Information security in general practice

Securing your network and equipment

Software and applications

Information security in general practice
Download PDF
        2. Software and applications
  1. Disclaimer
  2. Practice resource
  3. Resources
  4. Search

Last revised: 21 Apr 2023

Software requirements

Software is a program (or group of programs) that performs specific functions that are stored and run by hardware. Software is important to a general practice as these programs are used to store information and run the business side of practices.

Software

Software is a program (or group of programs) that performs specific functions that are stored and run by hardware. Software is important to a general practice as these programs are used to store information and run the business side of practices.

Examples of common practice software include:

  • operating systems, software versions and licences
  • security software
  • backup software
  • monitoring software
  • clinical and business software
  • patch management software
  • remote access software and secure messaging capability.

All software should support your business requirements. It is recommended to seek guidance from an IT professional on your specific requirements and how to mitigate any security risks associated with these requirements.

Create a policy: System and software maintenance

Your practice policy and procedures should include system and software maintenance.

Your policy should confirm the requirement for:

  • all system maintenance performed by your practice team or technical service provider to be documented
  • Regular system maintenance to occur, including:
    • upgrades to clinical desktop system software
    • preventive maintenance
    • planned upgrades
    • maintaining and updating testing environments
    • monitoring for intrusions and installations of unauthorised programs
    • checking system and error logs
    • ensuring antivirus and other protective software is up to date
    • checking disk capacity (hard disk space)
    • running patching updates to rectify security weaknesses in earlier software versions
    • software version control to maintain software in accordance with the vendor’s guidelines.
 

Application control

Application control is one of the most effective mitigation strategies in ensuring the security of your practices IT systems, and is a part of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents. It prevents the execution and spread of malicious code (also known as malware) and the installation or use of unapproved applications.

Implementing application control involves:

  • identifying approved applications (also known as Whitelisting)
  • eveloping application control rules to ensure only approved applications can be executed
  • maintaining, validating and testing application control rules routinely.1
In addition, application control event logs can be used to monitor your practices system security, detect malicious behaviour and contribute to investigations following cyber security incidents. Application control event logs should be captured and stored centrally.2
1 Australian Government, Australian Cyber Security Centre. Implementing application control. 2021.
2 Australian Government, Australian Cyber Security Centre. Guidelines for system hardening. 2021.

Advertising