Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Usability and Human Factors Engineering
    • GP-027 Corporate Governance
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
    • GP-200 Remote Data Acquisition in Clinical Investigations
    • GP-026 Market-specific product requirements
    • GP-110 Esquema Nacional de Seguridad
      • ORG Marco organizativo
        • ORG.1 Política de Seguridad
        • ORG.2 Normativa de Seguridad
        • ORG.3 Procedimientos Operativos de Seguridad
        • ORG.4 Proceso de Autorización
      • OP Marco operacional
      • MP Medidas de protección
      • Real Decreto 311/2022, de 3 de mayo, por el que se regula el Esquema Nacional de Seguridad.
  • Records
  • Legit.Health Plus Version 1.1.0.0
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • External documentation
  • Procedures
  • GP-110 Esquema Nacional de Seguridad
  • ORG Marco organizativo
  • ORG.2 Normativa de Seguridad

ORG.2 Normativa de Seguridad

Documentos de referencia​

  • Guías CCN-STIC:
    • Guía CCN-STIC-821 - Normas de Seguridad
  • Son de especial relevancia los siguientes principios básicos:
    • Artículo 7. Prevención, reacción y recuperación.
    • Artículo 9. Reevaluación periódica.
  • ISO/IEC 27000
    • 27002:2013
      • 5.1 - Directrices de gestión de la seguridad de la información
      • 6.1.3 - Contacto con las autoridades
      • 6.1.4 - Contacto con grupos de interés especial
      • 18.1.2 - Derechos de propiedad intelectual (IPR)
      • 18.2.3 - Comprobación del cumplimiento técnico
  • NIST SP 800-53 rev.4
    • Todos los apartados, primer control (XX-1). Por ejemplo, AC-1 “Access Control Policy and Procedures”.
    • PM-15 - Contacts with Security Groups and Associations
  • Otras referencias:
    • The SANS Security Policy Project http://www.sans.org/resources/policies/
    • NIST SP800-12 - An Introduction to Computer Security
    • NSA - Manageable Network Plan

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
ORG.1 Política de Seguridad
Next
ORG.3 Procedimientos Operativos de Seguridad
  • Documentos de referencia
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)