Module 01
Notice intake & triage
Capture TGA reference, device class, event type, date received, and reporting obligation flag. Auto-generate the 10-day mandatory reporting countdown from event date.
Hosted platformEvidence-backedAU-sovereign data
A hosted operational platform designed for trust, control,
and auditability.
The platform boundary is narrow on purpose: recall operations, action management, evidence packs, closure verification, exception handling, and management visibility. Nothing outside this scope.
Platform boundary
Recall operations & workflow
Evidence management
KPI reporting & audit exports
No clinical decision support
No patient record integration
Platform modules
Six modules. One integrated workflow.
Each module addresses a discrete part of the recall lifecycle. Together they form a continuous, evidence-backed workflow from notice receipt to verified closure.
Module 02
Device & inventory triage
Match the notice to affected device stock at site level. Assign by ward and department. Record affected quantities, UDI capture, and lot number verification.
Module 03
Action assignment & tracking
Assign responsible owners, set due dates, track action types and sub-tasks. Auto-escalate overdue actions to quality lead at configurable thresholds.
Module 04
Evidence pack — RCES aligned
Upload and index supporting documentation against the 19 Recall Closure Evidence Set artefact classes. Store evidence where it belongs — attached to the case that needs it.
Module 05
Exception log & risk decisions
Document devices not recovered with reason code, risk decision rationale, and escalation path. Exceptions are required for closure defensibility — the module makes them impossible to skip.
Module 06
KPI dashboard & audit export
Time-to-identify, time-to-action, verified closure rate, open exceptions, and overdue actions. Export a full audit-ready PDF for board, TGA, or ACHS EQuIP review.
Infrastructure
Hosted, isolated, and designed for bounded support.
The recommended operating model is a single-tenant hosted service with a minimum-PID design, controlled support access, and a customer-visible activity model. All in Australian data centres.
Recommended infrastructure stack
Edge / WAF
Azure Front Door with WAF. TLS 1.2+. DDoS protection standard. OWASP managed ruleset.
App tier
Azure App Service — Australia East. VNET integration. Managed identity. No credentials in config.
Data tier
PostgreSQL Flexible Server. Private endpoint only. Customer-managed encryption key via Key Vault. RLS for tenant isolation.
Identity
Azure AD B2C / enterprise SSO. MFA mandatory for admin. RBAC: site coordinator to group exec. JIT vendor access via PIM.
Data region
Australia East (primary) · Australia Southeast (backups only). No data leaves Australian Azure regions.
Data design principles
- ✓Minimum-PID design — device-event records, not patient records, by default
- ✓Zero standing vendor access — JIT only, customer-approved, fully logged
- ✓Immutable audit logs — all actions logged, 90-day minimum retention
- ✓Tenant isolation — PostgreSQL RLS enforced at database layer
- ✓Soft delete — no hard deletes on evidence or case records
ASD Essential Eight ML1 alignment
✓ Application control
✓ Patch applications
✓ Admin privilege restriction
✓ MFA enforced
✓ Regular backups
✓ OS patching (PaaS)
Build sequence
Development plan — phase by phase.
A clear four-phase sequence from public shell to full hosted service, pilot readiness, and network expansion.
Phase 1 — Now
Brand system & public shell
Website, brand assets, service pages, privacy posture note, and launchable contact route. TGA Stage 1 urgency signal live on homepage.
Phase 2 — Weeks 5–8
Demo pack & Recall Watch
Synthetic notice-to-closure demo, KPI dashboard mockup, evidence-pack example, and first Recall Watch bulletins delivered to early subscribers.
Phase 3 — Months 2–5
Hosted v1 — MVP platform
Tenancy model, roles, intake, tracker, evidence module, dashboard, audit trail, and verified closure sign-off. First customer tenant deployed.
Phase 4 — Months 5–10
Pilot readiness & network
UDI module, multi-site group dashboard, TGA notice auto-import, ACHS EQuIP evidence alignment, and procurement support pack.
Design principles
Three rules that govern every product decision.
✦
Governance-first
Workflow, evidence, closure, and oversight take priority over visual theatre. Every feature must earn its place by reducing recall risk or improving auditability.
🔒
Controlled by default
Vendor access is zero-standing, JIT, and customer-approved. Support is visible, time-bound, and logged. No hidden background access at any tier.
⬡
Scope guardrails
The platform does not diagnose, screen, predict, or treat. Every external sentence is checked against the intended-purpose memo before publication.
Ready to see the platform in a demo?
A 20-minute walkthrough using synthetic data from a comparable hospital type. Remote, no commitment, focused on your current workflow.