Governance and security

Governance is the first thing we built, not the last thing we documented.

How Dr Sophia AI is clinically governed, the frameworks the platform is designed against, the audit trail behind every decision, where your data lives, and who sits on our governance side.

Clinical consensusSophia Decision

  • Clinically governed
  • ERP integration ready
  • Australian residency
Decision provenance and audit trail

Every recommendation, traceable to source.

Every clinical recommendation carries its reasoning and its source: the data, the guideline applied, the agents that contributed, the consensus reached, and the clinician who signed it off. Dr Sophia uses Explainable AI, so a decision is transparent rather than a black box, and the record is designed for an immutable, tamper-evident audit trail. The artefact is queryable in two years, in a language regulators read.

0/42
Agents concur on a decision, with dissent logged not hidden
0%
Decisions anchored to a verifiable record
0s
To consensus finality, before the clinician reviews
Sophia Guard · audit streamRecording
Dr A. Rao accepted the recommendationREC-4821 · de-identified14:02:11
Dr J. Okafor overrode the recommendation, reason loggedREC-4822 · de-identified14:06:38
Dr A. Rao reviewed the evidence trailREC-4823 · de-identified14:09:52
Governance lead exported the audit packsystem · Hedera-anchored14:12:03
How a decision is reached

Consensus, logged dissent, then a clinician who signs off.

Forty-two agents reason in parallel and record dissent. Consensus requires a Byzantine quorum across agentic teams. A clinician accepts, overrides with reason, or flags for review before anything is anchored.

Data, privacy, and residency

Your data does not leave Australia.

Clinical data created in Australia stays in Australia. Records are hosted in our Adelaide region by default, governed by Australian law, with no cross-border processing unless you ask for it. US-only hosting is available, and teams that cannot share infrastructure can run private cloud or on premise.

Residency

AU-East primary hosting

Sovereign residency by default, configurable AU-only or US-only.

Deployment

Sovereign-cloud and on-prem

Healthcare-compliant secure cloud, private cloud, or fully on-premise.

Encryption

AES-256 at rest

Data encrypted at rest, with keys held in your nominated region.

Identity

SSO via SAML and OIDC

Enterprise identity through your provider, on your policy.

Access

RBAC to the clinician role

Role-based access, granular, every action audited and recorded.

Interoperability

FHIR R4 compliant

Interoperable with your record system, to the spec.

Encryption

TLS 1.2+ in transit

Encrypted transport on every connection, end to end.

Identity

Multi-factor authentication

MFA enforced on every privileged account.

Isolation

Tenant isolation

Each organisation’s data isolated, never co-mingled.

Resilience

Encrypted backups

Backups encrypted and held in your nominated region.

Key management

HSM key management

Keys generated and held in a hardware security module.

Government

ISM-aligned, IRAP posture

ISM alignment published in plain view; IRAP assessment on the roadmap.

Encryption

TLS 1.2+ in transit

Encrypted transport on every connection, end to end.

Identity

Multi-factor authentication

MFA enforced on every privileged account.

Isolation

Tenant isolation

Each organisation’s data isolated, never co-mingled.

Resilience

Encrypted backups

Backups encrypted and held in your nominated region.

Key management

HSM key management

Keys generated and held in a hardware security module.

Government

ISM-aligned, IRAP posture

ISM alignment published in plain view; IRAP assessment on the roadmap.

Compliant with the Privacy Act 1988 (Cth), APP 3 (collection) and APP 6 (use and disclosure), with data-subject access rights and a stated retention and deletion policy. Residency is configurable, AU-only or US-only; under on-prem or sovereign-cloud deployment, data does not leave your nominated region. For government evaluation, ISM alignment and IRAP posture are published in plain view, not held in confidence.

Two regulatory lanes

Two products, two regulatory lanes, one philosophy.

The same engine, on two go-to-market paths. Rose AI Clinician carries the registration. Dr Sophia AI is the enterprise platform behind it.

The registered product

Rose AI Clinician

Australian SaMD, Class I
  • ScopeClinical decision support, registered for use in Australian clinical settings.
  • Intended useSupporting registered clinicians in decision-making.
  • Target buyerClinics and clinician end users.
  • Live todayAt Botaniqal Clinics, “Supported by ROSE”, since March 2026.
The enterprise platform

Dr Sophia AI

Designed against the Australian SaMD framework
  • ScopeThe full clinical reasoning engine, a B2B platform for healthcare organisations.
  • Intended useEmbedded inside enterprise clinical and insurance workflows.
  • Target buyerHealthcare networks, insurers, large GP networks.
  • Live todayDeployed as the engine inside Rose, with white-label optionality.

One platform, two markets. Clinic-direct through Rose, enterprise-embedded through Sophia.

Evidence & certifications

The proof pack governance leads and CISOs check first.

The standards procurement, security, and clinical-governance reviewers ask about most, each with its current status so you can see exactly where the platform stands.

Statuses are current as of publication and reviewed before each release, spanning certifications held, work in progress, and items on the roadmap.

ISO 9001

Quality management system, audited and maintained at Botaniqal and Limited Edition Labs.

Certified

Privacy Act 1988

APP 3 and APP 6 controls applied to collection, use, and disclosure of personal information.

Compliant

ISO 27001

Information security controls built to the standard, ahead of accreditation. In audit.

Accreditation in process

ISO 42001

AI management system built to the standard, governing how the agentic platform is run and reviewed.

Accreditation in process

SOC 2

Trust services criteria assessment, Type I scoped first with Type II to follow.

Type I in process

HIPAA

US healthcare privacy and security rule attestation, scoped for international deployments.

Attestation in process

AHPRA · RACGP

Follows professional and college human-review principles. The clinician retains authority at every step.

Aligned

ISO 14971 · IEC 62304

Medical-device risk management and software lifecycle, applied through Sophia Guard.

Applied via Guard

Australian SaMD framework

Built to the published Software as a Medical Device controls. Rose AI Clinician is the registered SaMD, Class I.

Framework only

FDA CDSS guidance

Built to the United States clinical-decision-support guidance, for international deployments.

Designed against

HL7 FHIR interoperability

Interoperable with your record system by specification, through native integration pathways.

Compliant

HITRUST

Pursued to support scaling into United States healthcare environments.

On the roadmap

IRAP · Australian government

Assessment against the Information Security Manual for Australian government procurement.

On the roadmap
Deep-evaluation FAQ

Common questions for procurement teams.

Does Dr Sophia diagnose or prescribe?

No. Dr Sophia is a Clinical Decision Support System. It does not autonomously diagnose, prescribe, or replace professional judgement. It structures the assessment and queues high-risk decisions to a registered clinician, who keeps full authority and is the named author of the record.

How is patient data handled end to end?

Personal information is handled under the Privacy Act 1988 (Cth), including APP 3 and APP 6, with AES-256 encryption in transit and at rest, RBAC down to the clinician role, and AU-East primary hosting. Data stays in Australia by default, with configurable residency, AU-only or US-only.

What happens if the model gets something wrong?

The clinician reviews the basis and can override any recommendation. Every override is logged with its reason, dissents inside the consensus, reached as a Byzantine Consensus, a quorum across agentic teams, are recorded, and the full trail is anchored, so a wrong output is visible and accountable rather than hidden.

How does the audit trail satisfy an AHPRA review?

Each decision exports as a one-click audit pack: the source guideline, the reasoning, the consensus result with logged dissent, the clinician sign-off, and the Hedera anchor. The basis is on the record already, not reconstructed from memory.

Can the platform be deployed on-prem?

Yes. Sovereign-cloud and on-prem deployment options are available, alongside the AU-East primary hosting. Under those options, data stays within your nominated Australian region.

How is the platform tested for clinical safety?

The platform is designed against ISO 14971 and IEC 62304, applied through Sophia Guard, with the clinician retaining authority over every output.

Does the platform meet IRAP / ISM requirements for Australian government procurement?

The platform is built to sovereign AU-East hosting with the controls a government security review reads.

What is the disclosure posture if a clinician challenges a recommendation in a tribunal?

The full decision provenance is exportable and defensible: source, reasoning, consensus with dissent, and the clinician's recorded decision. The clinician retains full professional and legal responsibility, and the record supports rather than replaces their account.

How does the platform integrate with our systems?

Through HL7 FHIR and native integration pathways, so Dr Sophia works inside the EHR and claims systems your teams already use rather than replacing them.

Is there a live demonstration we can see?

Yes. A full functional demonstration is available on request, alongside an agentic data-room link that lets your team question our mini data room directly. Source documents on the tech stack and architecture can be shared with technical teams as part of that link.

Still evaluating?Take the governance posture to your committee. We send a briefing pack you can forward to your clinical, IT, and counsel teams.
Book a demo
Ready when you are

Ready to take this to your committee?

We respond personally within 1 to 3 business days. You will receive a briefing pack you can forward to your clinical, IT, and counsel teams.

The governance posture, in writingClinician-led authority, the audit model, and the frameworks ledger.
A sample audit packThe decision-provenance artefact, end to end, on a synthetic record.
The CIO questionnaire answersHosting, encryption, access, and residency.