Terms & Definitions

Terms & Definitions


The person who is fully accountable for a Workspace, including but not limited to: costs, access, data, software licenses.
Accountable is role used in the myDRE in the context of a specific Workspace; i.e. the role is Person-Workspace specific, that person might have a different role in the context of a different Workspace.

It is the policy that:
  1. Every Workspace has one and only one Accountable
  2. That person:
    1. Must be mandated by the organization owning the Azure Subscription in which the Workspace resides
    2. Must have a user account from the above organization

Audit recording

The audit recording records of user initiated activities. These activities are recorded in a Tenant dedicated database. An audit recording differs from the operational logging in the following way:

Audit recording
Operational logging
Provide demonstrable evidence
Solving operational issues
Default Microsoft Azure recommendation

Core Support Team (CST)

A virtual Support Team created by organizations that want to pool their Support Team together. The scope of access of CST is limited to those organizations that want to collaborate.


The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data


In the context of myDRE this refers to any form of digital data this may include but is not limited to software, applications, images, (privacy sensitive) data.

Data breach

‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (https://gdpr-info.eu/art-4-gdpr/)

Note, there is a difference between for instance patient/personal data and data of patients/people in the context of alteration.
Alteration of patient/personal data would imply that alteration could lead to impacting the patient/person. Alteration of data of patients/people does not impact (study) findings, but not individuals and therefore constitute not a privacy risk.


Inserting, registering, or entering in a list, catalogue, or roll ~ technically capable to use myDRE.


The act or process of familiarizing a new customer with one's products or services ~ capable to support the different stakeholders in and around the own organization


myDRE is the service anDREa offers to organizations employing people that need a Workspace; Workspaces-as-a-Service.
Rather than having an organization implement and maintain the core services required for this, anDREa maintains this core for all the Tenants.

Post Deployment Test

Set of tests performed post deployment to test issues that might not have occurred in Acceptance but do appear in Production. 
Any issue found will trigger a Post Mortem for Production should not differ from Acceptance.

Post Mortem

The objective of a Post-Mortem analysis is to understand and study all the failures encountered after a project has been finished, in order to prevent these issues from happening again in the future. This diagnose will then serve to improve risk management policies and practices for other projects, and it is usually conducted by a manager or leadership team.

Privileged Member

The person who has the same privileges as the Accountable within a specific Workspace.
Privileged Member is role used in on myDRE in the context of a specific Workspace; i.e. the role is Person-Workspace specific, that person might have a different role in the context of a different Workspace.

It is the policy that:
  1. Every Workspace has zero or more Privileged Members
  2. That person:
    1. Is by definition mandated by the Accountable
    2. Does not have to have a user account to which the Workspace belong


A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Shared Tenant

This term is replaced with myDRE: see myDRE

Support Team (ST)

People employed by the Tenant to support the users of their workspaces. Scope and permissions to support are Tenant restricted.


A term used by anDREa to typify an organization that has a contractual agreement with anDREa.

User account

In this document, this refers to the user account in order to access a Workspace.


A Workspace is a purpose bound and provides an environment for one or more people, not necessarily having accounts of the same organization, to ingress, process, analyse, and egress data in a safe and compliant way.

A Workspace exists within a specific Azure Subscription. That Azure Subscription is created and controlled by a specific organization who associated this Subscription to the AAD of anDREa.
In semi-technical terms, a within an Azure Subscription constrained network containing all the resources used for a specific purpose.

It is the policy that:
  1. Every Workspace exists only within one specific Subscription
  2. That Workspace:
    1. Has one or more members in one or more roles
    2. One role must be the role Accountable

    • Related Articles

    • Terms of Service (TOS)

      Introduction anDREa is committed to protecting the security of data in Workspaces, users and Tenants related data, and anDREa’s own business information. The purpose of this document is to describe anDREa’s Terms of Service (ToS). The ToS is a legal ...
    • Data Handling policy

      First version: 2021-05-13 Last updated: 2023-10-19 Last change: Removed a double negative sentence based on the feedback in our Support Team Agreement. Introduction anDREa B.V. (hereafter called anDREa) is committed to protect the data and privacy of ...
    • Data Protection policy

      First version: 2021-05-13 Last updated: 2023-10-25 Last change(s): Added links to GDPR compliance assessment, Data Handling policy, GDPR Article 5; Modified contact information; Substituted Azure DRE for myDRE; Formatting. Approval: 2023-10-26 ...
    • Data Breach Procedure

      First version: 2021-04-15 Last updated: 2023-10-19 Last change: Link to Data Protection policy Introduction Every care is taken by anDREa to protect personal data from situations where a data protection breach could compromise security. This policy ...
    • myDRE & Firewalls

      Introduction For domain and URL-whitelisting a Firewall is required. anDREa can provide the following options Using your own organization's firewall with Bastion Architecture (preferred) Using your own organization's firewall Deploying an Azure ...