This document gives a guideline for implementation of an ISMS by showing practical examples of risk analysis on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices or health information systems in order to protect both sides' information assets (primarily the information system itself and personal health data) in a safe and efficient (i.e. economical) manner.
This document consists of:
— application of ISMS to RMS;
— security management measures for RMS;
— an example of the evaluation and effectiveness based on the "controls" defined in the ISMS.