Trust, Governance & Compliance

Clinical Audit Compass Ltd (SC871235)
Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP
privacy@clinicalauditcompass.co.uk
ICO Registration: ZC067899

Last updated: April 2026

Clinical Audit Compass is a regulated healthtech platform built for UK healthcare professionals. This page outlines our governance framework, compliance certifications, clinical safety approach, and data protection commitments.

1. Company & Regulatory Identity

Registered name: Clinical Audit Compass Ltd
Company number: SC871235 (Scotland)
Registered address: Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP
ICO registration: ZC067899
Trademark: UK00004313891 — Clinical Audit Compass name and logo

Data Protection Lead: privacy@clinicalauditcompass.co.uk
Clinical Safety Officer: Nathan Thomson — Advanced Paramedic Practitioner (HCPC registered)

2. Certifications & Compliance Status

- Cyber Essentials Certified (April 2026)
- DCB0129 Compliant (clinical safety documentation complete)
- ICO Registered (ZC067899)
- DTAC approximately 90% complete
- UK GDPR Compliant (DPIA and DPA in place)
- NHS DSP Toolkit planned

3. Clinical Safety Framework

Developed in accordance with NHS Digital DCB0129 Clinical Risk Management Standard.

Includes:
- Clinical Safety Case Report (CSCR)
- Hazard Log
- Incident Response Plan (IRP)
- Clinical Risk Management System (CRMS)
- Clinical Risk Management Plan (CRMP)

Clinical Safety Officer: Nathan Thomson (HCPC registered)

The platform is not a medical device and does not provide clinical decision support.

4. Data Protection & Privacy

Clinical Audit Compass Ltd is the Data Controller under UK GDPR and the Data Protection Act 2018.

Data collected:
- Account information (name, email, profession, workplace)
- Clinical logs (anonymised, no patient-identifiable data)
- CPD records and reflections
- Analytics (Firebase)
- Subscription metadata (no card details stored)

We do not collect patient-identifiable data or use data for advertising.

Sub-processors:
- Dotsquares Ltd (UK hosting)
- Firebase (Google LLC)
- Stripe / Apple / Google (payment processors)

5. Security Measures

- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- UK-based hosting with role-based access control
- Multi-factor authentication for admin access
- Cyber Essentials certification
- No patient-identifiable data permitted
- Crash monitoring via Firebase
- Penetration testing planned

6. Platform Description & Scope

Clinical Audit Compass is a cross-profession SaaS platform supporting:

- Clinical activity logging
- CPD recording
- Reflective practice
- Audit cycles
- Governance-aligned portfolio export

Supports multiple UK regulators including:
HCPC, NMC, GMC, GDC, GPhC, GOC, GOsC, GCC, AHCS

Not a medical device. Not for clinical decision support.

7. Contact & Further Information

Clinical Audit Compass Ltd
Clyde Offices, 2nd Floor, 48 West George Street, Glasgow, G2 1BP
privacy@clinicalauditcompass.co.uk

Full documentation (DPIA, CSCR, DPA, SLA) available on request.