Aged care runs on systems that can't be offline — whether you operate the facilities or build the software they run on. Care staff need resident information at handover, families expect responsiveness, and the regulator expects you to demonstrate, not assert, that resident data is protected. Meanwhile the IT budget competes directly with care hours, which is a losing argument to have every year.
We look after the infrastructure underneath, so it's dependable, defensible, and not consuming the operational budget.
What we look after
Systems that stay available
Care and clinical systems monitored and supported around the clock, because a residential facility has no after-hours.
Resident data protection
Access controlled, logged, and hosted onshore in AWS Sydney — so who can reach resident information is a question with a clear answer.
Evidence for the standards
Logging, backup, and recovery set up so demonstrating compliance is a report rather than a project.
Predictable cost
Right-sized infrastructure with spend that doesn't quietly climb against a budget that competes with care.
Providers, and the platforms behind them
Two kinds of organisation call us about aged care, and they need different things.
Providers need the infrastructure under care systems to stay up, stay onshore, and stand up to an audit — usually without a large internal IT team to run it.
The software companies serving aged care need something else: engineering leadership, delivery pipelines, and an architecture that scales as providers onboard. Their customers are regulated, so their platform inherits that scrutiny whether or not they planned for it.
We work at both ends. It's the same problem viewed from either side of the contract, and having sat on both sides is usually the useful part.
Acted as CTO in the gap between the CEO and the software development manager, working with senior development teams to deliver new infrastructure, development pipelines, CI/CD, and an application framework for a platform serving the aged care sector — plus ongoing leadership and support for key stakeholders.
Outcome New infrastructure, CI/CD, and an application framework — with steady leadership between the board and engineering.
Why aged care comes to us
- Resident data sits across systems nobody can fully account for
- The Strengthened Aged Care Quality Standards require evidence the current setup can't easily produce
- Care systems have outages, and the escalation path is a vendor queue offshore
- Infrastructure grew as facilities were added, and now nobody owns the whole picture
- Every IT dollar is measured against care hours, so spend has to be justified
- The platform is a software company's whole business, but there's nobody senior owning the technology strategy
How we work
Audit
We map the systems, the data, and the access — and rank what's an actual risk versus what's simply undocumented.
Secure and stabilise
Access control, backup, monitoring, and recovery fixed first, sequenced so care operations aren't disrupted.
Operate
Ongoing support from an Australian team you can call, with costs that stay predictable.
Discretion
We publish engagements by sector with the client name withheld. For providers handling resident data, that discretion is the point — we protect our clients' details the way we'll protect yours.
If you want the detail behind the work above, ask us. We'll go through it with you directly as part of talking about your own systems.
Yes. We look after the infrastructure, security, and integration underneath — we don't replace your clinical or care management platform. If you're evaluating one, that's a Software Review.
Yes — AWS Sydney (ap-southeast-2) by default, with access controlled and logged.
That's most of the work. Backup, logging, access control, and recovery get set up so evidence comes out of the system rather than out of someone's memory. See SOC 2 & ISO 27001 Compliance Audit for the formal certification path.
Yes — see the engagement above. For software companies in the sector we provide engineering leadership, infrastructure, and delivery pipelines, often as a Virtual CTO. Your platform inherits your customers' regulatory scrutiny, and it's better to build for that than retrofit it.
Get your infrastructure and data handling reviewed
We'll show you where resident data is exposed and what it takes to close it — highest risk first.