Skip to main content

TRUST

Trust and governance

CIIS is framed for accountable organisations: traceability, privacy awareness and human judgement without fake certainty.

Impact reporting often becomes risky when numbers lose their evidence trail or software pretends uncertainty does not exist. CIIS is designed to keep evidence, limits and accountability visible.

Data ownership

Your organisation owns the impact data it provides.

Evidence trails

Claims should be traceable back to source material where recorded.

Privacy posture

Designed for aggregate impact work, with minimisation as a shared responsibility.

Human judgement

CIIS supports decisions; it does not make them.

Compliance posture

CIIS includes features and operating patterns intended to support privacy and governance obligations. We avoid public claims like “GDPR compliant” or “APP compliant” as if software alone can guarantee legal compliance.

During a pilot or procurement review, confirm the exact hosting region, subprocessors, retention, access controls, exports, deletion paths and operating responsibilities for your deployment.

Security architecture
CIIS security architecture diagram showing HTTPS, managed encryption, access controls and logical separation
Architecture illustration, not a certification badge. Exact controls depend on deployment.

What CIIS is not claiming

  • No fake partner logos or unpermissioned “trusted by” strips.
  • No automated funding, commissioning or policy decisions.
  • No guarantee that personal information can never enter the system.
  • No blanket legal compliance claim without configuration and legal review.
  • No full grant lifecycle CRM claim when a screen is mock, roadmap or pilot-scoped.

Common questions

Does CIIS make decisions automatically?

No. CIIS supports decisions with structured evidence, confidence signals and traceable outputs. People remain responsible for judgement, approval and action.

Who owns the data?

Your organisation owns the impact information it enters. Exact processing, subprocessors, retention and export terms are handled in contract and privacy materials.

Does CIIS store personal information?

CIIS is aimed at aggregate impact measurement, not individual case management. Account data and user-entered text can still contain personal information, so minimisation and governance remain shared responsibilities.

Is CIIS GDPR or APP compliant?

CIIS is designed to support GDPR- and Australian Privacy Principle-oriented workflows. Legal compliance depends on your configuration, jurisdiction, subprocessors and organisational practices.

Discuss governance before a pilot

Bring privacy, procurement, or assurance questions to a guided pilot conversation or a dedicated trust briefing. We will separate live capability from pilot-scoped work.

Request a governance briefing

Related pages

Current status

What is live vs in development

What CIIS does

Capabilities and boundaries

Pilot

Validate fit in your context