Professional Documents
Culture Documents
3
Privacy and Security Manual
cytiva.com
Table of Contents
1 Introduction ........................................................................................... 3
Product description
UNICORN start is not a medical device and shall not be used in any clinical procedures
or for diagnostic purposes. It is used to control the non-medical device ÄKTA™ start.
Contact information
For specific privacy and security inquiries, use the contact form found at
cytiva.com/contact.
In this chapter
Identity provisioning
The provisioning of user accounts requires the steps of account creation, maintenance,
and removal of the account when it is no longer needed. A user account is created to be
used by a specific individual. This user account is associated with access rights, and is
recorded in system security log files.
UNICORN start does not support user management and therefore this section is not
applicable for UNICORN start.
User authentication
The user authentication step verifies that the user attempting to access the system is
indeed the user associated with the specific account. This section describes the
administration of the authentication system.
The UNICORN start software is deliberately designed with no authentication and data
protection. The user must protect data if it is sensitive and completely relies on
customer security measures. The UNICORN start software is closely tied to the ÄKTA
start system and can only run on that instrument. This provides a way for customers to
get introduced to the UNICORN and ÄKTA platform and allows them to move to
advanced software and systems depending on their needs.
It is recommended to configure the computer hosting UNICORN start, with Windows-
based identity and access controls as a part of the customer responsibility. This is
applicable if UNICORN start data is considered sensitive and used for research purpose.
Windows identity and access management consists of policies and technologies for
ensuring that the proper people have the appropriate access to the computer. This
enables customers to define access control in a Windows environment and secure their
data. The following are some recommended Windows-based policies and technologies:
Defense in depth
Security operations are best implemented as part of an overall "defense in depth"
information assurance strategy. This strategy is used throughout an information
technology system that addresses personnel, physical security, and technology. The
layered approach of defense in depth limits the risk that the failure of a single security
safeguard allows to compromise the system.
In this chapter
System interconnections
Firewall settings for the computer with UNICORN start
Inbound traffic from the UNICORN start Client.
Outbound traffic to the ÄKTA start system database.
De-identification capabilities
UNICORN start is not a medical device and does not handle (create, transfer, or store)
patient data. Therefore UNICORN start does not contain de-identification
(anonymization and pseudonymization) capabilities.
No Privacy Information (PI) is collected by UNICORN start.
Business continuity
A disaster recovery of the UNICORN start database is done by regular restore of
database backup. Hence, it is very important to apply an appropriate schedule for the
database backups. However, it is recommended that the database backups are stored
on secured media and are made available whenever a restore of the database is
required.
Remote connection
Remote connection to the product is not applicable.