Skip to content

Trust Centre

Built for the standards NHS general practice runs on

Governance, security and clinical safety are not features bolted on after the fact — they are the foundation Jackie is built on. Everything your information governance team needs to assess us is gathered here, in plain terms.

Certifications & standards

The credentials your IG review will ask for

Every standard an information-governance lead expects from a clinical system supplier — and, in plain terms, what each one actually means for your practice.

  • Aligned

    DTAC

    Digital Technology Assessment Criteria

    The NHS baseline for digital health technologies.

    Assessed against clinical safety, data protection, security, usability and interoperability.

  • Compliant

    DSP Toolkit

    NHS Data Security & Protection Toolkit

    Annual NHS data-handling self-assessment.

    Demonstrates we meet the National Data Guardian's ten security standards.

  • Certified

    CE+

    Cyber Essentials Plus

    Government-backed, independently audited cyber standard.

    Hands-on technical verification of our defences against common attacks.

  • Compliant

    DCB0129

    Clinical Risk Management — Manufacture

    Clinical safety standard for health IT manufacturers.

    A named Clinical Safety Officer owns our hazard log and safety case.

  • Compliant

    DCB0160

    Clinical Risk Management — Deployment

    Clinical safety standard for deploying health IT.

    We support your practice's own safety case for go-live.

  • Aligned

    ISO 27001

    Information Security Management

    The international standard for information security.

    Our controls follow the ISO 27001 framework end to end.

  • Compliant

    UK GDPR

    UK GDPR & Data Protection Act 2018

    UK data protection law.

    Lawful basis, data minimisation and patient rights are built in.

  • Annual

    CHECK

    Penetration testing to CHECK standard

    Independent offensive security testing.

    CHECK-accredited testers probe the platform at least annually.

Data & security

Patient data stays in the UK, stays yours

The promises that matter most to a data protection officer, made plainly. Your patients' data is processed in the UK, encrypted, never used to train models, and always under your control.

  • UK data residency

    All patient data is processed and stored in the United Kingdom. It never leaves UK jurisdiction.

  • Encrypted end to end

    Data is encrypted in transit and at rest using industry-standard cryptography.

  • Never used to train AI

    Your patients' data is used to serve your practice — full stop. It is never used to train models.

  • Stays with your practice

    You remain the data controller. Auxilis processes data strictly under your instruction.

  • Least-privilege access

    Role-based access, full audit trails, and strict internal controls on who can see what.

  • Clear retention

    Defined retention and deletion schedules, documented in your data processing agreement.

Clinical safety

Safety is owned, not assumed

A named Clinical Safety Officer maintains our hazard log and clinical safety case under DCB0129, and we support your own DCB0160 safety case for deployment. Engineers and clinicians review every safety-relevant decision together.

A named Clinical Safety Officer

A qualified Clinical Safety Officer maintains our hazard log and clinical safety case, and reviews every safety-relevant change before it reaches your practice.

  • DCB0129 Clinical risk management for our manufacture of the system — the hazard log and safety case are ours to own.
  • DCB0160 We support your practice's own deployment safety case, so go-live is signed off with confidence.

  1. Engineering meets clinical reality

    A tight feedback loop puts technical rigour and clinical judgement in the same room from day one.

  2. Conservative by default

    When Jackie is uncertain, she escalates to a human rather than guessing.

  3. Transparent and auditable

    Every call is logged and reviewable, so your practice can see exactly what happened.

  4. See how Jackie knows when to stop and escalate to a human

Documentation

Request the security pack

Tell us where to send it and we will get your information governance team everything they need to complete a review — assembled and ready, not a scavenger hunt across portals.

Request the security pack
  • DTAC assessment Our completed Digital Technology Assessment Criteria response.
  • DPIA support pack Templates and our data flows to accelerate your DPIA.
  • Clinical safety case Hazard log and safety case summary (DCB0129).
  • Data processing agreement Controller–processor terms and sub-processor list.
  • Security overview Architecture, encryption, access control and testing.
  • Penetration test summary Latest CHECK-standard test attestation.

Ready to end the 8am rush?

Book a demo and hear Jackie handle a real GP call — triage, notes, and a clean escalation to your team.

Book a demo Hear a real call