Our approach to security is designed to safeguard both you and the Australians you support. We store all our data in Australia and encrypt end-to-end, we are continuously innovating in fraud protection and we protect your data like our business depends on it – because it does.
We adhere to industry-leading standards to manage our network, secure our web applications and set policies across our organisation.
The information on this page relates to the Tyro Health Online solution. If you would like to view the Tyro Security Policy, which covers Tyro offerings including Tyro EFTPOS machines, please click here.
To deliver a service that meets our high expectations for information security, we employ a range of policies and processes specifically designed to ensure a high level of security, and to keep it there.
You can read more about how we collect, store, use and disclose personal information at our Privacy Policy.
ISO 27001 is the leading international standard for Information Security. You can view our independent certification here.
Sensitive, private and confidential health information is processed and stored exclusively in Australia.
We encrypt data in transit and data at rest using strong, modern ciphers. Further, payment card details and health account information is protected through an advanced tokenisation system.
We only store information necessary for providing our services and only for the period required to meet operational or regulatory responsibilities.
Our hosting partners abide by best practice security frameworks including: ISO27001, Australian InfoSec Registered Assessors Program (IRAP), SOC 1, SOC 2 and PCI DSS.
We undergo regular independent auditing and testing, and employ subject matter experts across our security framework to identify potential issues and to enhance control effectiveness.
Tyro Health is committed to optimising our information security performance consistent with our risk appetite. In providing services to our clients, Tyro Health has access to their information and we expect that all staff and contractors have a clear understanding of their information security obligations. Tyro Health also has its own information, much of which needs to be secured to enable the business to operate effectively.
As a medical insurance claims software developer for our clients, we are committed to industry standards for the development lifecycle and the incorporation of information security into each phase of this lifecycle. We will ensure that information security is a key element of this and our ongoing client servicing.
To assist us in assuring our information security performance, we are committed to the implementation, maintenance and continual improvement of our Information Security Management System (“ISMS”). Our ISMS is ISO 27001 certified and compliant. The purpose of this ISMS and this policy is to achieve the following objectives:
We are committed to ensuring that our ISMS is capable of meeting owners, clients and legal requirements for information security. To achieve this end, we are fully committed to the recruiting and skilling of our staff to deliver information security outcomes that are consistent with our risk appetite.
If you’ve discovered a security vulnerability in our platform or service, please email us at security@tyrohealth.com. We will respond promptly. To help us resolve the issue quickly, we request that you:
We won’t take legal proceedings against you or administrative action against your account if you act accordingly.
Although we do not have a security “bounty program”, we’ll make best endeavours to recognise your goodwill.
Want to find out more about how Tyro keeps it’s solutions safe?
