CordoCare
Trust & Security

Your Data, Protected

CordoCare is built to ISO 27001 security standards from the ground up. Encrypted, access-controlled, and engineered to protect sensitive NDIS data.

Managed Infrastructure
AES-256 Encrypted
ISO 27001 Standards
Full Audit Trail

Data Protection & Infrastructure

Sensitive data is protected with managed cloud infrastructure, encrypted backups, and access controls designed for Australian providers.

  • Managed cloud infrastructure with regional deployment controls
  • Encrypted backups and recovery procedures
  • Privacy controls designed to support Australian providers
  • Operational access limited and reviewed

Encryption

Enterprise-grade encryption protects data at every stage - in transit and at rest.

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database backups
  • Secure file storage with encryption

Role-Based Access Control

Granular permissions ensure team members only access what they need. Four built-in roles with configurable access levels.

  • Coordinator, Admin, Finance, and Viewer roles
  • Participant-level access restrictions
  • Organisation-scoped data isolation
  • Invitation-only team onboarding

Audit Trail

Every action is logged with timestamps, user attribution, and IP addresses. Full traceability for compliance audits.

  • Immutable audit logs on all record changes
  • User, timestamp, and IP recorded
  • Case note version history
  • Login and session tracking

NDIS Compliance

Built to align with NDIS Practice Standards and Quality and Safeguards Commission requirements.

  • Case note compliance tracking
  • Incident, risk, and feedback registers
  • Worker screening tracking
  • Evidence collection for audits

Built to ISO 27001 Standards

CordoCare is engineered to meet ISO 27001 information security standards. Every design decision, from infrastructure to access controls, is guided by ISO 27001 requirements as we work towards formal certification.

  • Information security management system (ISMS) aligned to ISO 27001
  • Regular security assessments and penetration testing
  • Documented security policies, risk treatment, and incident response
  • Formal certification in progress

Data Retention & Deletion

Clear data retention policies with a 60-day post-deletion retention window before permanent removal.

  • 60-day soft-delete retention period
  • Permanent deletion after retention window
  • Data export available before account closure
  • GDPR-aligned deletion processes

SOC 2 Readiness

Our infrastructure and processes are built with SOC 2 Type II compliance principles from day one.

  • Automated infrastructure monitoring
  • Incident response procedures documented
  • Change management processes
  • Regular backup verification and disaster recovery testing

Have security questions?

We're happy to discuss our security practices in detail. Reach out to our team for a security review or to request our security documentation.

Contact UsPrivacy Policy