Asset register

Download PDF

Last revised: 21 Apr 2023

Prevention and risk assessment

Clinical and business information system risk assessments should be performed frequently and documented each time.

A structured risk assessment requires you to:

record the assets in your practice (an asset register] can be used to document your hardware, software and any other information systems)
perform a threat analysis [hyperlink to relevant section]
perform a measurement and analysis of your information security controls

Your practice should maintain an asset register. This should include details of the following:

Physical assets
- computer and communications equipment
- mobile electronic devices
- medical equipment that interfaces with your practice information systems
- backup media and uninterruptible power supplies
Information assets
- databases
- electronic files
- image and voice files
- system and user documentation
- business continuity and information recovery plans
Software assets
- operating systems
- application programs
- clinical and practice management software
- communications software
- software license keys
- original software media and manuals
Personnel assets
- contact details of key members of the practice team and external service providers including internet service providers, telecommunication service providers, cloud service providers
- Paper documents
- contracts
- patient records
- other paper documents important to your practice

Advertising