The healthdata.be service (Sciensano) processes each incident report according to a standard operating procedure (SOP). A public version of this SOP "HD Incident Management Process" is also available on this portal docs.healthdata.be. 

To submit an incident related to projects and applications in production and facilitated or managed by Sciensano's healthdata.be service, you must first log into the HD Service and Support portal: https://sciensano.service-now.com/sp.

After the login step, you will arrive at the main page of the portal. 

When logging in for the first time, you will have to complete your profile e.g. with contact data, in order to follow up on your ticket. Once the profile has been submitted, you want to return to the main page of the portal.  

On the main page, you must select "Get Help". 

The following Create incident page will appear. 

You can now document your incident or problem by providing the following information: 

 
Indicate the Urgency of resolving your issue based on its criticality to the business. 

After selection of the Role you take up, a list of Applications relevant for you becomes available: select the application you are experiencing a problem with. 

Search and select the desired Project by entering a key word, the HD project number or the project abbreviation. 

Now, describe clearly and briefly (1 sentence) the subject of your problem. 

Please describe the problem in detail. The following aspects are important for us to understand and solve the problem: 

• a description of the actions you want to perform but fail to perform (e.g. provide us with a field name, a validation rule, a button, etc.) 
• a description (if possible) of the sequential steps you follow to use the service or the application of healthdata.be for which you need support; 
• a brief description of the technical problem you are experiencing (e.g. error messages) 

We strongly recommend that you add a screenshot describing the problem (IMPORTANT: Do not provide us with patient data!). 

You can add the screenshot by clicking on "Add attachments". 

On the right side of the form, the mandatory information items of the incident form are listed. When these fields are completed, their names disappear from the "required information" box. 

The form can only be submitted if all required fields are filled in, by pressing the green "Submit" button. 

If all required fields have not been completed, a warning message will appear at the top of the form. 

In addition, missing mandatory fields will be highlighted in green. 

When the incident form has been successfully submitted, a preview of your submission appears in a new screen. 

On the right side of the screen you will find the details, including the incident number. 

On the left side of the screen, you will find a chronology of your incident processing, starting with your creation. 

To submit a request for information, please follow the healthdata.be work instructions described underneath.

Procedure overview diagram

Procedure as work instructions

STEP 1. User requests an information

Action: A user requests an information. This can be : 

• An explanation on a project, … 

• A list 
• … 

STEP 2. Service Desk creates a ticket Request For Information

Action: If the user did not create a ticket from the portal, the Service Desk creates a ticket, of type Request for Information on behalf of the user 

Mandatory fields are the subject and description. 

The request is submitted by clicking on ‘Order now’

STEP 3. Service Desk investigates the request and enriches the request 

Action: Service Desk opens the requested item, linked to the request, and investigates the needs of the requestor. If necessary, the Service Desk will add clarification info in the customer communication, which is visible for the user. 

STEP 4. Fulfill the request 

Action: If the Service Desk knows how to fulfill the requested item, they will execute the action. If they do not know how, they will first investigate if they are able to fulfill the requested item or if they have to assign the requested item to another assignment group (step 6)

STEP 5. Set the requested item to ‘Closed Complete’ 

Action: Service Desk or 2L-assignment group will inform the user by entering a user friendly comment in the ‘customer communication’ field and set the requested item to the state ‘Closed Complete’ 

STEP 6. Assign the requested item to L2-group 

Action: if no fulfillment possible, the Service Desk will assign the requested item to a L2-assignment group. 

STEP 7. Fulfill the request 

Action: the L2-assignment group will fulfill the requested item and execute step 5. 

WHAT IS THE PROBLEM?

Sciensano blocks e-mails from organizations if the configuration of their e-mail and/or DNS services allow potential abuse by spammers/attackers. More specifically, if the configuration enables other senders to impersonate your organisation by allowing them to mimic your organization’s e-mail “Header From”.

In other words, they can send phishing and spam mails that cannot be distinguished from genuine mails from your organization.

If you’re responsible for managing your ICT infrastructure, keep reading. If not, pass this message on to your ICT department or to the ICT service that’s managing your ICT infrastructure.

HOW TO SOLVE IT?

You’ll have to verify that your configuration complies with “Sender Alignment” security requirements.
More specifically, your mail services and DNS will have to be configured according to ICT standards.

These configurations are common, well-documented and supported by hosting companies. Some useful links:

• https://dmarcian.com/alignment/
• https://mxtoolbox.com/dmarc/spf/spf-alignment
• https://o365info.com/how-does-sender-verification-work-how-we-identify-spoof-mail-the-fiveheros-spf-dkim-dmarc-exchange-and-exchange-online-protection-part-9-of-9/

We’ve noticed that this issue frequently occurs in organizations which moved their ICT infrastructure to cloud services such as Microsoft (O365), Amazon, Google, and MS Azure without properly configuring the ICT infrastructure which is not managed by these providers.

The configurations and recommendations need to be implemented on the customer’s ICT infrastructure, either internally or externally. DNS and Mail services are the main ICT platforms for these actions.

THE USE OF DIFFERENT DOMAINS IN THE MAIL SENDING PROCESS

E-mails contain an “Envelope From” and a “Header From”. Both need to match to avoid that the mail is blocked.

Some examples:

1. A public service is using its new domain name in the “Header From” and its old domain name in the “Envelope From”.

• Envelope From = noreply@publicservice.fgov.be
• Header From = noreply@publicservice.belgium.be

➔ These e-mails will be blocked.

Remark: Because it’s a noreply address, the sender will not even be aware of us rejecting the e-mail …

2. An organization is using a cloud service (Freshservice) for its helpdesk tool and the “Envelope From” has not been customised.

• EnvelopeFrom = bounces+us.3.52773-helpdesk=organisation.be@emailus.freshservice.com
• Header From = helpdesk@organisation.be

➔ These e-mails will be blocked.

3. A company uses a cloud service (Amazon SES) to send the delivery notification and the “Envelope From” has not been customized.

• Envelope From = 01020188573f374-96de6437-9134-45f4-8aa6-3e9ac18d5848-000000@euwest-1.amazonses.com
• Header From = noreply@company.be

➔ These e-mails will be blocked.