Compliance and security

Independent certifications, annual penetration testing, and a documented policy framework. Trusted by NHS organisations, universities, and medical schools across the UK and internationally.

Request our security pack

Certifications and standards

Independently assessed credentials that confirm our security, accessibility, and data protection posture.

GDPR

Fully compliant with the UK GDPR and Data Protection Act 2018. We act as a data processor under a Data Processing Agreement available to every customer.

Privacy policy Data processing agreement

Cyber Essentials

Geeky Medics Ltd holds Cyber Essentials certification, independently assessed by IASME against the UK Government's required cyber-security baseline.

View certificate

Annual penetration testing

SimChat is penetration tested every year by an independent third-party security firm. Findings are tracked, prioritised, and remediated through our vulnerability management process.

Request executive summary

WCAG 2.1 AA accessibility

Built to meet WCAG 2.1 Level AA: semantic HTML, keyboard navigation, screen-reader support, sufficient colour contrast, and visible focus states across the platform.

Procurement and due diligence

SimChat has successfully been through formal NHS procurement and full institutional security audits at universities and medical schools across the UK and internationally. We are familiar with the questionnaires, evidence packs, and information governance reviews these processes rely on.

Our security pack covers our policy framework, penetration test summary, sub-processor list, data flow diagrams, and answers to common security questionnaires. Available on request under NDA.

Request security pack

Identity and access for institutional rollouts

Enterprise customers can plug SimChat into their existing identity stack, so account provisioning and deprovisioning follow the same controls as the rest of the IT estate.

SAML 2.0 and OIDC SSO

Tested with Okta, Microsoft Entra ID, Google Workspace, and PingFederate. Any standards-based identity provider is supported.

Just-in-time provisioning

Accounts are created on first successful login, and roles can be driven by attributes from your identity provider rather than managed by hand.

Role-based access and 2FA

Granular roles for administrators, authors, and learners, plus per-organisation enforcement options including required SSO and two-factor authentication.

LMS integration (LTI 1.3)

Launch learners directly from your LMS into a specific scenario, with the same just-in-time provisioning. Works with any LTI 1.3-compliant platform such as Canvas, Moodle, Blackboard, or Brightspace.

Security and governance programme

Documented policies and processes, reviewed annually.

Information security

  • Security policy and risk register
  • Vulnerability scanning
  • Patch and change management
  • Incident response plan

Operational resilience

  • Business continuity and DR plan
  • Encrypted, geo-separate backups
  • Secure software development lifecycle
  • Vendor risk assessments

AI governance

  • AI governance policy
  • No customer data used for training
  • Documented sub-processors
  • Human oversight requirements

People and training

  • Annual security awareness training
  • HR security policy
  • Acceptable use and remote access
  • Background checks and NDAs

Ready to see SimChat?

Create a free account in under two minutes, or book a 30-minute demo with our team

Try for free Book a demo