HIB Assessment
HIB Readiness Assessment Form
First Name
Last Name
Email
Previous
Start Assessment
Q1. We have a process to implement critical or important software updates (e.g., security patches) released for all our IT applications as soon as possible.
Yes
No
Q2. All our IT end points (e.g., laptops, desktops, and servers) have anti-malware solutions installed to detect cyber-attacks on our systems (e.g., performing regular virus and malware scans).
Yes
No
Q3. We have deployed firewalls to protect the network, systems, and endpoints.
Yes
No
Q4. Our organisation’s policies for backing up data includes backing up identified business-critical systems and those containing essential business information.
Yes
No
Q5. Our employees attend cybersecurity awareness training at least once a year.
Yes
No
Q6. Our organisation establishes policies and processes to identify and protect its business-critical data, including measures preventing employees from leaking confidential and/or sensitive data.
Yes
No
Q7. We define retention periods for Sensitive Normal / Sensitive High health information in accordance with any applicable legislation.
Yes
No
Q8. All health information in our possession or under our control is appropriately classified as Sensitive Normal or Sensitive High
Yes
No
Q9. When a vendor is engaged to manage our network, systems, and medical devices, we are clear of the services and security practices that the IT vendor provides; and are updated regularly by the IT vendor on vulnerability reports and updates about security issues for the systems they are managing on our behalf.
Yes
No
Q10. Our organisation has an up-to-date incident response plan to guide us on how to respond, manage, and mitigate the impact of cyber or data incidents
Yes
No
Q11. Our organisation has a business continuity plan to ensure organisational resilience against the common business disruption scenarios including those caused by cyber incidents and data breaches, and execute it when needed.
Yes
No
Q12. Our organisation conducts internal audits on compliance with the implemented cyber and data security safeguards for Sensitive Normal / Sensitive High health information
Yes
No
Previous
Submit Form
