About these tools and templates

These tools and templates have been developed in collaboration with a panel of experts from Primary Healthcare Organisations, General Practice NZ, Allied Boards, general practitioners, and the Pharmacy Guild of NZ to help you protect your organisation, systems, people and health data. 

This guidance has been tailored for micro to small organisations (defined by HISF as 25 staff or less) to help you meet the requirements and implement controls. 

Download: Information security clauses - DOCX, 713 KB

A comprehensive list of information security clauses that may be used in contracts for suppliers of information, data, systems, and related services.

Download: Information security policy - DOCX, 727 KB

A starting point for creating an Information Security Policy to meet your organisation’s needs, based on the Health Information Security Framework.

Download: Evaluating an IT supplier - DOCX, 725 KB

Questions and sample answers to use when evaluating an Information Technology (IT) supplier, to understand how well the supplier is supporting you.

Download: Risk assessment guidance and template - XLSX, 33 KB

This template provides guidance on how to conduct cyber security risk assessments, and starting points for risks to consider in your organisation.

Download: Asset inventory workbook - XLSX, 41 KB

We recommend you track your hardware and software assets. Complete a full inventory to begin with and update as you change your systems over time.

Pātiki and Waharua Kōpito patterns

Cyber incident advice for Primary Healthcare

You will find additional guidance on how to prepare and respond to cyber incidents on the Cyber incidents page.