Close up partially opened MacBook

Clinical and Information Governance

Keeping patients safe is our priority.

Clinical safety

Clinical safety is a set of assurance processes which protect care professionals and patients/citizens by ensuring that software developed for use in health and social care settings is safe and has met mandatory clinical safety standards.

Clinical safety standards.

As a manufacturer of healthcare software, Aire Logic views clinical safety as an essential part of our software development process. We comply with DCB 0129 and support our customer base in the application of DCB 0160.

Clinical safety group.

Our two appointed Clinical Safety Officers lead our multidisciplinary Clinical Safety Group to ensure we are working safely and complying with industry standards. Contact for further information.

Information governance

Our Information Governance team manages our technical, strategic and information governance activities across Aire Logic.

GDPR and data protection.

Aire Logic are fully compliant with UK GDPR. We have technological and physical safeguards in place to ensure all the data we handle is kept safe and secure at all times. We have extensive experience acting as a data processor on behalf of health and care organisations, and the management of personal and special category data.


Aire Logic have extensive experience of working with our customers to complete Data Protection Impact Assessments (DPIA) and the Digital Technology Assessment Criteria (DTAC). We understand that the Clinical and Information Governance process is essential in any project implementation to protect staff and ensure patient safety.


GDS National Data Guardian logo
NHS Digital DPS logo
ISO 9001 certification logo
ISO 27001 certification logo
Information Commissioner's Office
Cyber Essentials Plus logo
European Union Council of Europe General Data Protection Regulation European Commission logo

Data security

We ensure patient/citizen data is secure whenever it is processed by our products. This is facilitated by responsible use of encryption both at transit and at rest. Where possible we avoid storing sensitive data, often acting as a middleman between patients and the destination healthcare system. In cases where we need to hold data we use encryption at rest, and all web traffic uses SSL encryption.

Role based access control.

We introduce extensive role based access control (RBAC) and auditing processes within our products, allowing our customers to not only control who has access to sensitive data, but also view a trail of access for accountability purposes.

Pen testing.

We commission regular externally assessed penetration and load testing of our products, to ensure that systems are secure and resilient enough to ensure availability of data when it is required.

SaaS development.

When developing applications and services, we use up-to-date technologies, and actively maintain all our product components to ensure that library and framework usage is kept up to date. Underlying hosting infrastructure is also regularly maintained to ensure that it is kept up to date, resilient and performant.