Security
========

- Encrypted database
- Encrypted hashed passwords
- Separate server for key management
- Update database when a key expires
- Credentials management
- Limit to two Security Officers
- Two-factor authentication for all operations
- Three or four-factor authentication for sensitive
  operations
- Send notification to user when accessing on
  sensitive private data
- List of private data
- Auto-expiration of private data with anonymization
- Technician mode to help users, with no displayed
  data or fictive data (except with agreement of
  user and security officer)
- Digital rights management (LCP) or encryption of
  all documents except public documents
- Archive classification (restricted, secret, top
  secret levels)