Page tree
Skip to end of metadata
Go to start of metadata

1. Introduction

1.1 Purpose

Objective and independent evidence that each NCPeH

implements and operates in compliance with agreed Readiness Criteria:

  • Contractual Compliance domain
  • Organisational domain
  • Operations-Services domain
  • Information Security domain
  • Semantic Interoperability domain
  • Technical Interoperability domain

1.2 Overview

1.3 Table of Contents

2. Audit Framework Components

Most recent update Jan 10, 2019 17:33

Audit Framework Component

Audit Framework (v1.2.0)The purpose of this document is to provide a complete guidance to the persons appointed to conduct audits (or assessments) on how to plan, execute, evaluate and follow-up the adherence to the Readiness Criteria as these have been set out in the eHealth Network documentation and agreements.
Audit ReportThe purpose of this document is to provide a report template to the the persons appointed to conduct audits (or assessments) to guide with the necessary areas for authoring the report.

Readiness Criteria (1.2.1 hot fix)

The document should be used to assess the readiness of the NCPeH against the legal, organisational, operational, security, semantic, and technical requirements of its establishment and operations.

Previous versions of Audit Framework & Components

2.1 Main Definitions in Audit Framework

AuditA means of a managerial tool which evaluates effectiveness of implemented management systems against the agreed requirements of that system of an organisation.
Audit Scope Refers to the parts of the NCPeH to be audited with the set of Readiness Criteria to be assessed.
First (1st) Party Audit or Internal AuditAre the internal audits or self-assessments conducted by NCPeH personnel or by an external entity on behalf of the NCPeH. For the latter the NCPeH is responsible for contractual and legal matters with the external entity performing the audits. In any case the internal audit is an independent form of evaluation. Each NCPeH can perform First-Party Audits or a Self-Assessments by using the eHDSI Audit Framework including tools to evaluate weaknesses, non-conformities and omission of readiness criteria implementation.
Second (2nd) Party Audit An audit performed by the NCPeH organisation to its suppliers or contracting parties (where suppliers or contractors can be any entity providing services, consultancy or products to the NCPeH).
Third (3rd) Party Audit

An independent and impartial audit performed by an independent to any NCPeH entity to confirm that the Readiness Criteria are fulfilled by the NCPeH. The Third Party Audit is performed by external and independent from any NCPeH auditors. Under the eHDSI circumstances the Third Party Audit is the Initial Audit that will be performed under the responsibility of the eHDSI Solution Owner for each NCPeH that wishes to join the CBeHIS Network.

Follow-up Audit The Audit performed by the Third Party Auditors after the initial audit and only if Findings A or B have been identified. This Audit is assessing implementation and integrity of corrective measures taken. The follow up audit is to be performed via Teleconference means and is not performed on the NCPeH location. This is sponsored by eHDSI.
Readiness Criteria

The set of requirements, procedures and processes, security controls, documented information, legal, organisational, technical, operational and semantical requirements, and policies against which proof is collected during the audits or (self)-assessments and are compared with.

Internal AuditorsAre auditors that have a direct interest link with the NCPeH, and can be insourced or outsourced staff. Internal Auditors should not audit their own work
  • No labels