Security

Security & Privacy

This page summarises Aescia’s security posture for clinical evaluation contexts. Formal validation is expected to occur through standard public-sector procurement and security review processes.

Data residency

Aescia is intended to support Australian data residency for Australian public hospital evaluations.

Encryption

  • Encryption in transit (e.g., Transport Layer Security)
  • Encryption at rest

Access controls and auditability

  • Role-based access control
  • Audit logging of access and key actions
  • Principle of least privilege for administrative access

Subprocessors

Aescia may use subprocessors to deliver functionality (e.g., messaging). Subprocessors and their roles should be disclosed and contractually controlled for any evaluation.

Incident response

Aescia maintains an incident response approach, including containment, investigation, notification, and remediation processes consistent with contractual and regulatory expectations.

Retention and deletion

Evaluation data retention periods and deletion processes should be defined per site requirements and contract terms.

Evaluation security documentation

For a paid evaluation, we expect to provide (at minimum):

  • security overview and architecture summary
  • subprocessor list and data flow description
  • access control model and audit logging approach
  • incident response summary and notification timeframes
GovernanceClinical & Regulatory