S3.1To ensure the secure storage of systems data, technological and procedural mechanisms must be established to ensure that:
(a) confidentiality is maintained
(b) information is accessible only to authorised users
(c) the integrity of information is maintained
(d) the accuracy and completeness of information and processing methods is maintained
(e)the availability of systems and services meets the needs of authorised users with regard to information and associated assets.
S3.2Pathology systems contain sensitive, critical and valuable information, and system access controls must be in place to protect the information from being improperly disclosed, modified, deleted or rendered unavailable.
C3.2The secure storage of data is required to reduce the threat of unauthorised access or usage or acts that may inadvertently or maliciously:
(a) risk the availability, authenticity, integrity and confidentiality of electronic records from the point of their creation to the point of their intended use
(b) allow unauthorised copying or replication of data or information
(c) disclose information to unauthorised personnel
(d) act as a gateway for unauthorised access by others
(e) infect systems with computer malware (e.g. viruses, trojans or worms).
There is a balance between applying security controls and allowing the ready exchange of information that is required by pathology laboratories.