Errors CGM

Overview

Note: Remove this line and the content below (highlighted in Italics) in this section and update your Asset details.

The overview section of an API documentation should provide a high-level understanding of the API's purpose, functionality, and key features. Here are some key points you may want to include in the overview section:

Introduction: Briefly introduce the API and its purpose. Explain why it exists and what problems it solves.

Key Features: Highlight the main functionalities and capabilities of the API. This could include the types of data it handles, the actions it enables, and any unique selling points.

Where is the API hosted? Specify where your asset is hosted (Cloud or Roche Corporate Network [RCN])

Regions deployed: Specify the region in which your asset is deployed (Europe, US, Singapore)

Interface ID: Update the Interface ID

Data privacy

Note: Remove this line and the content below (highlighted in Italics) in this section and update your Asset details.

For C4 Data it is mandatory to provide the below details. For C3 Data it is recommended to provide the below details. For C2/C1 Data it is optional

In the Data Privacy section of an API documentation, it's important to address how the API handles, stores, and protects user data in compliance with privacy regulations and best practices. Here are some key details to include in this section:

Data Collection: Describe what types of data are collected or processed by the API. Explain the purpose of data collection and any consent mechanisms in place.

Data Usage: Clarify how the collected data is used by the API, including processing, storage, and any third-party data sharing or usage.

Data Security: Detail the measures taken to secure the data, such as encryption, access controls, and data integrity practices. Highlight any compliance with industry standards or regulations, such as GDPR, HIPAA, or others applicable to your domain.

User Rights: Explain users' rights regarding their data, including the ability to access, rectify, and delete their personal information. Provide guidance on how users can exercise these rights within the context of the API.

Consent and Permissions: Outline any user consent or permissions required for data processing and usage, as well as mechanisms for obtaining and managing user consent within the API.

Data Retention and Deletion: Specify the data retention policies and procedures for deleting user data when it's no longer needed or upon user request.

Note: Include the data classification (C1/C2/C3/C4) wherever requried.

Example:

The level of external Partner details requested is defined by the query parameter dataGroupIds. Each consuming application/client is expected to follow the [on-boarding guidelines] and select which data groups are needed for the consuming application. Data groups are split in 3 categories:

1. Non Confidential (C4)
2. Confidential by Roche (C3)
3. Sensitive by Law or Roche (C2 and C1)

Accessing categories 2 and 3 will require an approval from the global or local DPOs and P&C core team. A SRA (System Risk Assessment) will be asked and will need to be completed before the Production go-live of your application integration. In case the SRA results in the necessity to create a DCR (Data Classification Report) or PIA (Privacy Impact Assessment) also these documents need to be completed for Production go-live The access to the Production environment won’t be approved without filling this prerequisite.

More information about data privacy related to this API is available in our [“Data Privacy” gsite page].

Please also refer to the [Information Commitments gSite] when processing data.