ADWISERY has successfully implemented the Independent ESPBI IS – Electronic Health Services and Collaboration Infrastructure Information System) Security Audit Project of SE Center of Registers
ADWISERY experts has successfully implemented the Independent Electronic Health Services and Collaboration Infrastructure Information System (ESPBI IS) Security Audit Project of SE Center of Registers.
During the independent ESPBI IS security audit project, we performed:
- Technological vulnerability assessment, which included:
- external ESPBI IS security assessment;
- security assessment of web applications and web services;
- web application source code and vulnerability assessment;
- security assessment of the data management technologies;
- internal ESPBI IS security assessment;
- data transmission network equipment security assessment;
- assessment of the effectiveness of e-mail security systems;
- servers security check;
- ESPBI IS post-hacking recovery assessment;
- technological vulnerability assessment report has been prepared.
- ESPBI IS safety management assessment, which included:
- ESCB IS security compliance with national legislation governing the security of electronic information (cyber security) and with LST EN ISO/IEC 27002 and LST EN ISO/IEC 27001 standards assessment, as well as an ESPBI IS safety compliance assessment report;
- ESPBI IS risk assessment and preparation of ESPBI IS risk assessment report and risk management measures plan, in which measures are prioritized according to the project portfolio balancing methodology;
- Assessment of reliability and optimality of ESPBI IS architecture and preparation of report of reliability and optimality of ESPBI IS architecture;
- Summary security audit report of the Independent ESPBI IS was prepared and the audit results were presented to the representatives of SE Center of Registers and the Ministry of Health.
The results of the project helped SE Center of Registers to identify the most important security vulnerabilities in the ESPBI IS infrastructure and its individual components, to identify non-compliances with legal acts and international standards and to prepare a plan of information security risk management measures, especially relevant after the event during which the operation of the main data center of SE Center of Registers was substantially disrupted.
The project was also important for the ESPBI IS managers, the Ministry of Health, to ensure the proper development of the IS when planning a more sustainable ESPBI IS maintenance and development financing mechanism.
SE Center of Registers was satisfied with the competence of the Adwisery experts participating in the project, the ability to delve into the needs of the organization and the deadlines for the implementation of contractual obligations, and provided feedback.