Access control

Means to ensure that access to assets is authorized and restricted based on business and security requirements.


Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.


Electronic data is authentic if it corresponds to the original data and the identity of an issuer (author, creator and/or sender) can be assigned to it without any doubt.


Availability refers to the ability of a user to access information or resources in a specified location and in the correct format.

Confidential data

Confidential data are data given in confidence or data agreed to be kept confidential, i.e. secret, between two parties, which are not in the public domain such as information on business operations, income, health, medical details, or political opinions and voting behaviour.


Confidentiality allows authorized users to access protected data. Specific mechanisms ensure confidentiality and safeguard data from harmful intruders.


A firewall is a hardware or software system that monitors the connection between networks and, in particular, averts attacks on the network (intranet) from the Internet. Options start with simple, sometimes free of charge computer programs ("personal firewalls") that generally only protect the computer on which they are installed. On large networks complex firewall systems that consist of several hardware and software components are used.


Integrity refers to methods to ensure that data is real, accurate, and safeguarded from unauthorized user modification.


The management, operational, and technical controls (safeguards or countermeasures) prescribed for an information system and the security controls in place or planned to meet those requirements (also see security controls).

Personal data

According to article 4 [GDPR]: “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Privacy by design

An approach to systems engineering, initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a team of the Information and Privacy Commissioner of Ontario (Canada), the Dutch Data Protection Authority and the Netherlands Organisation for Applied Scientific Research in 1995. The framework was published in 2009 and adopted by the International Assembly of Privacy Commissioners and Data Protection Authorities in 2010. Privacy by design calls for privacy to be taken into account throughout the entire engineering process. The concept is an example of value sensitive design, i.e. to take human values into account in a well-defined manner throughout the whole process.

Security by design

When software is fundamentally designed to be secure this is called “security by design”. In this approach, security is built in the system from the ground up and with a robust architecture design. Security architectural design decisions are often based on well-known security tactics and patterns defined as reusable techniques for achieving specific quality levels.

Support Centre for Data Sharing