Evidence & Safety

How ScribeMat meets the safety, security, and information governance expectations for NHS deployment.

Clinical safety

ScribeMat is developed in line with DCB0129 — the NHS clinical safety standard for software manufacturers. A formal Clinical Safety Case and Hazard Log have been produced and are maintained under clinical governance oversight.

The platform is designed as a decision-support tool for registered healthcare professionals — it does not replace clinical judgement.

Security & infrastructure

All patient data is stored within the United Kingdom at all times.
The platform has undergone independent penetration testing by a specialist third party, with all critical findings remediated and evidenced.
Patient identifiable data is encrypted at rest and in transit.
The platform operates under a Zero Trust security model — access is strictly controlled and continuously verified.
Continuous monitoring and intrusion detection are in place.
A full suite of security policies, standards, and procedures is maintained and reviewed annually.

Data protection

Operates under UK GDPR / DPA 2018.
ScribeMat acts as a data processor on behalf of NHS Trusts, who remain the data controller.
Data Protection Impact Assessments (DPIAs) have been completed for both the simulation trial and live patient data use.
Full governance documentation is available to Trusts on request.

Questions about governance, procurement, or participation?