assets used to support the processing / data storage? | We use AWS only for store/transmit/process of PHI and PII data. the enviroment (and therefore all resources) are rebuild at least weekly. We do not use any additional HW or SW components. | April 2021 | BR CP Assessment | mySugr |
| It has management procedures for access to personal or confidential data Customer? | Security groups, encryption, roles and permissions are in place in the platform, following the need-to-know basis, so only authorized personnel can access personal or confidencial data.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| Promotes patches to ensure safety in the systems used in the processing of personal or sensitive data from the Customer? | Patch management and vulnerabilty management processes are in place across the platform, which have been validated by TUV SUD during the ISO27001 certification.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has anti-virus and anti-malware in all equipment that processes personal or confidential information of Customer? | Endpoint security (antivirus, antimalware, etc.) are installed in all equipement of the platform. In addition, a Web Application Firewall filtering malicious traffic is in place.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has anti-virus and anti-malware in all equipment that processes personal or confidential information of Customer? | bastion hosts and application servers use a EDR solution centrally managed by Roche Security. Fireeye currently used version 31.28 | April 2021 | BR CP Assessment | mySugr |
| It is in the process of safety principles for design development in the creation process? | Roche follows the security and privacy by design principles in the design process. In addition, we are in ISO13485 certified (medical device software development) that covers secure coding guidelines, product safety, etc.. ISO13485 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has tools and loss prevention program deployed data? | The platform has IDS and IPS in place. In addition a dedicated security operations center (SOC) that monitors the events and alerts in the systems and manage incident response in in place.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has a process of investigation and monitoring of incidents, including a notification plan to Customer in case of security incidents? | We have an incident response plan which is part of our Information Security Management System (ISMS) aligned to the ISO 27001:2013 standard. In addition & Roche Personal Data Breach Management at group level is in place. Roche has dedicated staff at the corporate and local level who take part in the incident response and resolution process.. Copy can be provided upon request: Roche_DC Platform Runbook (section: Incident Management). ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It provides an annual training on information security? | Yes, annual training of information security, data privacy and ISO27001 are mandatory for all Roche employees. In addition, security awareness campaings are performed in the year.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has documented a backup plan and implemented restore? | Data backup and retencion policy is in place. The process is tested periodically and audited as part of the ISO27001 certification. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| There is an NCP / DRP formalized to guide contingency activities and / or continuity of service / system? | Business continuity and disaster recovery plan are docoumented and tested perioridcally. Those processess are audited as part of the ISO27001 certification.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| Uses unique IDs and assigning profiles for users accessing data from Customer? | Unique IDs are assigned to all users of the platform and generic accounts are allowed. Access are given in a need to know basis.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| Keeps information secure with encryption during transit between networks? | All data in transit is encrypted (TLS 1.2), including external and internal traffic.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| Has encryption on all devices that will access or process personal or confidential information of Customer? | Devices used to access data from Customer are hardened and disk encryption is in place.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| You have encryption on the database? | All data is encrypted at rest (AES256) in the databases.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has environmental safety certifications? | Yes, Roche has achieved the ISO 27001:2013 certification. Our Cloud Service Providers are ISO27001, SOC2 and HiTrust certified.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has environmental safety certifications? | We are currently working on our ISO27001 certification (planned latest end of 2021). | April 2021 | BR CP Assessment | mySugr |
| It has management access to physical environments which are stored personal or sensitive data Customer? | Physical security procedure is in place and audited as part of the ISO27001 certification.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has management access to physical environments which are stored personal or sensitive data Customer? | All PII and PHI data is stored in AWS. We have no physical access to the AWS DCs. AWS is ISO 27001 certified. | April 2021 | BR CP Assessment | mySugr |
| Data used in the development or approval environments are anonymous and simulated? | Yes, all data used in non-productive environments are mock data. Personal data is not allowed to leave production environment.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| It has a risk management and mitigation plan? | A security and privacy risk management proces is in place. All platforms and solutions go through this process, where risk are indentified, mitigation controls are assigned and residual risk are approved.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| Has an inventory of services used in the cloud? | Yes, there is an asset inventory in place which is updated every month.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| There are processes in place that are related to information security and in accordance with LGPD? | Yes, information security processes are in place and covers data protection laws and regulations (GDPR, etc.) of the region and/or country where the solution is going to be released.. ISO27001 certificate can be shared | April 2021 | BR CP Assessment | RDCP |
| The contract with the cloud service provider meets the availability requirements? | Yes, the contract with the cloud service provider covers availabilty requirements, maintenance, etc.. Contract can't be shared due to confidentiality requiremetns | April 2021 | BR CP Assessment | RDCP |