Security & Compliance - My Assessment Space

Comprehensive Compliance Framework

Meeting and exceeding all regulatory requirements across healthcare and education

Healthcare Compliance

Medical Device

MHRA Software as Medical Device (SaMD) Class IIa

Full certification for medical device software with clinical decision support capabilities

Certified: March 2024

NHS Digital Technology Assessment Criteria (DTAC)

Comprehensive approval across all 5 DTAC sections including clinical safety and interoperability

Approved: April 2024

ISO 13485 Quality Management System

International standard for medical device quality management and regulatory compliance

Certified: February 2024

Clinical Safety Management (DCB0129/DCB0160)

NHS clinical risk management standards for health IT systems

Compliant: Ongoing

Educational Compliance

SEND Standards

SASC Guidelines Compliance

SpLD Assessment Standards Committee guidelines for dyslexia assessment professionals

Verified: May 2024

Children and Families Act 2014

Full compliance with EHCP statutory processes and 20-week timelines

Compliant: Ongoing

SEND Code of Practice

Adherence to statutory guidance for organizations supporting children with SEND

Compliant: Ongoing

Equality Act 2010

Full accessibility compliance and reasonable adjustment capabilities

Compliant: Ongoing

Data Protection & Security

Privacy First

UK GDPR Compliance

Enhanced data protection with field-level encryption and privacy by design

Certified: January 2024

Data Security and Protection Toolkit

NHS cybersecurity standards with annual assessment and compliance

Compliant: 2024 Assessment

Cyber Essentials Plus

Government-backed cybersecurity certification with technical verification

Certified: March 2024

SOC 2 Type II

Independent audit of security, availability, processing integrity, and confidentiality

Audited: Annual

Security Architecture

Multi-layered security approach protecting sensitive healthcare and educational data

Network Security

DDoS Protection

Advanced protection against distributed denial of service attacks

Web Application Firewall

Real-time filtering of malicious traffic and attack patterns

Network Segmentation

Isolated network zones with controlled access between segments

Content Delivery Network

Global edge protection with intelligent traffic routing

Application Security

Zero Trust Architecture

Never trust, always verify approach with continuous authentication

Multi-Factor Authentication

Mandatory MFA with hardware token and biometric support

Secure Code Development

OWASP Top 10 protection with automated security scanning

Role-Based Access Control

Granular permissions with principle of least privilege

Data Protection

Field-Level Encryption

AES-256 encryption for all PHI/PII at the field level

Encrypted Databases

Transparent data encryption with key rotation

Data Masking

Dynamic data masking for non-production environments

Secure Data Disposal

Cryptographic erasure and certified destruction

Monitoring & Response

24/7 Security Operations

Continuous monitoring with AI-powered threat detection

Comprehensive Audit Logs

Immutable audit trail with tamper-evident logging

Incident Response

Automated incident response with forensic capabilities

Threat Intelligence

Real-time threat intelligence integration and analysis

Privacy by Design

Built-in privacy protection exceeding regulatory requirements

Data Minimization

Collect only essential data required for clinical and educational assessment purposes

✓ Purpose limitation enforcement

✓ Automated data classification

✓ Collection justification logging

Consent Management

Granular consent controls with clear purpose specification and easy withdrawal

✓ Granular consent options

✓ Consent withdrawal tracking

✓ Purpose-specific permissions

Data Retention

Automated retention policies with secure deletion after legal requirements expire

✓ Automated retention enforcement

✓ Legal hold capabilities

✓ Secure deletion verification

Individual Rights

Comprehensive tools for exercising GDPR rights including access, rectification, and portability

✓ Self-service data access

✓ Data rectification tools

✓ Portable data formats

Transparency

Clear, understandable privacy notices with real-time processing visibility

✓ Plain language privacy notices

✓ Processing activity logs

✓ Data sharing transparency

Security by Default

Highest security settings enabled by default with opt-out rather than opt-in protection

✓ Maximum security defaults

✓ Encryption always enabled

✓ Secure communication protocols

Audit & Monitoring

Comprehensive audit trails and continuous monitoring for complete accountability

Comprehensive Audit Trails

What We Log

All user authentication and authorization events
Data access, modification, and deletion activities
System configuration changes
Clinical decision support interactions
Report generation and sharing
API calls and integrations
Security events and incidents

Audit Properties

Immutability: Tamper-evident logs

Retention: 7 years minimum

Integrity: Cryptographic verification

Accessibility: Real-time search

Real-Time Security Monitoring

Threat Detection

99.99%

Detection Rate

Response Time

< 60s

Mean Response

Coverage

100%

System Monitoring

False Positives

< 0.1%

Alert Accuracy

Compliance Reporting & Documentation

Comprehensive documentation and automated reporting for regulatory compliance

Available Reports

Clinical Safety Report

Comprehensive safety analysis including risk assessments and mitigation strategies

Updated: Monthly

Security Assessment Report

Detailed security posture analysis with vulnerability assessments and remediation

Updated: Quarterly

Privacy Impact Assessment

GDPR compliance analysis with data flow mapping and privacy risk evaluation

Updated: Annually

Audit Compliance Report

Complete audit trail analysis with compliance verification and gap analysis

Updated: Real-time

Current Certifications

MHRA SaMD Class IIa

Certificate ID: MHRA-2024-001 Valid until: March 2025

NHS DTAC Approval

Reference: DTAC-2024-047 Valid until: April 2025

Cyber Essentials Plus

Certificate ID: CEP-2024-789 Valid until: March 2025

ISO 13485

Certificate ID: ISO-13485-2024 Valid until: February 2027

Military-Grade Security with Comprehensive Compliance

Security Operations Center

Comprehensive Compliance Framework

Healthcare Compliance

MHRA Software as Medical Device (SaMD) Class IIa

NHS Digital Technology Assessment Criteria (DTAC)

ISO 13485 Quality Management System

Clinical Safety Management (DCB0129/DCB0160)

Educational Compliance

SASC Guidelines Compliance

Children and Families Act 2014

SEND Code of Practice

Equality Act 2010

Data Protection & Security

UK GDPR Compliance

Data Security and Protection Toolkit

Cyber Essentials Plus

SOC 2 Type II

Security Architecture

Network Security

DDoS Protection

Web Application Firewall

Network Segmentation

Content Delivery Network

Application Security

Zero Trust Architecture

Multi-Factor Authentication

Secure Code Development

Role-Based Access Control

Data Protection

Field-Level Encryption

Encrypted Databases

Data Masking

Secure Data Disposal

Monitoring & Response

24/7 Security Operations

Comprehensive Audit Logs

Incident Response

Threat Intelligence

Privacy by Design

Data Minimization

Consent Management

Data Retention

Individual Rights

Transparency

Security by Default

Audit & Monitoring

Comprehensive Audit Trails

What We Log

Audit Properties

Real-Time Security Monitoring

Threat Detection

Response Time

Coverage

False Positives

Compliance Reporting & Documentation

Available Reports

Clinical Safety Report

Security Assessment Report

Privacy Impact Assessment

Audit Compliance Report

Current Certifications

MHRA SaMD Class IIa

NHS DTAC Approval

Cyber Essentials Plus

ISO 13485

Trust in Complete Security & Compliance

Request Security Briefing

Request Compliance Documentation