...
Normally, NHN performs a code review as part of its acceptance process for software that calls national health APIs protected by HelseID. NHN also performs code reviews of APIs that protect sensitive health information. For other software NHN performs code reviews on a case-to-case basis. In cases where the software supplier cannot share their source code an interview can be an acceptable replacement for a code review.
Software that only does user logon via HelseID | A code review | is optional, and the requirement is decided by NHNor interview is recommended |
Software that only calls machine-to-machine APIs | A code review | is optional, and the requirement is decided by NHNor interview is recommended |
Software that combines user logon with API access | A code review or interview is mandatory | |
APIs protected by HelseID | A code review or interview is | recommendedmandatory |
Our goal is to ensure that all HelseID clients adhere to a common set of requirements. Most requirements are mandatory, if for some reason these cannot be fulfilled the reason must be presented in the code review or interview. This reason will be evaluated, and the risk assessed by NHN.
...