Requirements for Information Communication (2007 Edition)

3 - Security of Storage

Page last updated: 14 January 2008

          Standards

          S3.1
          To ensure the secure storage of systems data, technological and procedural mechanisms must be established to ensure that:
          (a) confidentiality is maintained
          (b) information is accessible only to authorised users
          (c) the integrity of information is maintained
          (d) the accuracy and completeness of information and processing methods is maintained
          (e)the availability of systems and services meets the needs of authorised users with regard to information and associated assets.
          S3.2
          Pathology systems contain sensitive, critical and valuable information, and system access controls must be in place to protect the information from being improperly disclosed, modified, deleted or rendered unavailable.

          Commentary

          C3.2
          The secure storage of data is required to reduce the threat of unauthorised access or usage or acts that may inadvertently or maliciously:
          (a) risk the availability, authenticity, integrity and confidentiality of electronic records from the point of their creation to the point of their intended use
          (b) allow unauthorised copying or replication of data or information
          (c) disclose information to unauthorised personnel
          (d) act as a gateway for unauthorised access by others
          (e) infect systems with computer malware (e.g. viruses, trojans or worms).
          There is a balance between applying security controls and allowing the ready exchange of information that is required by pathology laboratories.