DoseControl Software Technical Guidelines

The purpose of this section is to provide recommendations for the application database, PC workstation and network aspects of DoseControl Software.

Windows PC Workstation

DoseControl application users need Write permissions for the ProgramData directory (C:\ProgramData\GEX) and any configured network report storage locations. See Report Storage configuration options.

MS SQL Server and application database connection

DoseControl requires a constant connection with the MS SQL server and application database.
DoseControl is validated and supported on Microsoft SQL Server instances - see Platform Requirements.

If the connection to the application database is lost or broken, DoseControl will not work. Users cannot login to DoseControl and cannot use DoseControl.

Application database

DoseControl will create the application database when the application connects to the database for the first time. You do not need to create the database in advance.
DoseControl requires the DBCREATOR user role in SQL Server to create the application database when DoseControl software is first connecting to the database Server.
DoseControl data is only stored in the application database¹.

¹Several items are encrypted and stored in the C:\ProgramData\GEX in the settings.json file (a connection string to the database, for example).

Software Interruption Management

No data is cached locally¹.
Reader disconnection problem: In the event that the attached, active spectrophotometer (Reader) is disconnected from the PC (USB connection is lost or broken), DoseControl has a “Manual Mode” workflow to handle this situation. Manual Mode allows the user to manually enter dosimeter measurement information into the report, in the event of reader disconnect.
Reader failure problem: All dosimeter measurements in a report are measured using a specific Calibration for the Reader-PC workstation. In the event that the attached, active spectrophotometer (Reader) fails during dosimeter measurements such that the Report is incomplete, there is a reader failure workflow to allow the user to switch to a new Reader (and new Calibration) to complete the report.

¹DoseControl requires a constant connection with the MS SQL server and application database. If the connection to the application database is lost or broken, DoseControl will not work. Users cannot login to DoseControl and cannot use DoseControl.

Data Integrity

DoseControl software (version 2.0.0 and higher) is built using a secure code signing process that meets the recommendations of CA Security Council. When the user installs DC 2.0 software, GEX is the identified and verified software publisher, confirmed by a publicly trusted certification authority. GEX follows the CA published guidelines.
DoseControl does not have an API or software intermediary that might allow another application to access it.
In general, the application database is not encrypted (see Data Encryption section below) and relies on the customer’s data integrity policies for their server, PC and network.
GEX software engineering process protects all components of the DoseControl software from tampering and unauthorized access, controlled by the GEX QMS (ISO 9001:2015 certified Quality Management System).
GEX provides a complete SBOM for DoseControl that follows the NIST published guidelines Secure Software Development Framework (SSDF) Version 1.1 9( 2022) that describes recommendations for mitigating the risk of software vulnerabilities. SBOM stands for Software Bill Of Materials: a nested description of software artifact components and metadata. This information can also include licensing information, persistent references, and other auxiliary information.
- SBOM available upon request.
GEX monitors potential and identifies any residual vulnerabilities in the DoseControl software releases. GEX will send an email communication to DoseControl customer in the event of a suspected risk or software vulnerability related to any of the open source or third-party software packages used in DoseControl. If you have a specific email or contact that you want to include on these communications, contact support@gexcorp.com.

Data encryption

DoseControl has AES-256 bit encryption.This includes:

Values in the settings.json file (C:\ProgramData\GEX)
the dbo.Users table password values (if you select the DoseControl user access, the user access information is stored in dbo.Users)
the Global Administrator ‘admin’ password (also stored in dbo.Users)