Skip to main content
Please wait...

Website Governance and Information Assurance


Clinical Audit Compass Ltd (SC871235)
Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP
privacy@clinicalauditcompass.co.uk
ICO Registration: ZC067899
Version: 1.2
Effective date: June 2026  |  Review date: April 2027

This document supports Clinical Audit Compass Ltd's approach to information governance, data protection, and cyber security for institutional audiences. It is intended for healthcare organisations, universities, ambulance services, and other partners conducting due diligence or procurement review.


1. Overview
Clinical Audit Compass Ltd is committed to operating as a secure, compliant, and transparent digital platform for healthcare professionals and students. This page summarises the key governance, legal, and policy documents that support our service. Full documents are linked or available on request.


2. Core Legal Documents
The following policies are available on our website and referenced within the app:
•    Terms and Conditions v1.4
•    Privacy Policy v1.4
•    Cookie and Device Identifier Policy v1.4


3. Ethics, Accessibility, and Responsibility
•    Accessibility Statement v1.1
•    Equality, Diversity and Inclusion Statement v1.1
•    Modern Slavery Statement v1.1
•    Environmental and Sustainability Statement v1.1


4. Data Protection and Security
We process personal data in line with UK GDPR and the Data Protection Act 2018. Key measures include:
•    Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
•    Dedicated UK-based server infrastructure (London) managed by Dotsquares Ltd
•    No storage or use of patient-identifiable information, enforced by mandatory per-log confirmation before submission
•    Optional Enhanced Anonymisation to further reduce contextual detail on export for sensitive entries
•    Role-based access control and least-privilege permissions
•    Registered with the Information Commissioner's Office (ICO)
•    Named Clinical Safety Officer and Data Protection Lead
•    Regular review of security and privacy controls


5. Clinical Safety
Clinical Audit Compass Ltd maintains a clinical risk management framework aligned with DCB0129 (Clinical Risk Management: its Application in the Manufacture of Health IT Systems). This includes a named Clinical Safety Officer, Clinical Safety Case Report, standalone Hazard Log, and documented risk management processes.


6. Internal Governance Framework
For organisations such as NHS Trusts, universities, and ambulance services, we maintain a full internal governance pack including:
•    Clinical Risk Management System (CRMS) v1.0
•    Clinical Risk Management Plan (CRMP) v1.0
•    Clinical Safety Case Report (CSCR) v1.5
•    Hazard Log v1.1
•    Data Protection Impact Assessment (DPIA) v1.4
•    Data Processing Agreement (DPA) v1.2
•    Information Security Policy v1.1
•    Data Retention and Deletion Policy v1.1
•    Incident Response Plan v1.2
•    Business Continuity and Disaster Recovery Plan v1.1
•    Acceptable Use Policy v1.1
•    Access Control Matrix v1.1
•    Information Asset Register v1.2
•    Supplier Risk Assessment v1.1
•    Service Level Agreement v1.0
•    ISMS Scope Statement v1.1
•    Internal Audit Framework v1.1
•    Management Review Template v1.1
These documents are available for review under appropriate confidentiality as part of due diligence or procurement.


7. Certification Roadmap
•    Cyber Essentials certification: achieved April 2026
•    Penetration testing: planned 2026
•    ISO 27001 certification: planned Year 2
•    DTAC assessment: substantially compliant; maintained as the platform evolves


8. How to Request Documentation
Organisations wishing to review our governance and security documents can contact us at privacy@clinicalauditcompass.co.uk. We provide relevant policies and respond to security or compliance questionnaires on request.


9. Status
This governance framework is active and reviewed regularly as the platform evolves. Updated versions of public policies are published on the website as they are revised. Last reviewed: June 2026.
 

Approved by:
Name: Nathan Thomson
Role: Clinical Safety Officer / Founder & Director
Date: June 2026

Clinical Audit Compass Ltd (SC871235)
Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP
privacy@clinicalauditcompass.co.uk  |  ICO Registration: ZC067899

Full documentation (DPIA, CSCR, DPA, SLA) available on request.