The epSOS LSP must guarantee the security of healthcare data processing. Thus,  confidentiality, availability and integrity of data must be guaranteed through suitable security requirements. More precisely, the security requirements for the epSOS LSP must ensure the following:

• Identification;
• Authentication;
• Access control;
• Non-repudiation;
• Data confidentiality;
• Data availability;
• Logging of any operation that impacts security, performed by any user (active actors)

Following the logical architecture of the project and taking the complexity and the number of different approaches of the PNs into consideration, it appears useful to divide the security requirements into the following three levels:

• 1st level - Security requirements for the epSOS LSP as a whole (16 security requirements defined);
• 2nd level - Security requirements for a National Contact Point (NCP) (34 security requirements defined);
• 3rd level – Minimum acceptable common security requirements for the different National Information Infrastructure (PoC) (9 security requirements defined). “Minimum” because they account for the least possible number of requirements that fulfil  the Project’s specifications; “acceptable” because the requirements are already implemented, or can be easily implemented, by all PNs”.