QUESTIONNAIRE FOR

GENERAL AND TECHNICAL

INFORMATION
 QUESTIONNAIRE FOR GENERAL AND TECHNICAL INFORMATION

1. DATA OF THE GROUP OR INDIVIDUAL ENTITY

Group or entity Name:

Registered Office address:
Contact Person or person nominated as management e-mail: Mob:
representative for ADHICS audits/certification:

DoH License/s No. (Please list the license number of facilities under the same group, if any facility
is not-centrally managed please mention it separately)

Type of Facility (if it is a Group, should be listed all types of facilities under the group):

* Hospital with XX number of beds

* Center (Day Care Surgery Center, Primary Health Care, Diagnostic Center, Rehabilitation Center, Dialysis Center, Fertilization Center, Mobile Healthcare
Unit, Provision of Health Service (Home care))
* Pharmacy Establishment
* Third party administrator/ entity/party (Please specify for which facilities)

Name of Chief Executive Officer (CEO) or equivalent:

Email Address of CEO:

Phone Number of CEO:

Name of Chief Information Security Officer (CISO) / Chief Cyber Security Officer (CCSO):

Email Address of CISO / CCSO:

Mobile Number of CISO / CCSO:

Name and Contact Details of Information Security Governance Committee (ISGC)

Members
Name of ISGC Member Role Title Email Address Phone / Mobile Number
(Chairperson / Co-
Chairperson /
Committee Member)
Notes:

2. INFORMATION RELATED TO THE PERSONNEL

Indicate in the spaces below the total staff operating on behalf of the group. Provide the total staff in Head Office + in any sites.…

Total number of personnel: Number of contractor personnel:

Number of employees/workers:
out of which (collaborators, subcontractors, temporary workers….)
 QUESTIONNAIRE FOR GENERAL AND TECHNICAL INFORMATION

Total number of personnel Number of personnel in IT and in Information &

Cyber Security department/ function

3. INFORMATION RELATED TO THE SITES AND INFORMATION SECURITY MANAGEMENT SYSTEM

Is the overall security governance centralized? YES NO

Are all sites subject to the same management system? YES NO
In which site(s) is the central functions located?
Are all sites in a single domain of activities?
Are all sites connected to the internet centrally?
Is HR centralized?
Is Procurement/Purchase department centralized?
Is Physical security/Access control centralized?
Is any IT function outsourced?
Has a central function governing the Information Security been identified? YES NO
Is the management review centralized? YES NO
In the following table specify all the sites (offices, hospitals, clinics, centers, posts, pharmacies etc.). For bigger list, please
attach as a separate list.
Location
No. of staff
Name Type (Abu Dhabi, Al Ain License #
(incl. of contractors)
etc)
Corporate
--------- function or
primary entity

---------

---------

---------

---------

---------

---------

---------

10.

4. Information on Datacenter where the servers & applications are located / Sites where critical assets are located
Datacenter / Sites Address / Location Activities Notes
1.
---------
 QUESTIONNAIRE FOR GENERAL AND TECHNICAL INFORMATION

2.
---------
3.
---------
4.
---------
5.
---------
Note:

5. Factors of complexity
Answer
5.1 FACTORS RELATED TO BUSINESS AND ORGANIZATION
X
Factor Level of establishment of the Information Security Management System [ISMS].

If there is a Valid certificate in information security management system (e.g. ISO 27001)
1 --------
or number and type of other management systems implemented and certified

Information security practices/requirements fully implemented over several years.

2 Internal audits, management reviews and effective continual improvement activities well ---------
established.

Information security practices/requirements implemented over some months. Internal

3 audits, management reviews and effective continual improvement activities carried out ---------
once.

Information security practices/requirements not implemented at all. Information

4 ---------
security is new and not completely established.
Answer
5.2 FACTORS RELATED TO IT ENVIRONMENT X
IT infrastructure complexity.

Few and/or highly standardized IT platforms, servers, operating

1 ---------
systems, databases, networks, etc.

Several and/or different IT platforms, servers, operating systems,

2 ---------
databases, networks

3 Status of Malaffi integration/ data exchange ---------

Dependency on outsourcing and suppliers, including cloud services.

1 Little or no dependency on outsourcing or critical suppliers. ---------

Some dependency on outsourcing or suppliers, related to some

2 ---------
but not all important business activities.

High dependency on outsourcing or suppliers, large impact on

3 ---------
important business activities.
 QUESTIONNAIRE FOR GENERAL AND TECHNICAL INFORMATION

Information on 3rd party services utilized and type of such as:

‫ ם‬Third Party Administrators ‫ ם‬Service vendors such as IT etc.
4 ---------
To be included a list of 3rd party vendors and scope of work if
utilized.

Name of EMR & Name of EMR vendor and information if cloud

5 ---------
based or on-premises

Please specify if coding and insurance claims submissions are also

6 ---------
outsourced.

Information System development.

None or a very limited in-house systems/applications

1 development. Use of standardized software platforms (out-of-self ---------
products).

Some in-house or outsourced systems/applications development

2 for some important business purposes. Use of standardized ---------
software platforms with complex configuration/parameterization.

Extensive in-house or outsourced systems/applications

3
development for important business purposes. ---------

Answer X
5.3 OTHER FACTORS

Factor Complicated logistics involving more than one location (e.g.

different data centers, different disaster recovery sites, operational sites,
temporary sites, etc.).

Date:       Signature: