To minimize regulation infringement and potential sanctions, some basic principles should be applied.
Even though the system and network security remains your responsibility, the solution platform offers you some tools:
- Standard web browsers and http or https protocol are used. Web technology guarantees a first layer of isolation between the web server and the workstation.
- Passwords are not transferred onto the network. Authentication system is based on standards. It may be a Windows connection checked through the LDAP (Lightweight Directory Access Protocol) or an authentication through certificate. For simplicity reasons, you can use a method based on users and encrypted passwords stored on the application web server. You may also double the authentication.
- Rights are managed at Entities' level. They depend on the profile associated with the user. Access to contracts can also be granted or restricted from the services of each entity.
Info
Setting up all these additional Security Measures requires technical skills and feedbacks which our consulting teams can provide you with. Do not hesitate to contact them if you want to apply these recommendations.
