Personal Data (Privacy) Ordinance is strictly adhered by Department of Health in handling and keeping personal data confidential at all times.
The servers and hardwares of the Cervical Screening Information System (CSIS) is locked inside a secured room with closed-circuit television (CCTV) and can only be accessed by staff authorised by the Department of Health.
CSIS web servers are protected by two layers of firewall systems to prevent unauthorised access.
Information is encrypted during the transmission and storage of personal data through the Internet between public users and the system.
With the use of internationally-recognised 2048-bit Secure Socket Layer (SSL) encryption (an online security standard for commercial application), CSIS ensures the security of users' data from unauthorised access.
CSIS monitors each login attempt to prevent unauthorised access. If there are three consecutive login attempts with incorrect password, related user account will be locked and the online system service will be immediately suspended.
In case users forget to logout from the CSIS system, online access will be disconnected automatically after a short inactive period to prevent unauthorised access.
The type of information accessible to a user is safeguarded by tight control mechanisms so that the user can only access to her/his authorised information.
CSIS will not ask for users' account number, password or any personal information via emails.
A third-party Security Auditor was commissioned by the Department of Health in 2005, 2011 and 2014 respectively to conduct Security Risk Assessment and Audit Services for the CSIS to review the security status of the system. Actions have been taken to address and rectify all the security issues/concerns noted in the assessment and audit.