An information security governance framework is a set of structured guidelines containing a collection of resources including people, processes, policies, measures, controls and training designed to achieve and continuously improve upon industry standard information security in medical general practice.