Table of Contents
- Title and Copyright Information
- Preface
-
1
Security Guide
- Introduction
-
General Security Principles
- Restrict Network Access to Critical Services
- Monitor System Activity
- Set Up a Change Management Process
- Change Passwords Periodically
- Keep Passwords Private and Secure
- Use Profiles
- Lock Computers to Protect Data
- Close All Open Ports Not in Use
- Secure the Environment
- Provide Only the Necessary Rights to Perform an Operation
-
Secure Installation and Configuration
- Install Critical Patch Updates (CPUs) and Critical Patch Set
- Use SSL (HTTPS) Between Browser and Web Server
- Signed Certificates for HTTPS
- Disable Unused Services
- Replace Verbose Errors with Custom Messages
- Secure the WebLogic Server
- Provide Security for Session-Tracking Cookies
- Configure Strong Passwords on the Database
- Limit the Number of Sessions per User
- Hide Oracle Forms Version Numbers
- Secure the Reports Server
-
Application Security Features
- Oracle Clinical Security
- Secure the Reports Server
-
RDC Onsite Security
- Restrict Access to the Application
- Grant Functional Privileges at the Study and Site Level
- Manage Security with Data Entry Configuration Settings
- Check External Links that May Expose Account Data
- Enforce Password Security
- Restrict Actions Against Locked CRFs
- Profiles
- Restricted Viewing of Personal/Protected Health Information (PHI)