HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers

The HISO 10029.4:2025 Health Information Security Framework Guidance for Suppliers provides details on the requirements and relevant guidance for suppliers supporting the core framework document.

This segment from the core framework document i.e., HISO 10029:2022 Health Information Security Framework is for suppliers who are defined as a service provider of on-premises or cloud services. e.g., internet service provider, outsourced service provider, software as a service (SaaS) provider to the health sector.

These resources are designed to help suppliers meet expectations for maintaining the confidentiality, availability and integrity of the information and systems provided to Health New Zealand.

Suppliers as defined by the Health Information Security Framework (HISF) core framework include service providers of on-premises or cloud services. e.g., software resellers, medical device resellers or implementors, internet service providers, outsourced service providers or software as a service (SaaS) providers to the health sector.

Practical guidance and relevant resources to help meet HISF.

• Helper Document – HISF Guidance for suppliers [PDF, 840 KB]
• Helper Document – HISF Guidance for suppliers [DOCX, 1.3 MB]
• Frequently Asked Questions (FAQ) HISF for suppliers [PDF, 390 KB]

This data sheet outlines the new and/or updated requirements included in the 2025 release of the HISO 10029.4 HISF Guidance for Suppliers. It states the changes made to the 2023 version and assists readers in comparing it to the new 2025 version. This is intended to support understanding of the changes in a timely manner.

Data sheet - Update to HISF Guidance for Suppliers [DOCX, 186 KB]

The following documents are also available for reference: