Trust Centre
Security, compliance, and infrastructure in one place — built for health service CTOs and security teams who need straight answers.
Health services evaluate vendors on security, privacy, compliance, and where data lives. Scattered PDFs and vague claims don’t help. The Trust Centre is your single entry point to our security posture, compliance commitment, data residency options, and infrastructure — in plain language, with enough technical depth for CTOs and assessors.
Pick What You Need
Each page is self-contained — go straight to the topic your procurement or security review requires.
Security
Encryption at rest and in transit, SSO, MFA, RBAC, audit logging, and how we apply security-by-design across the platform.
Security overviewPrivacy
What we collect and don’t collect, how we use it, data subject rights under APPs and GDPR, and privacy-by-design principles.
Privacy policyCompliance Commitment
Australian Privacy Act, all 13 APPs, NDB Scheme, GDPR where applicable. What applies, what doesn’t, and why the boundary is clear.
Compliance detailData Residency
Singapore (Render) for our global default; AWS Sydney when Australian data sovereignty is required. Both live now.
Where your data livesInfrastructure
Containers, CI/CD, dual-region deployment strategy, and how we ship secure updates fast without cutting corners.
Infrastructure detailThe Quick Picture
Key facts for security and procurement reviews — with links to the full detail on each topic page.
What We Stand Behind
Four principles that guide every decision about how we build, operate, and document IRIS.
Transparency
We state where data lives, what we process, and which certifications we — and our providers — hold. No vague claims; specific providers, specific certifications.
Compliance
We build and operate to Australian and, where relevant, international standards. We don’t overclaim certifications we don’t hold, and we’re explicit about what applies and what doesn’t.
Innovation With Guardrails
We ship quickly on modern infrastructure — containers, CI/CD, automated health checks — without compromising security controls or compliance obligations.
Choice
We support both a global default (Singapore, Render) and Australian hosting (AWS Sydney) so you can match your organisation’s policy, procurement requirements, and risk appetite.
Running a Questionnaire or Assessment?
We’re used to answering health-sector security assessments. Here’s where to find what you need — and we can provide additional documentation as part of a formal process.
Security Controls
Encryption, access control, audit logging, secure development practices, and provider certifications.
Security overviewCompliance Posture
Applicable frameworks (Privacy Act, APPs, NDB, GDPR), what’s in and out of scope, and why the boundary is clear.
Compliance commitmentData Residency
Region options (Singapore vs AWS Sydney), certifications per region, and how to request Australian hosting.
Data residencyInfrastructure & Stack
Technology stack, providers, container architecture, deployment approach, and CI/CD pipeline details.
InfrastructureWhy Health Services Choose IRIS
One Place
Security, privacy, compliance, residency, and infrastructure — all here.
CTO-Friendly
Enough technical depth for serious evaluation — not a marketing brochure.
Australian-Ready
Privacy Act, APPs, NDB, and optional AWS Sydney — all documented.
No Patient Data
Workforce only. Simpler scope, simpler compliance story for your review.
Let’s Have the Technical Conversation
Pick a topic above, or get in touch for a technical or compliance discussion. We’re used to health-sector procurement and happy to assist.