Introduction to HISF

Current Status
Not Enrolled
Get Started
This course is currently closed

Dates coming soon

Duration: ½ day

Delivery: Live Online Course, Instructor led with supervised activities


Cyber and information security is increasingly important for all organisations. Health organisations are prime targets for cyber attacks as they hold important, valuable personal information. Cyber Toa’s Introduction to the Health Information Security Framework (HISF) covers important information security standards set out by the Health Information Security Organisation (HISO), specifically HISO10029:2015 Health Information Security Framework. The course explains the areas that HISF covers, provides understanding as to how to understand the structure of HISF requirements, and explains some of the baseline procedures that can be easily implemented in order to bring your organization up to standard. We also discuss recent news stories from New Zealand and worldwide throughout the course as learning examples.

With a range of interactive scenarios, case studies, videos and activities using real life tools and solutions, this course will teach learners about making informed cybersecurity decisions for any NZ health organization.

Course Content

Module 1: What is HISF?

  • Who has to comply with HISF, and at what levels?
  • What areas does HISF cover?
  • Why does my organisation need to comply and what are the risks of non-compliance?

Module 2: Understanding HISF Requirements

  • How is HSIF laid out?
  • Understanding specific HISF requirements
  • Other standards related to HISF (including privacy standards)
  • Who is responsible for meeting these requirements?

Module 3: Quick Tips for HISF Compliance

  • Understanding of some ‘baseline’ requirements
  • Some quick wins across multiple standards
  • Navigating the balance between compliance and security

Target Audience and Course Prerequisites

Cyber Toa’s Intro to HISF is aimed at management, administrators, technical staff or anyone who has responsibility for security or IT within New Zealand health organisations. It is helpful to understand the HISF level that the organisation you are involved in sits at (baseline, intermediate or advanced), however this is not required.

Specifically, it is recommended that you have the following skills and knowledge before starting this course:

  • Have experience with organization-specific IT infrastructure and practices

Course Outcomes

This course will explain the fundamentals of the Health Information Security Framework requirements, why it is important and which section are most relevant is relevant for your organisation. Specifically, this course focuses on the ‘baseline’ requirements that all health organisations are required to comply with.

On course completion, you will be able to:

  • Determine what requirements are relevant to your organization
  • Understand who is responsible for requirements
  • Understand how HISF fits in with other security documentation such as the NZISM and the NZ Privacy Act and other standards such as ISO27001 and NIST CSF.
  • Evaluate if there are other requirements which your organization could or should implement.