[development] Certify Drupal for use in Government (US) Projects

Eric Goldhagen eric at openflows.com
Wed Oct 1 15:52:34 UTC 2008

On Wed, October 1, 2008 11:37 am, Daniel F. Kudwien wrote:
> Back to topic:
>> The security review and resolution process at drupal is one
>> of the things that has allowed my company to use drupal as a
>> part of systems that handle ePHI (electronic protected health
>> information) which have been successfully audited as HIPAA
>> (Health Insurance Portability and Accountability Act) compliant. --Eric
> This sounds like a handbook page about certifications, policies, and
auditions of Drupal is in order?  Maybe we can add
> consultants/agencies/shops who managed to achieve or approve them for
> entry as a reference.  That list might also contain revoked attempts,
> would fit best in the "About Drupal" handbook, of course.
> Cross-posting this to consulting list.
> Daniel

I'd like to make sure that this discussion happens in one place so it can
be easier to follow. In the future, it would be nice to be asked before a
part of my email is send with no context to another list.

here is what I posted to the consulting list:

I would be glad to participate a discussion about your idea, but let me
start by saying that I'm not comfortable with one paragraph of an email
from me that was part of a lengthy discussion about durpal security issues
crossposted without any additional context.

For those not on the development list, you can read the thread at
http://lists.drupal.org/pipermail/development/2008-October/031097.html to
put my statement in full context of the larger discussion.


More information about the development mailing list