Security at AuditCore

AuditCore is built to handle sensitive NDIS compliance data, including participant records and incident information. Security is a core part of our platform design, not an afterthought.

Data Encryption

• AES-256-GCM encryption for all sensitive participant and incident data at rest
• TLS 1.2+ encryption for all data in transit
• Encrypted database backups with point-in-time recovery
• Unique encryption keys per tenant

Infrastructure Security

• Hosted on DigitalOcean in Sydney (SYD1) — Australian data sovereignty
• Managed PostgreSQL with automated security patches
• Firewall rules restricting database access to application servers only
• Regular security updates applied to all infrastructure components

Access Controls

• Role-based access control (RBAC) — workers see only what they need
• JWT authentication with secure token expiry
• Bcrypt password hashing with salt rounds
• Account lockout after failed login attempts
• Audit logs for all administrative actions

Reporting a Vulnerability

If you discover a security vulnerability in AuditCore, please report it responsibly to info@auditcore.com.au. We will acknowledge your report within 48 hours and provide regular updates on our progress.