ISO/TR 11633‑2:2009 provides an example of selected and applied "controls" for RMS security based on the definition in the ISMS, on the basis of the risk analysis result mentioned in ISO/TR 11633‑1. ISO/TR 11633‑2:2009 excludes the handling of the communication problems and the use of encryption method.
ISO/TR 11633‑2:2009 consists of:
- a catalogue of types of security environment in health care facilities and RMS providers;
- an example of combinations of threats and vulnerabilities identified under the environment in the "use cases";
- an example of the evaluation and effectiveness based on the "controls" defined in the ISMS.