Terms & Definitions
Accountable
The person who is fully accountable for a Workspace, including but not limited to: costs, access, data, software licenses.
Accountable is role used in the myDRE in the context of a specific Workspace; i.e. the role is Person-Workspace specific, that person might have a different role in the context of a different Workspace.
It is the policy that:
- Every Workspace has one and only one Accountable
- That person:
- Must be mandated by the organization owning the Azure Subscription in which the Workspace resides
- Must have a user account from the above organization
Audit recording
The audit recording records of user initiated activities. These activities are recorded in a Tenant dedicated database. An audit recording differs from the operational logging in the following way:
|
|
Audit recording
|
Operational logging
|
|
Purpose
|
Provide demonstrable evidence
|
Solving operational issues
|
|
Retention
|
Persistent
|
Default Microsoft Azure recommendation
|
Core Support Team (CST)
A virtual Support Team created by organizations that want to pool their Support Team together. The scope of access of CST is limited to those organizations that want to collaborate.
Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
Data
In the context of myDRE this refers to any form of digital data this may include but is not limited to software, applications, images, (privacy sensitive) data.
Data breach
‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (https://gdpr-info.eu/art-4-gdpr/)
Note, there is a difference between for instance patient/personal data and data of patients/people in the context of alteration.
Alteration of patient/personal data would imply that alteration could lead to impacting the patient/person. Alteration of data of patients/people does not impact (study) findings, but not individuals and therefore constitute not a privacy risk.
Enrollment
Inserting, registering, or entering in a list, catalogue, or roll ~ technically capable to use myDRE.
Onboarding
The act or process of familiarizing a new customer with one's products or services ~ capable to support the different stakeholders in and around the own organization
myDRE
myDRE is the service anDREa offers to organizations employing people that need a Workspace; Workspaces-as-a-Service.
Rather than having an organization implement and maintain the core services required for this, anDREa maintains this core for all the Tenants.
Post Deployment Test
Set of tests performed post deployment to test issues that might not have occurred in Acceptance but do appear in Production.
Any issue found will trigger a Post Mortem for Production should not differ from Acceptance.
Post Mortem
The objective of a Post-Mortem analysis is to understand and study all the failures encountered after a project has been finished, in order to prevent these issues from happening again in the future. This diagnose will then serve to improve risk management policies and practices for other projects, and it is usually conducted by a manager or leadership team.
Privileged Member
The person who has the same privileges as the Accountable within a specific Workspace.
Privileged Member is role used in on myDRE in the context of a specific Workspace; i.e. the role is Person-Workspace specific, that person might have a different role in the context of a different Workspace.
It is the policy that:
- Every Workspace has zero or more Privileged Members
- That person:
- Is by definition mandated by the Accountable
- Does not have to have a user account to which the Workspace belong
Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Shared Tenant
This term is replaced with myDRE: see myDRE
Support Team (ST)
People employed by the Tenant to support the users of their workspaces. Scope and permissions to support are Tenant restricted.
Tenant
A term used by anDREa to typify an organization that has a contractual agreement with anDREa.
User account
In this document, this refers to the user account in order to access a Workspace.
Workspace
A Workspace is a purpose bound and provides an environment for one or more people, not necessarily having accounts of the same organization, to ingress, process, analyse, and egress data in a safe and compliant way.
A Workspace exists within a specific Azure Subscription. That Azure Subscription is created and controlled by a specific organization who associated this Subscription to the AAD of anDREa.
In semi-technical terms, a within an Azure Subscription constrained network containing all the resources used for a specific purpose.
It is the policy that:
- Every Workspace exists only within one specific Subscription
- That Workspace:
- Has one or more members in one or more roles
- One role must be the role Accountable
Related Articles
Terms of Service (TOS)
Introduction anDREa is committed to protecting the security of data in Workspaces, users and Tenants related data, and anDREa’s own business information. The purpose of this document is to describe anDREa’s Terms of Service (ToS). The ToS is a legal ...Data Handling policy
First version: 2021-05-13 Last updated: 2023-10-19 Last change: Removed a double negative sentence based on the feedback in our Support Team Agreement. Introduction anDREa B.V. (hereafter called anDREa) is committed to protect the data and privacy of ...Data Protection policy
First version: 2021-05-13 Last updated: 2023-10-25 Last change(s): Added links to GDPR compliance assessment, Data Handling policy, GDPR Article 5; Modified contact information; Substituted Azure DRE for myDRE; Formatting. Approval: 2023-10-26 ...Data Breach Procedure
First version: 2021-04-15 Last updated: 2023-10-19 Last change: Link to Data Protection policy Last reviewed: 2024-10-30 Introduction Every care is taken by anDREa to protect personal data from situations where a data protection breach could ...myDRE & Firewalls
Introduction For domain and URL-whitelisting a Firewall is required. anDREa can provide the following options Using your own organization's firewall with Bastion Architecture (preferred) Using your own organization's firewall Deploying an Azure ...