The HISO 10029.2:2023 Health Information Security Framework Guidance Micro to Small Organisations provides details on the requirements and relevant guidance supporting the core framework document.
This segment from the core framework document i.e., HISO 10029:2022 Health Information Security Framework is defined as health organisations within NZ that fall into two or more of the following categories:
- a stand-alone business/organisation
- based at a single geographic location with a basic technology setup (e.g., laptops, internet, relevant software)
- staffing of up to approximately 25 personnel
- manages a population of less than 10,000
- minimal or no IT support in-house (most IT services and support capability is outsourced to external IT and security suppliers)
- is not involved with integrating or developing software systems or web applications in-house.