← Back to home

Governance & compliance

Our approach to clinical governance, data security, regulatory compliance, and transparent operation in healthcare environments.

Clinical governance

Aescia operates under defined clinical governance frameworks:

  • Clinician-in-the-loop: All platform outputs are advisory. Clinical decisions remain with qualified healthcare professionals.
  • No autonomous actions: The platform does not make treatment decisions, prescribe medications, or initiate clinical interventions.
  • Transparent escalation logic: All risk classification rules are documented, auditable, and explainable to clinical teams.
  • Configurable to local protocols: Escalation thresholds and pathways can be adjusted to align with institutional policies.

Data security & privacy

Patient data protection is fundamental to our architecture:

  • In-country data storage: All patient data is stored within your jurisdiction
  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access controls: Role-based access with audit logging of all data access
  • Data minimization: Only clinically necessary information is collected
  • Privacy compliance: Aligned with local privacy regulations

Information security standards

Development and operations follow recognized security frameworks:

  • ISO 27001: Information security management principles
  • OWASP: Secure development practices and vulnerability management
  • Regular security assessments: Penetration testing and vulnerability scanning
  • Incident response: Documented procedures for security event handling

Medical device regulation

Aescia is positioned as Software as a Medical Device (SaMD):

  • Regulatory framework: Aligned with local medical device regulations
  • IEC 62304: Medical device software lifecycle development practices
  • Risk classification: Appropriate regulatory pathway based on device classification
  • Current status: Use limited to approved evaluation contexts pending pathway completion

Evaluation & evidence practices

We maintain rigorous standards for clinical evidence:

  • Time-limited evaluations: Scoped engagements with predefined endpoints
  • Ethics review: Site-specific ethics approval where required
  • Transparent reporting: Evaluation outcomes reported openly, including negative results
  • No deployment without evidence: We do not seek routine use without demonstrated outcomes

Organizational structure

Legal entities

Aescia Pty Ltd (AU)

Aescia Inc (Quebec)

ABN

96 687 840 517

Leadership

Aescia is led by clinicians and technologists with acute care experience:

  • Clinical leadership with direct experience in post-discharge care pathways
  • Technical team with healthcare software development background
  • Advisory input from practicing clinicians across target specialties

Compliance certifications

Current and planned compliance documentation:

  • ISO 27001 principles (in practice)
  • IEC 62304 lifecycle practices (documented)
  • TGA regulatory pathway (in progress)
  • Site-specific ethics approvals (obtained per engagement)

Governance principles

  • All outputs are advisory—clinicians make decisions
  • Escalation logic is transparent and auditable
  • Patient data stays in-country
  • No deployment without demonstrated evidence
  • Configurable to institutional requirements

Ready to discuss an evaluation?

Get in touch