Platform Infrastructure

Infrastructure Built for Speed and Compliance

Modern, certified cloud infrastructure — so we can ship secure updates fast without compromising on the controls health services expect.

→ Security posture → Data residency

Why It Matters

What Health Services Need From Infrastructure

Outdated stacks slow down security patches and new features. Opaque hosting makes procurement and assurance harder. We chose infrastructure that supports all three.

🛡️

Compliance

SOC 2 Type II, ISO 27001, and IRAP-assessed infrastructure on AWS Sydney. Certified controls at every layer, documented and transparent.

⚡

Speed

Automated, gated pipelines mean security patches and new features reach you quickly — without manual steps that introduce risk or delay.

🔍

Transparency

We state clearly what we run, where it runs, and what’s certified. No vague “secure cloud” claims — specific providers, specific certifications.

The Stack

Cloud-Native, Container-Ready

IRIS is built to run the same way in every environment — same containers, same security model, whether you’re on Render in Singapore or AWS in Sydney.

Layer	Approach	Why It Matters
Compute	Containers (Docker)	Consistent, auditable, and portable across regions and cloud providers.
Orchestration	Render today; ECS Fargate for AWS	Managed and scalable — no server patching on your side.
Database	PostgreSQL	ACID-compliant, row-level security, point-in-time recovery, industry standard.
Caching	Redis	Performance and resilience with graceful degradation if unavailable.
Secrets	Provider-native (AWS Secrets Manager, Render env)	No secrets in code. Rotation and access control managed by the provider.

💡 Key point: We don’t rely on legacy VMs or unmanaged servers. Containers and managed services give us fast deployments, clear audit boundaries, and the ability to run on AWS Sydney without rewriting the product.

Two Production Paths

Render for Global Reach, AWS for Australian Sovereignty

One codebase, two deployment targets. The difference is geography and certifications — not security standards, which remain the same in both regions.

🌏

Global Default

Render — Singapore

ap-southeast-1 · Managed platform

Our global default — a managed platform that lets us focus on application and security, not OS or network plumbing. Fast iteration, high availability, and APAC-optimised delivery.

SOC 2 Type II certified
ISO 27001 certified
Continuous deployment with automated health checks
Redundancy and high availability built in
Australian Privacy Principle 8 compliant via contract and technical safeguards

● Live — available now

🇦🇺

Australian Option

AWS — Sydney

ap-southeast-2 · Enterprise cloud

For organisations that require data on Australian soil. Same containers, same codebase, same security model — deployed on AWS Sydney with the enterprise controls health and government teams expect.

AWS Sydney is IRAP-assessed infrastructure
SOC 2 Type II and ISO 27001 (AWS)
ISO 27017 / 27018 cloud security controls
WAF active on public edge
AWS KMS-backed encryption at rest

● Live — available now

Security Controls

Security at Every Layer

We treat infrastructure as part of the security story — not an afterthought. The same controls apply in both regions; only the provider and certifications differ.

🔒

Encryption at Rest

AES-256 for databases and sensitive storage across both regions. AWS Sydney uses KMS-backed encryption.

AES-256 · KMS (AWS)

🔐

Encryption in Transit

TLS 1.2+ enforced on all connections. HSTS applied where applicable to prevent protocol downgrade.

TLS 1.2+ · HSTS

🗝️

Secrets Management

No secrets in code — ever. Provider-managed secret storage with access control and rotation. AWS Secrets Manager on Sydney; Render environment secrets globally.

AWS Secrets Manager · Render env

👤

Access Control

RBAC, SSO, and MFA enforced throughout. Least-privilege service accounts; no shared credentials across tenants.

RBAC · SSO · MFA

Delivery & Reliability

Fast Technology, Without Cutting Corners

Speed and compliance are not opposites. Our delivery practices are designed so updates and patches reach you quickly, safely, and predictably.

🔄

Automated CI/CD Pipelines

Build, test, and deploy with automated gates and rollback options. Every change goes through the same pipeline — no manual shortcuts.

💚

Health Checks on Every Deployment

Every deployment is validated before traffic is shifted. If a health check fails, the deployment stops automatically.

🎯

Zero-Downtime Target

We target zero-downtime deployments using rolling or blue-green strategies, so planned updates don’t result in service interruptions for your users.

TARGET — not a guaranteed SLA

🧹

Dependency & Image Hygiene

We track and patch dependencies and base container images on an ongoing basis — reducing the window of exposure for known vulnerabilities.

At a Glance

What Defines Our Infrastructure

🐳

Containers

Dockerised application — same image runs in Singapore or Sydney.

🔄

CI/CD

Automated, gated deployments with health checks and rollback.

🌐

Dual-Region Ready

Render (Singapore) and AWS Sydney live — one codebase, two targets.

📐

Cloud-Agnostic Design

No lock-in. We can add regions or providers without rewriting the product.

Our Commitment

Transparency, Always

These are design decisions, not marketing claims.

We Document

Where data lives, which provider runs it, and which certifications apply — stated clearly on our Data Residency page and in contracts.

We Don’t Overclaim

We state what we use (Render, AWS) and what’s certified (SOC 2, ISO 27001, IRAP-assessed infrastructure where applicable). Nothing more.

We Design for Change

If we add another region or provider, the same architecture and security principles apply. You are not tied to a geography or a vendor.

Want the Deep Dive?

Architecture & Compliance Discussions Welcome

See our Security and Data Residency pages for full detail — or contact us directly for architecture, procurement, and assurance conversations.

Security Data Residency Contact Us