SECURITY OVERVIEW
How we keep your data safe
MyConsumables is built for pharmacies and aged care providers who handle sensitive resident and medication data. Here's exactly how we protect it.
INFRASTRUCTURE
Hosted in Australia
All data is stored in the Australian region, keeping it under Australian privacy law.
All data is stored in the Australian region, keeping it under Australian privacy law.
Encrypted in transit and at rest
Data is encrypted in transit and at rest — the same standard used by major financial institutions.
Data is encrypted in transit and at rest — the same standard used by major financial institutions.
Regular backups
Automated daily backups with tested restore procedures ensure your data is never lost.
Automated daily backups with tested restore procedures ensure your data is never lost.
ACCESS & COMPLIANCE
Role-based access control
Staff only see what they need. Admin, pharmacist, and carer roles are separated with distinct permission levels.
Staff only see what they need. Admin, pharmacist, and carer roles are separated with distinct permission levels.
Australian Privacy Principles (APPs)
We operate in alignment with the APPs under the Privacy Act 1988, covering how we collect, use, and disclose personal information.
We operate in alignment with the APPs under the Privacy Act 1988, covering how we collect, use, and disclose personal information.
Audit logging
Audit logging
Coming soon
Coming soon
A full activity trail — every action logged with timestamp and user ID — is currently in development.
A full activity trail — every action logged with timestamp and user ID — is currently in development.
Two-factor authentication
Two-factor authentication
Coming soon
Coming soon
2FA for all users with enforcement for admin accounts is on our near-term roadmap.
2FA for all users with enforcement for admin accounts is on our near-term roadmap.
ACSC ESSENTIAL EIGHTALIGNMENT
Aligned with Australia's Essential Eight framework
We align our security practices with the Australian Cyber Security Centre's Essential Eight — the Australian government's recommended baseline for protecting digital systems. Below is where we currently stand across each of the eight mitigation strategies.
We align our security practices with the Australian Cyber Security Centre's Essential Eight — the Australian government's recommended baseline for protecting digital systems. Below is where we currently stand across each of the eight mitigation strategies.
Application control
Active
Active
Only approved services and integrations run within our platform environment.
Only approved services and integrations run within our platform environment.
Patch applications
Active
Active
Dependencies and third-party libraries are regularly reviewed and updated.
Dependencies and third-party libraries are regularly reviewed and updated.
Patch operating systems
Active
Active
AWS-managed infrastructure ensures OS patches are applied automatically and promptly.
AWS-managed infrastructure ensures OS patches are applied automatically and promptly.
Restrict admin privileges
Active
Active
Admin access follows least-privilege principles — both in the app and on our cloud infrastructure.
Admin access follows least-privilege principles — both in the app and on our cloud infrastructure.
Regular backups
Active
Active
Daily automated backups stored securely, with tested restoration procedures in place.
Daily automated backups stored securely, with tested restoration procedures in place.
Multi-factor authentication
Coming soon
Coming soon
MFA is in active development and will be enforced for admin accounts on release.
MFA is in active development and will be enforced for admin accounts on release.
User app hardening
Active
Active
Browser-based access is hardened against common attack vectors including XSS and CSRF.
Browser-based access is hardened against common attack vectors including XSS and CSRF.
Office macro restrictions
Active
Active
Not applicable to our web-based platform — no macro execution environment is present.
Not applicable to our web-based platform — no macro execution environment is present.
We're working toward full Essential Eight Maturity Level 1 compliance. As we complete our MFA and audit logging rollout, we'll update this page to reflect our current standing.
We're working toward full Essential Eight Maturity Level 1 compliance. As we complete our MFA and audit logging rollout, we'll update this page to reflect our current standing.
Have a security question?
We're happy to answer procurement or compliance questions from your team.
The right consumable, at the right time for the right price
Copyright © 2026 MyConsumables. All Rights Reserved
The right consumable, at the right time for the right price
Copyright © 2026 MyConsumables. All Rights Reserved
The right consumable, at the right time for the right price
Copyright © 2026 MyConsumables. All Rights Reserved
The right consumable, at the right time for the right price
Copyright © 2026 MyConsumables. All Rights Reserved