You should start by reading R: Regulatory Compliance and Validation Issues: A guidance document for the use of R in regulated clinical trial environments. https://www.r-project.org/doc/R-FDA.pdf
The official link to that file is at the R home page https://www.r-project.org/ In the left column, click on Certification. That takes you to the page that offers the Compliance paper and a paper on the R Development cycle. Rich On Thu, Jun 18, 2020 at 7:46 PM David Winsemius <dwinsem...@comcast.net> wrote: > > > On 6/18/20 3:41 PM, John Harrold wrote: > > Hello Kristin, > > > > Are you talking about risk analysis from the perspective of software > > vulnerabilities? > > > It appears that is exactly what is being asked. What is not clear is > whether the installation would be offered to persons or groups on the > network with no other security wrappers. R has never claimed to be > "web-safe". It offers access to system level commands and file system > manipulation that would probably compromise security arrangements. In > fact, over the course of the last 12 years when I've been reading this > mailing list, there has never been a credible suggestion to offer R > applications to untrusted users. Quite the opposite. Naked R is surely > not going to pass any sort threat or risk scrutiny. > > > My suggestion would be to investigate various wrappers for R such as > Rstudio or the Microsoft re-worked version of what used to be Revolution > R. They have lawyers and offer "enterprise solutions" and would > presumably be able to speak to some sort of security analysis. Whether > either of those approaches would provide the level of security needed by > a healthcare organization would be an interesting question. Perhaps yopu > can report back after completing your investigation? > > > -- > > David. > > > > > John > > > > On Thu, Jun 18, 2020 at 3:21 PM Wait, Kristin <wa...@amc.edu> wrote: > > > >> HI all, > >> > >> I am with a NYS major trauma center and all programs that our > >> employees/providers use must be vetted through the IT Department by way of > >> a Risk Analysis. > >> Is there someone I would talk to about this? > >> > >> I scoured your website and could not find a specific person. > >> > >> Thank you so much > >> Kristin Wait > >> Albany, NY > >> ----------------------------------------- CONFIDENTIALITY NOTICE: This > >> email and any attachments may contain confidential information that is > >> protected by law and is for the sole use of the individuals or entities to > >> which it is addressed. If you are not the intended recipient, please notify > >> the sender by replying to this email and destroying all copies of the > >> communication and attachments. Further use, disclosure, copying, > >> distribution of, or reliance upon the contents of this email and > >> attachments is strictly prohibited. To contact Albany Medical Center, or > >> for a copy of our privacy practices, please visit us on the Internet at > >> www.amc.edu. > >> > >> [[alternative HTML version deleted]] > >> > >> ______________________________________________ > >> R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see > >> https://stat.ethz.ch/mailman/listinfo/r-help > >> PLEASE do read the posting guide > >> http://www.R-project.org/posting-guide.html > >> and provide commented, minimal, self-contained, reproducible code. > >> > > > > ______________________________________________ > R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see > https://stat.ethz.ch/mailman/listinfo/r-help > PLEASE do read the posting guide http://www.R-project.org/posting-guide.html > and provide commented, minimal, self-contained, reproducible code. ______________________________________________ R-help@r-project.org mailing list -- To UNSUBSCRIBE and more, see https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
