Security
Back to ResourcesISM alignment overview
Hospitals and health networks often evaluate vendors against the Australian Government Information Security Manual (ISM). This page is a high-level overview, not a certification claim.
Auditability
Actions that access sensitive clinical content should be traceable to a user identity and timestamp. Handovex maintains an audit trail for access and key workflow events.
Tenant isolation
Data separation is enforced per clinic and department. Access is constrained by explicit membership and server-side authorization checks.
Operational controls
Rate limits, idempotency safeguards, and security headers reduce abuse and accidental duplication in integrations.