confidentiality remindertype pad computer

eCHN Administrative Safeguards

eCHN applies the following administrative safeguards to data in its care:

eCHN has appointed accountable individuals for privacy and security.
eCHN has a comprehensive set of information security policies which are regularly revised and updated. Staff members and contractors are required to read the relevant policies and sign to acknowledge that they have read, understood and are committed to complying with them.
All staff and contractors must sign confidentiality agreements and undergo background checks prior to joining or providing services to eCHN.
eCHN conducts mandatory privacy and security awareness training programs for its staff and contractors
All security incidents are managed in accordance with eCHN Incident Management Policy.
Threat and risk assessments are conducted whenever new projects are undertaken or changes in security architecture is introduced.
eCHN has established a formal threat and risk management program. A specialized management forum, the Privacy and Security Leadership Committee, provides strategic direction and governance oversight for the risk-management program, including regular review of risks and the corresponding risk treatment plans.
Audit logs recording user activities, system administrator's activities, exceptions, and information security events are kept and archived.