Built for trust and accountability

OLAS meets the highest standards for clinical safety, data protection, and NHS governance.

Healthcare systems require watertight security and compliance. OLAS is designed from the ground up to meet DCB0129 clinical safety standards, GDPR requirements, and NHS Information Governance guidelines. Every design decision prioritizes patient safety, data protection, and operational accountability.

Standards & compliance

🛡️

DCB0129 Clinical Safety

OLAS is developed in alignment with DCB0129 (now DTAC) clinical risk management standards, ensuring hazards are identified, assessed, and mitigated throughout the development lifecycle.

Clinical safety case documentation
Hazard log and risk assessment
Safety oversight by qualified clinical safety officers
Incident management and post-deployment monitoring

🔐

GDPR & Data Protection

Patient data is handled with the utmost care. OLAS implements comprehensive data protection controls to ensure compliance with GDPR and UK data protection legislation.

Data minimization and purpose limitation
Encryption at rest and in transit (TLS 1.3, AES-256)
Role-based access controls and consent management
Right to access, rectification, and erasure support

✅

NHS IG Toolkit

OLAS is designed to support NHS Information Governance requirements, with processes and technical controls aligned to NHS IG Toolkit standards.

Staff training and competence requirements
Information governance policies and procedures
Secure data sharing agreements
Annual IG compliance assessment support

🔍

Audit & Accountability

Every significant action in OLAS is logged with full audit trails, supporting accountability, incident investigation, and compliance reporting.

Comprehensive audit logs for all patient record access
Break-glass access with mandatory reason capture
Tamper-proof logging for regulatory compliance
Access reporting for IG assurance and investigations

Technical security measures

🔒

Encryption everywhere

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed through Azure Key Vault with strict access controls.

👤

Identity & access management

Multi-factor authentication, role-based access controls, and integration with NHS Identity via Azure Active Directory ensure only authorized users can access patient data.

⚡

Break-glass emergency access

In genuine clinical emergencies, authorized clinicians can request break-glass access with mandatory reason capture and full audit trail—balancing safety with accountability.

📊

Infrastructure resilience

Hosted on Microsoft Azure UK regions with 99.9% uptime SLA, automated backups, disaster recovery procedures, and continuous security monitoring.

🚨

Clinical red flag alerts

Automated detection of concerning vital signs (high BP), missed check-ins, and reported side effects—ensuring clinicians are alerted to safety-critical events.

🔄

Business continuity

Regular data backups, tested disaster recovery procedures, and redundant infrastructure ensure service continuity even in the event of incidents.

Governance & oversight

OLAS operates with robust governance structures to ensure ongoing compliance, safety, and continuous improvement.

Clinical Safety Officers Qualified CSOs oversee safety case, hazard management, and incident reporting in line with DCB0129 requirements.

Data Protection Officer DPO oversight ensures GDPR compliance, data subject rights fulfillment, and privacy by design principles.

Regular penetration testing Annual third-party penetration tests and vulnerability assessments identify and remediate security risks.

Incident response procedures Documented incident response processes ensure rapid detection, containment, and reporting of security or safety incidents.

Questions about security or compliance?

We're happy to discuss our secontact.htmle compliance documentation, or arrange technical deep-dives.