Votre question concerne quel type d'offre ?
Votre question concerne quel couloir Ségur ?
Votre question concerne quel dispositif Ségur ?
Votre question concerne quel produit ou service produit?
Votre question concerne quelle thématique ?
All the rules are set out in the HDS certification – Accreditation reference system and the COFRAC’s "Exigences spécifiques pour l’accréditation des organismes procédant à la certification de systèmes de management dans le domaine des technologies de l’information" (Specific requirements for structures that certify management systems in the information technology sector), available in our Documentation section.
To find out more about the list of certified and accredited bodies, click on the links below.
Cette réponse vous a-t-elle été utile ?
There are 6 types of activities that make you eligible as a health data host:
- providing and monitoring the operations of a physical site that hosts the material infrastructure of the IS used to treat health data;
- providing and maintaining the structural material used by the IS to host health data;
- providing and maintaining a platform that hosts the IS applications;
- providing and maintaining a digital structure for the IS which hosts health data;
- the administration and exploitation of the IS which contains the health data;
- health data backup services.
The full list of HDS-certified activities is available here:
Cette réponse vous a-t-elle été utile ?
There are two steps to follow:
Step 1: Administrative phase
Should you wish to order test CPS cards or register authorisations for test software, you may:
- read our complete products offer ;
- place an order
To place an order, select your Profile and your Structure, then choose “Produits de développement. Commander des produits de développement : carte et/ou certificat logiciel de test" (Test products for products, cards and/or test software).
Step 2: Technical phase
Use the card you validated after step 1 in order to connect with the Trusted Platform IGC-Santé. You will be able to order, withdraw, monitor and revoke test certificates through the IHM or Webservice interface.
In order to do so, make sur you have inserted your test card in the card reader.
Read more about specific setup guidelines:
Cette réponse vous a-t-elle été utile ?
The evaluation is done in two phases. It is conducted by the certifying body, which must verify the compliance with the certification requirements set out in the HDS Certification document (available below).
The audit also verifies the specific requirements for health data hosting are being met.
Cette réponse vous a-t-elle été utile ?
It is compulsory to have an individual CPx-type card to log in to the INSi teleservice. Three types of cards are supported: CPS, CPE, CPF.
Cette réponse vous a-t-elle été utile ?
Your level of access to the ROR data depends on the nature of the data you wish to use (public/restricted) and the perimeter you wish to cover (one ROR or several ROR directories).
The ROR data in public access:
- is available as opendata since mid-2022;
- will be available directly on the national ROR with no specific procedure in early 2023.
The ROR data in restricted access (professional access):
- for one regional ROR, you must complete a request form to join the regional circle of trust and send it to the region’s GRADeS;
- for several ROR directories, you must complete a request form to join the national circle of trust and send it to the ROR program team.
Cette réponse vous a-t-elle été utile ?
CPx cards issued before December 2020 have a contactless chip that prevents from overwriting its code.
The new CPS R3V3 cards that are now in circulation have a Mifare Desfire chip. These cards can stock crypto-secret keys that work with the Mifare Desfire protocol.
All the information about this feature is available in the Manual to deploy contactless CPx cards (available to download below). One must be cautious about the data inserted in the chip’s writing code.
We strongly advise against using this section of the chip to stock access rights. The ANS recommends you to use the ANSSI guidelines on using a "transparent" reader in connected mode. This does not involve a cryptographic protocol during a badge authentication – only the UTL (logic treatment unit) takes part in the cryptographic protocol.
ANSSI advises against setting up a “smart” badge allowing a double authentication breaking from the UTL.
All the recommendations on securing systems for physical access and video projection are available in the document below, "Recommendations on securing systems for physical and video projection access".
Cette réponse vous a-t-elle été utile ?
The IGC-Santé is dedicated to the health sector and follows strict procedures in terms of data collection, professional identification, and works with certified authorities (RPPS register, etc.).
The certificates issued by the IGC guarantee the security of software or electronic cards, such as the CPS card.
The IGC also manages the publication of these certificates and can revoke them – this is signalled to the apps using certificates in revocation listings.
Cette réponse vous a-t-elle été utile ?
There are two main reasons for the creation of IGC-Santé :
- guaranteeing the security of private keys and certificates issued by the ANS: the access to these private keys must be limited in order to prevent duplicates or their installation more than one device;
- maintaining a continuity in services: many health apps used to work on certificates issued by former CKI that ceased their activity in January 2021. These apps must be compatible with certificates issued by the IGC-Santé.
In addition, these certificates meet the security standards (risk analysis, safety policies), or “Certifying Policies” that comply with the PGSS-IS guidelines.
Cette réponse vous a-t-elle été utile ?
This midware allows the interfacing between computer applications, such as the Vivoptim doctors portal and the CPS card.
Cette réponse vous a-t-elle été utile ?
PLATINES is a platform dedicated to interoperability tests for eHealth. It stimulates a ROR (version 2.4) and gives you the opportunity to use “test” data via several professional cases (a total of 94 test scenarios are available). These test scenarios are valid for the current ROR as well as the national ROR.
You must contact the ROR program team to request access to PLATINES.
Cette réponse vous a-t-elle été utile ?