Compliance and security

Independent certifications, annual penetration testing, and a documented policy framework. Trusted by NHS organisations, universities, and medical schools across the UK and internationally.

Request our security pack

Certifications and standards

Independently assessed credentials that confirm our security, accessibility, and data protection posture.

GDPR

Fully compliant with the UK GDPR and Data Protection Act 2018. We act as a data processor under a Data Processing Agreement available to every customer.

Privacy policy Data processing agreement

Cyber Essentials

Geeky Medics Ltd holds Cyber Essentials certification, independently assessed by IASME against the UK Government's required cyber-security baseline.

View certificate

Annual penetration testing

SimChat is penetration tested every year by an independent third-party security firm. Findings are tracked, prioritised, and remediated through our vulnerability management process.

Request executive summary

WCAG 2.1 AA accessibility

Built to meet WCAG 2.1 Level AA: semantic HTML, keyboard navigation, screen-reader support, sufficient colour contrast, and visible focus states across the platform.

Procurement and due diligence

SimChat has successfully been through formal NHS procurement and full institutional security audits at universities and medical schools across the UK and internationally. We are familiar with the questionnaires, evidence packs, and information governance reviews these processes rely on.

Our security pack covers our policy framework, penetration test summary, sub-processor list, data flow diagrams, and answers to common security questionnaires. Available on request under NDA.

Request security pack

Security and governance programme

Documented policies and processes, reviewed annually.

Information security

  • Security policy and risk register
  • Vulnerability scanning
  • Patch and change management
  • Incident response plan

Operational resilience

  • Business continuity and DR plan
  • Encrypted, geo-separate backups
  • Secure software development lifecycle
  • Vendor risk assessments

AI governance

  • AI governance policy
  • No customer data used for training
  • Documented sub-processors
  • Human oversight requirements

People and training

  • Annual security awareness training
  • HR security policy
  • Acceptable use and remote access
  • Background checks and NDAs

Ready to see SimChat?

Create a free account in under two minutes, or book a 30-minute demo with our team

Try for free Book a demo