Data sovereignty, security & governance  

Australian data, held to an international standard

Aged care is becoming a data business. The decisions that shape funding, care and workforce now rest on the quality, security and governance of the information underneath them. As that shift accelerates, the question for providers is no longer whether a platform has good features. It is whether the organisation holding your most sensitive data can be trusted to protect and govern it to the highest standard.

We think providers should expect more from their technology partners on this front, not less. So, we have set out plainly where your data lives, how it is secured, who can access it and how it is governed. We believe that should be the standard across the sector, not the exception.

Where your data lives

Your data should remain protected under Australian jurisdiction. We hold it accordingly.

All our processes, databases and email servers reside within Australia. Resident, workforce and operational information stays subject to Australian privacy and regulatory frameworks at every point, from collection through to reporting.  

For providers, that means the information underpinning your daily decisions is never exposed to a foreign legal regime, and never further than an Australian data centre away.

Security that is independently verified

Security is not a feature we added. It is built into how we design, develop and operate our platforms, and it is checked by someone other than us.

Our information security management system is certified to ISO/IEC 27001:2022, the internationally recognised standard for managing the confidentiality, integrity and availability of data. Certification means an independent body has audited our controls against that standard and confirmed they are in place and operating, not simply that we have claimed them.

Our information security management system is certified to ISO/IEC 27001:2022 by Sustainable Certification under certificate number 2026-15108 covering all software and services used for the provision of Workforce, Revenue and Admissions Management systems, clinical assessments, and related advisory, implementation, and support services in accordance with the Statement of Applicability Version 3.0. The certification is maintained under annual surveillance audit and was most recently confirmed in 18 June 2026.

Questions worth asking any technology vendor

As AI, automation and connected systems reshape aged care, data governance moves from an IT concern to a board-level responsibility. Before you trust a platform with your information, it is reasonable to ask:

  1. Where is our data stored, and under whose laws?
  2. Is your information security independently certified, and what does the certificate cover?
  3. How is access to our data controlled and logged?
  4. How does AI in your platform use our data, and is it ever used to train models?
  5. What happens, step by step, during a cyber incident?

These are the questions we hold ourselves to. We think every provider should hold their partners to them too.

Request our Security and Data Governance Overview

For the full detail on our data residency, security controls, certification scope and incident response, request more information. To get in touch with us, visit our contact page.