IAR Services

IAR Services TransFrom Provides:

TransForm hosts the IAR Enterprise Master Patient Index (EMPI) instance, which includes servers required to host and administer the IAR and the IAR consent call centre. TransForm also hosts a summary reporting function and in the future will host the Organizational and Cluster management and User Authentication Tool (OCMT) for identity management and call centre support.

Threat and Risk Assessment (TRA) Summary

Transform engaged a vendor to perform a Threat and Risk Assessment (TRA) on the deployment of the new IAR environment in Q3 2016.  A TRA examines a system to determine whether the risks to information security in that system rise to the level of requiring a change in the system or a change in the procedures followed by the people using the system.  A TRA also makes recommendations about how risks may be remediated.

The Q3 2016 security assessments identified a total of eight risks. These risks were at a “medium to low” risk level. Seven of these risks have been “closed,” either by (1) mitigating the risk with the use of additional mitigating controls or by (2) accepting the risk, where the relevant Steering Committee accepted the residual risk. With respect to the former method, mitigating controls include:

• Strengthening of IAR Policies
• Acquiring higher level encryption certificates
• Creating extra documentation on network/hardware configurations.
• Actively researching Integrated Enterprise SIEM and logging controls.

The remaining risk that has not been mitigated or accepted concerns Transform SSO formalizing a monitoring and auditing program of administrator activity from accidental or deliberate misuse. As new components are added and upgraded this vulnerability assessment requirement will be met and the residual risk is very low. TransForm is working with the necessary stakeholders to investigate and implement a mitigating control or controls.

Contact Us

Contact Information

750 Richmond St Chatham, ON N7M 5J5