Download our factsheet "epSOS - Technical Aspects"! To access other epSOS documents and print materials, please visit the Download Area.

epSOS Security Process

Management of the epSOS Security Process is based on the principles as defined in ISO/IEC TR 13335 (ISO/IEC 27000).  The following figure shows the major steps of this process.

As shown by the colours in the figure above, the epSOS security process is divided into three phases:

  • The Functional Specification Phase: The yellow and cyan part;
  • The Development Phase: The pink part;
  • The Operational Phase: The grey part.

The Functional Specification Phase is divided into two components:

  • High Level Functional Specification (the yellow part): this component analyzes and describes the process leading to the selection of the safeguards that will be necessary for the NCP to NCP data exchange security. The component also provides high-level security policies and requirements covering the security of the data exchange between the PN pilot sites and the PN NCP.
  • Detailed Functional Specification (the cyan part): this component refines the security policy and requirements depending on the PN customization and integration of NCP with the pre-existent Health Information Systems.