Avena Health Trust Center

Avena Health is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.

support@avena.io

Compliance

Resources

Network Security Policy

Access Control and Termination Policy

Baseline Hardening Policy

Company Handbook

Board of Directors Charter

Controls

ePHI policy accessibility evidence

Remote access tool

Access restricted to modify infrastructure

Access review of infrastructure

User list with assigned roles and privileges

Encryption of data

Privacy and confidentiality governance charter

ePHI data sanitization

Data loss prevention tool

ePHI privacy and security awareness training

Business continuity and disaster recovery testing

Vulnerability scanning

Web application firewall

Sample code changes

Penetration testing

SSL/TLS certificates for infrastructure

Intrusion detection tool

Monitoring tool

Security incident list

Alerts and remediation

Breach notification communication

Incident response and breach notification policy

Log management tool

ePHI risk assessment report

Vendor management program

Vendor list

Vendor termination

Vendor onboarding

Media disposal training

New employee and contractor agreements

List of newly hired employees & contractors

Background checks

List of terminated employees & contractors

Asset register maintaining

Risk and Governance Executive Committee meeting minutes

Risk management program

Key management services used

Mobile device management tool configurations

Ticketing tool

Security-related roles

ePHI media disposal documentation

Subprocessors

MongoDBData Stores & Warehouses

SlackBusiness Apps & Productivity

Google Cloud PlatformCloud Infrastructure & Platform Services

Google WorkspaceBusiness Apps & Productivity

Avena Health Trust Center

Compliance

Links

Resources

Controls

Subprocessors