Security
At Improval, we take security extremely seriously. We use industry-standard measures to protect information from loss, misuse, and unauthorised access. While no system is ever 100% secure, we continually monitor and improve our safeguards to ensure your data remains protected.
-
Access controls: Only individuals who require access to perform their role are permitted to view personally identifiable information.
-
Awareness: All staff and contractors are trained and kept up to date on our security and privacy practices.
-
Infrastructure: Servers and data are hosted in a secure environment with encryption in transit and at rest.
NHS DTAC Compliance
Improval has completed the NHS Digital Technology Assessment Criteria (DTAC) self-assessment. This provides assurance to healthcare partners that our platform meets the required standards in clinical safety, data protection, technical security, interoperability, and usability/accessibility.
We are:
-
Cyber Essentials certified (ISO 27001 in progress).
-
Hosted on AWS London, following NHS Cloud First and Internet First policies.
-
Compliant with UK GDPR and preparing a full submission to the Data Security and Protection Toolkit (DSPT).
-
Embedding best practice in clinical safety, with AI feedback clearly labelled as educational only and not clinical advice.
-
Working towards WCAG 2.1 AA accessibility standards.
A full DTAC pack is available to NHS organisations and partners on request.