🗄️

Information Asset Register (IAR)

🔍
Glossary IA = Information Asset. A body of information that has value to an organisation. This also includes all personal information. Notes Last updated 15th October 2021 by Peter Huang.

Information Asset Register (IAR)

Information Asset NameSupplier Name (IT Only)Contract Location (IT Only)Contract Start Date (IT Only)Contract End Date (If applicable, IT Only)What information is kept here, why?LocationSpecial Category Data?OwnerShared Externally? If so, is the Process Included on the ROPA?Do you receive it from someone outside your organisation or share it externally?Risks if there is a breachWhat security measures have been put into placeDate IA issued (if applicable)Date IA returnedDate of last auditHas there been a breach since last audit?If breach since last audit, have all action items been completed?
Healthtech 1 gathers this information from the patient.
Cloud
November 1, 2021
Patient demographic and medical information is collected, stored and used in order to be able to register a patient for our customers, GP practices.
Azure Cloud in UK South Servers
Yes, Ethnicity and Sexual Orientation, for practice's population understanding.
Pete 🧪 twenty--twenty
No
No, we recieve this directly from the patient.
Demographic and medical details can be associated with a patient that could be used to access other sources of information. Service users' highly personal records would be seen. This could cause upset to service users, reputational damage to the company, and breach data protection legislation. The company could be fined or other pernalties could be imposed.
This is in our own secure systems. We store this data in a secure cloud built in a safe software architecture. We restrict access and controls to only those need access to this information. We adhere to national security guidance and Cyber Security Essentials. We have annual 3rd party assessments of our software.
November 1, 2021
October 18, 2021
Healthtech 1 gathers this information from the practice.
Cloud
November 1, 2021
Information needed to associate a registration with a practice in the clinical system.
Azure Cloud in UK South Servers
No
Pete 🧪 twenty--twenty
No
No, we recieve this directly from the practice.
Contact information we get from practices is public already. We also create documentation of each practices
This information is stored within enterprise grade software, Google Workspace. We've ensured that our subscription is the most secure version - Google Enterprise Plus. This gives us the ability to keep our data within the EU, store backups, have advanced security controls as well. This is above the security level of most organisations.
November 1, 2021
October 18, 2021
Ourselves
Cloud, Physical
November 1, 2021
General plans, operations, documents that help us reach our company objectives! To reduce the admin burden away from GP practices!
Azure Cloud in UK South Servers, Stratford Village Surgery
No
Pete 🧪 twenty--twenty
No
No, we generate this.
Sensitive company information on our activities, people and assets could be accessed. With malicious intent, the actor could create disruption to our client and their end user needs.
Similar to our practice information. Plus internal security processes to ensure that internal data remains within.
November 1, 2021
October 18, 2021