On Wed, October 1, 2008 11:37 am, Daniel F. Kudwien wrote:
Back to topic:
The security review and resolution process at drupal is one of the things that has allowed my company to use drupal as a part of systems that handle ePHI (electronic protected health information) which have been successfully audited as HIPAA (Health Insurance Portability and Accountability Act) compliant. --Eric
This sounds like a handbook page about certifications, policies, and auditions of Drupal is in order? Maybe we can add consultants/agencies/shops who managed to achieve or approve them for each entry as a reference. That list might also contain revoked attempts, and would fit best in the "About Drupal" handbook, of course.
Cross-posting this to consulting list.
Daniel
I'd like to make sure that this discussion happens in one place so it can be easier to follow. In the future, it would be nice to be asked before a part of my email is send with no context to another list. here is what I posted to the consulting list: I would be glad to participate a discussion about your idea, but let me start by saying that I'm not comfortable with one paragraph of an email from me that was part of a lengthy discussion about durpal security issues crossposted without any additional context. For those not on the development list, you can read the thread at http://lists.drupal.org/pipermail/development/2008-October/031097.html to put my statement in full context of the larger discussion. --Eric