HelseID protects the most sensitive health APIs in Norway. We therefore have a relatively strict list of requirements that software must fulfill before the software can be accepted as HelseID clients in our production environment. This document lists those requirements and describes the documentation we require from the software supplier. Normally,
| Note |
|---|
NHN performs a code review as part of its acceptance process for all software that |
...
integrates with HelseID. In special cases where the software supplier cannot share their source code an alternative approach can be discussed. |
...
Software that only does user logon via HelseID
The code review |
...
is |
...
Software that only calls machine-to-machine APIs
...
A code review or interview is recommended
...
Software that combines user logon with API access
...
A code review or interview is mandatory
...
APIs protected by HelseID
...
mandatory and must be completed before the software can be used in the production environment of HelseID. |
Our goal is to ensure that all HelseID clients adhere to a common set of requirements. Most requirements are mandatory, if for some reason these cannot be fulfilled the reason must be presented in the code review or interview. This reason will be evaluated, and the risk assessed by NHN.
...