Back to Home
Enterprise-Grade Security

Your Data, Protected by Australian Standards

NovoCove is built from the ground up with security at its core. From AES-256 encryption to Australian-only data residency, every design decision prioritises the protection of your sensitive compliance information.

Security at Every Layer

Six pillars of protection ensure your compliance data is secure, available, and fully auditable at all times.

End-to-End Encryption

All data is encrypted using AES-256, the gold standard in data protection. Every connection to our platform is secured with TLS 1.3, ensuring your sensitive compliance data remains private from transmission to storage.

  • AES-256 encryption at rest for all stored documents
  • TLS 1.3 for all data in transit
  • Encrypted database backups
  • Secure key management via AWS KMS

Australian Data Sovereignty

Your data never leaves Australia. We host exclusively on AWS Sydney (ap-southeast-2) to ensure complete compliance with Australian data residency requirements and the Privacy Act 1988.

  • AWS Sydney region (ap-southeast-2)
  • Australian data residency guaranteed
  • No offshore data processing
  • Compliant with Privacy Act & APPs

Granular Access Controls

Role-based access control (RBAC) ensures every user only sees what they need to. Multi-factor authentication (MFA) and single sign-on (SSO) add extra layers of account protection.

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Single sign-on (SSO) via SAML 2.0
  • Granular permission sets per role

Compliance Aligned

Our security program is aligned with ISO/IEC 27001 and SOC 2 frameworks. We follow industry best practices for information security management, risk assessment, and continuous improvement.

  • ISO 27001 aligned security program
  • SOC 2 Type II controls framework
  • Regular third-party audits
  • Annual penetration testing

Real-Time Audit & Monitoring

Comprehensive logging and real-time monitoring of all platform activities. Every login, document access, and data modification is tracked and available for audit review.

  • Real-time security event monitoring
  • Comprehensive audit logs for all actions
  • Automated anomaly detection
  • SIEM integration for threat analysis

Backup & Disaster Recovery

Your data is backed up daily with point-in-time recovery capability. Our disaster recovery plan ensures business continuity with a tested RTO of under 4 hours and RPO of under 1 hour.

  • Daily automated encrypted backups
  • Point-in-time recovery (PITR)
  • RTO under 4 hours, RPO under 1 hour
  • Quarterly disaster recovery drills

Additional Security Measures

Continuous vulnerability scanning and patch management
Secure API access with token-based authentication and rate limiting
24/7 security operations centre (SOC) monitoring
Annual third-party penetration testing and security audits

Trusted by Australian Care Providers

Our security infrastructure meets the standards demanded by Australia's most regulated care sectors.

Australian Hosted

AWS Sydney

ISO 27001 Aligned

Security certified

AES-256 Encryption

At rest & in transit

SOC 2 Framework

Enterprise controls

Privacy Act Compliant

Australian law

99.9% Uptime SLA

Enterprise ready

Have questions about our security?

Our security team is happy to provide additional information, including our SOC 2 report and security questionnaire responses.

Contact Security Team