Data security

In the HBD project confidentiality, integrity, availability and privacy are guaranteed through the adoption of an ISO/IEC 27001 27017 27018 certified Information Security Management System (ISMS). All data is stored in Italy, within data centres managed by INFN, IRCCS or their Networks.

Tools are provided to secure data in-transit (such as VPN, HTTPS web services) and at-rest (such as client-side encryption of data and backups). A Key Management System (KMS) based on HashiCorp Vault technologies is available. The good practices recommended by ENISA “Good practices for the security of healthcare services” are also applied.

In the project (multitenancy), it is possible to define different virtual environments (tenants) completely isolated from each other, ensuring that different user communities (networks of IRCCSs, groups of researchers conducting specific studies, etc.) only share data with those who have the appropriate access rights. Finally: the list of applicable legislation is constantly kept up-to-date.

The new technological developments required to comply with the regulations (with particular attention to the NIS and NIS2 directives and the GDPR regulation) are planned in a timely manner by INFN and are also developed through the current partnership with REPLY.