I work in Pharma and we use R in all the companies I've worked for. They are really paranoid and it's used in regulated environments as well with patient data. So there should be something they can do.
Kristin: I can put you in touch with vendors who do our regulated work in R if you're interested. On Thu, Jun 18, 2020 at 4:45 PM David Winsemius <dwinsem...@comcast.net> wrote: > > On 6/18/20 3:41 PM, John Harrold wrote: > > Hello Kristin, > > > > Are you talking about risk analysis from the perspective of software > > vulnerabilities? > > > It appears that is exactly what is being asked. What is not clear is > whether the installation would be offered to persons or groups on the > network with no other security wrappers. R has never claimed to be > "web-safe". It offers access to system level commands and file system > manipulation that would probably compromise security arrangements. In > fact, over the course of the last 12 years when I've been reading this > mailing list, there has never been a credible suggestion to offer R > applications to untrusted users. Quite the opposite. Naked R is surely > not going to pass any sort threat or risk scrutiny. > > > My suggestion would be to investigate various wrappers for R such as > Rstudio or the Microsoft re-worked version of what used to be Revolution > R. They have lawyers and offer "enterprise solutions" and would > presumably be able to speak to some sort of security analysis. Whether > either of those approaches would provide the level of security needed by > a healthcare organization would be an interesting question. Perhaps yopu > can report back after completing your investigation? > > > -- > > David. > > > > > John > > > > On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <wa...@amc.edu> wrote: > > > >> HI all, > >> > >> I am with a NYS major trauma center and all programs that our > >> employees/providers use must be vetted through the IT Department by way > of > >> a Risk Analysis. > >> Is there someone I would talk to about this? > >> > >> I scoured your website and could not find a specific person. > >> > >> Thank you so much > >> Kristin Wait > >> Albany, NY > >> ----------------------------------------- CONFIDENTIALITY NOTICE: This > >> email and any attachments may contain confidential information that is > >> protected by law and is for the sole use of the individuals or entities > to > >> which it is addressed. If you are not the intended recipient, please > notify > >> the sender by replying to this email and destroying all copies of the > >> communication and attachments. Further use, disclosure, copying, > >> distribution of, or reliance upon the contents of this email and > >> attachments is strictly prohibited. To contact Albany Medical Center, or > >> for a copy of our privacy practices, please visit us on the Internet at > >> www.amc.edu. > >> > >> [[alternative HTML version deleted]] > >> > >> ______________________________________________ > >> R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see > >> https://stat.ethz.ch/mailman/listinfo/r-help > >> PLEASE do read the posting guide > >> http://www.R-project.org/posting-guide.html > >> and provide commented, minimal, self-contained, reproducible code. > >> > > > -- John :wq [[alternative HTML version deleted]] ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.