Information security in general practice

Prevention and risk assessment

Asset register

      1. Asset register

Prevention and risk assessment

Clinical and business information system risk assessments should be performed frequently and documented each time.

A structured risk assessment requires you to:

  • record the assets in your practice (an asset register] can be used to document your hardware, software and any other information systems)
  • perform a threat analysis [hyperlink to relevant section]
  • perform a measurement and analysis of your information security controls

Asset register

Your practice should maintain an asset register. This should include details of the following:

  • Physical assets
    • computer and communications equipment
    • mobile electronic devices
    • medical equipment that interfaces with your practice information systems
    • backup media and uninterruptible power supplies
  • Information assets
    • databases
    • electronic files
    • image and voice files
    • system and user documentation
    • business continuity and information recovery plans
  • Software assets
    • operating systems
    • application programs
    • clinical and practice management software
    • communications software
    • software license keys
    • original software media and manuals
  • Personnel assets
    • contact details of key members of the practice team and external service providers including internet service providers, telecommunication service providers, cloud service providers
    • Paper documents
    • contracts
    • patient records
    • other paper documents important to your practice

Advertising