Pharmacy Information Asset Register

Information Asset Register (IAR) for [Your Pharmacy Name]

1. Asset Name: Patient Records
   • Description: Electronic and paper-based patient records containing personal and medical information.
   • Location: [Specify where these records are stored, e.g., filing cabinets, electronic health records system]
   • Data Classification: Highly sensitive (patient health data)
   • Data Retention Period: As per NHS guidelines
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Restricted access to authorized healthcare professionals only.
2. Asset Name: Prescription Data
   • Description: Information related to prescription medications, including patient names and medication details.
   • Location: Pharmacy software system
   • Data Classification: Sensitive (patient data)
   • Data Retention Period: As per NHS guidelines
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Limited to authorized pharmacy staff.
3. Asset Name: Staff Records
   • Description: Personnel files and payroll data for pharmacy staff.
   • Location: Secure HR records
   • Data Classification: Confidential (employee data)
   • Data Retention Period: As per employment regulations
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Restricted to HR and authorized individuals.
4. Asset Name: Financial Records
   • Description: Financial transactions, invoices, and accounting data.
   • Location: Accounting software and physical records
   • Data Classification: Sensitive (financial data)
   • Data Retention Period: As per tax and financial regulations
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Limited to authorized accounting personnel.
5. Asset Name: CCTV Footage
   • Description: Surveillance footage within the pharmacy premises.
   • Location: CCTV system storage
   • Data Classification: Sensitive (security footage)
   • Data Retention Period: [Specify your local regulations]
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Restricted access to security personnel.
6. Asset Name: Inventory Data
   • Description: Information about pharmacy stock and inventory.
   • Location: Inventory management system
   • Data Classification: Non-sensitive (inventory data)
   • Data Retention Period: As per pharmacy policy
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Limited to authorized inventory staff.
7. Asset Name: Email Correspondence
   • Description: Communication records via email.
   • Location: Email server
   • Data Classification: Sensitive (business communication)
   • Data Retention Period: As per email retention policy
   • Data Owner: [Your Name]
   • Data Processor: [If applicable]
   • Access Controls: Limited to authorized personnel.