Skip to content. | Skip to navigation

Personal tools
This is Lite Plone Theme
You are here: Home / Documentation / Internal Scandiatransplant Office Documentation / Secure access from ad hoc workstations

Secure access from ad hoc workstations

Secure access from ad hoc workstations by Scandiatransplant employees (Scandiatransplant intern instruks ad hoc arbejdspladser.docx)
No Updated Update by Title Approved Approved by Public
1.0 2016-01-07

Bo H. Pedersen/Kaj Anker Jørgensen

Initial version 2016-01-07 Kaj A. Jørgensen

 

Developers

The system must be accessible by developers at any time and place in order to maintain high availability for the users; e.g. data-managers, coordinators, doctors, lab-crew, etc. In order to achieve the high security demanded by the level of confidentiality of the data, we only allow two ways of access by the developers:

1) Administrative control of the server-nodes (console+setup-access) is done through a standard VPN solution required by Region Midt, where a physical token (RSA-SecurID) combined with a personal password supports standard two-factor-authentication (2FA).

2) For OS-administrative and general deployment purposes SSH-access is required and only allowed from approved ip-numbers, which again is done by a custom 2FA, that supplies tokens by mail or sms.

 

Data-managers

These have access to the system through the same protocol (i.e. https) as users of the system albeit at an extended level of authorization. Again 2FA is utilized when access is attempted from an unknown ip-number, where the token exchange is done by means of the email-address by which the user is registered in the system.

 

 

 

July 1st 2016