Toolkit for selecting secure IT products and services

The Agency has developed a toolkit to support health professionals in their discussions with information technology vendors about the security aspects of their products and services. It consists of a guide that offers general advice, sample questions and an approach for assessing vendor responses. The sample questions are also provided in a template that can be used, separately to the guide, to capture vendor responses.

How to use this toolkit

To assist you in increasing your understanding the security aspects of your IT products and services in discussions with vendors:

1. Download and read the Guide to selecting secure products and services (see below).
2. Use the sample questions in the guide to start a conversation with your IT vendors and ask them to provide details of how their product or service is secure.
3. Listen to their answers and take notes to assist with your assessment using the template (see below). Alternatively, you could ask the vendor to provide responses in the template.
4. Review the vendor’s answers and use the guide to help you assess the security of the products or services your healthcare business uses.

Guide to selecting secure IT products and services

This guide has been developed to assist small healthcare businesses to select secure IT products and services. Healthcare business owners, principal practitioners and practice managers may wish to discuss this information with IT vendors to understand or review the security aspects of the product or service they offer your business. This document is designed to accompany the simple steps outlined in the Agency’s Information Security Guide for small healthcare businesses.

Download: Selecting secure IT products and services (PDF, 649kB)

Template for selecting secure IT products and services

This template provides the sample questions that are contained in the guide Selecting secure IT products and services. This is not intended to be a comprehensive list of information security requirements. It provides some key discussion items for you to start a more in-depth conversation with your IT vendors.

Download: A template for vendor responses (Word, 173kB)

For additional information security guidance see: