Are your contact details up to date? Login to view and update your personal details for the next financial year.

Information security in general practice

Prevention and risk assessment

Asset register

Last revised: 21 Apr 2023

Prevention and risk assessment

Clinical and business information system risk assessments should be performed frequently and documented each time.

A structured risk assessment requires you to:

record the assets in your practice (an asset register] can be used to document your hardware, software and any other information systems)
perform a threat analysis [hyperlink to relevant section]
perform a measurement and analysis of your information security controls

Your practice should maintain an asset register. This should include details of the following:

Physical assets
- computer and communications equipment
- mobile electronic devices
- medical equipment that interfaces with your practice information systems
- backup media and uninterruptible power supplies
Information assets
- databases
- electronic files
- image and voice files
- system and user documentation
- business continuity and information recovery plans
Software assets
- operating systems
- application programs
- clinical and practice management software
- communications software
- software license keys
- original software media and manuals
Personnel assets
- contact details of key members of the practice team and external service providers including internet service providers, telecommunication service providers, cloud service providers
- Paper documents
- contracts
- patient records
- other paper documents important to your practice

Advertising