PRIVACY AND SECURITY THREAT
LanceSoft Inc
Electoral Area A
Remote
CAD 60,000 - 100,000
Job description
Title: PRIVACY AND SECURITY THREAT
Duration: 7 months contract with Possibility of Extension
Location: Vancouver, BC Remote
Job Description
The scope of this statement of work is for the development of privacy and security assessments for eight (8) projects associated with NSPH:
Service Required
For each of the eight projects listed above (RTLS, Integration Engine, Intrusion Detection, Digital Room Display, Intercom, IP Video Surveillance, AGVs and Digital Wayfinding), complete a Privacy Impact Assessment (PIA) and Security Threat Risk Assessment (STRA) as required and as further detailed below:
Privacy Impact Assessment (PIA)
Comprehensive PIA to examine the implementation of each of the eight identified projects including analysis of the following:
Security Threat Risk Assessment (STRA)
Initial completion of a STRA intake form, which will in turn be reviewed by PHSA IMITS for confirmation of further STRA work as required. For those identified as requiring a complete STRA, complete a comprehensive STRA to examine the implementation of each of the identified projects including analysis of the following:
Duration: 7 months contract with Possibility of Extension
Location: Vancouver, BC Remote
Job Description
The scope of this statement of work is for the development of privacy and security assessments for eight (8) projects associated with NSPH:
- A Real Time Location System (RTLS) – Borda Technology – this project includes using asset tags and distributed antennas / beacons to provide real time location information related to patient wandering, wireless staff duress and tracking of specialty medical equipment. Limited patient and staff information will be entered into the system for identification purposes.
- An Integration Engine – Connexall – this project includes integrating information from multiple source systems to direct and share information between systems e.g. nurse call, wireless staff communications, RTLS, etc. Limited patient and staff information may be ingested by the integration engine related to RTLS and access control systems.
- Digital Room Display – Austco Communication Systems - will ingest patient level information and alerts to display isolation precautions and other critical care indicators on a touch-screen panel at entrances to patient care areas.
- Intercom System – AiPhone – Assumed light assessment from a Privacy / PIA perspective due to no patient / staff information being stored in or processed by the system; STRA required.
- Intrusion Detection – Bosch – Assumed light assessment from a Privacy / PIA perspective due to no patient / staff information being stored in or processed by the system; STRA required.
- IP Video Surveillance System – Avigilon - PIA required, STRA requirement to be determined. There is an existing PIA but use cases are intended to be expanded for NSPH therefore amendments to existing may be required. Includes both clinical cameras (non-recording) and security cameras (recording).
- Automated Guided Vehicles – JBT Automation – this project includes a number of autonomous vehicles that deliver goods throughout the facility. The vehicles communicate over the regular IMIT wireless network to a centralized server application, which also communicates with wired controllers throughout the facility. Limited staff information will be used by the system to authenticate users on login.
- Digital Wayfinding – youRhere Interactive Directories – Assumed light assessment from a Privacy / PIA perspective due to no patient / staff information being stored in or processed by the system; STRA required. This project consists of several interactive displays and kiosks within the hospital to facilitate guests finding their way through the facility. The kiosks have local software installed which communicates with a cloud-based application.
Service Required
For each of the eight projects listed above (RTLS, Integration Engine, Intrusion Detection, Digital Room Display, Intercom, IP Video Surveillance, AGVs and Digital Wayfinding), complete a Privacy Impact Assessment (PIA) and Security Threat Risk Assessment (STRA) as required and as further detailed below:
Privacy Impact Assessment (PIA)
Comprehensive PIA to examine the implementation of each of the eight identified projects including analysis of the following:
- Examination of approach and all related privacy controls
- Analysis of applicable legislative environment
- Identification of privacy risks and mitigation strategies
Security Threat Risk Assessment (STRA)
Initial completion of a STRA intake form, which will in turn be reviewed by PHSA IMITS for confirmation of further STRA work as required. For those identified as requiring a complete STRA, complete a comprehensive STRA to examine the implementation of each of the identified projects including analysis of the following:
- Security standards and policy implications
- Security implications of network setup and controls
- Security-related risks and mitigation strategies
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
