Computer and information security standards and workbook

The RACGP Computer and Information Security Standards (CISS) and accompanying workbook will provide guidance on the essential information needed to put in place effective computer and information security.  The workbook, when completed by practice staff, will form part of the general practice’s policies and procedures manual. The computer and information security checklist provides a record of the 12 basic computer and information security categories that should be undertaken.

The CISS covers:

• Computer and information security checklist
• Risk assessment
• Staff roles and responsibilities
• Access control and management
• Business continuity and disaster recovery plans
• Back, malware, viruses and email threats
• Network perimeter controls
• Asset registers
• Portable devices and wireless networks
• Physical, system and software protection
• Governance processes

The RACGP are currently undertaking a review of the CISS and workbook with planned release June 2013. This review will include additional information to support GPs and their practice teams develop policies that relate to participation with the PCEHR.  

Until the release of the second edition of CISS, practices are advised that the current edition of the CISS (2011) is still best practice in providing guidance in information and security protection.