As shown by the colours in the figure above, the epSOS security process is divided into three phases:

• The Functional Specification Phase: The yellow and cyan part;
• The Development Phase: The pink part;
• The Operational Phase: The grey part.

The Functional Specification Phase is divided into two components:

• High Level Functional Specification (the yellow part): this component analyzes and describes the process leading to the selection of the safeguards that will be necessary for the NCP to NCP data exchange security. The component also provides high-level security policies and requirements covering the security of the data exchange between the PN pilot sites and the PN NCP.
• Detailed Functional Specification (the cyan part): this component refines the security policy and requirements depending on the PN customization and integration of NCP with the pre-existent Health Information Systems.