Skip to content
English - United Kingdom
Contact us
  • There are no suggestions because the search field is empty.

Is QuantumLoopAI Secure?

Our security standards, certifications, and clinical governance framework

Yes. Security, privacy, and clinical safety are built into everything QuantumLoopAI creates. Every system meets NHS standards by design, not by chance.

Medical Device Registration

QuantumLoopAI is registered as a Class I medical device with the MHRA, and is actively advancing toward Class IIa certification to further strengthen clinical safety and assurance. 

DTAC Certification

QuantumLoopAI is fully DTAC compliant, meeting NHS standards across clinical safety, data protection, cybersecurity, and interoperability. This provides full digital assurance for NHS partners and practices.

DSPT Certification

QuantumLoopAI is fully compliant with the NHS Data Security and Protection Toolkit (DSPT), confirming that our data governance meets NHS England's standards for secure, transparent, and responsible information handling.

Cyber Essentials Plus

QuantumLoopAI holds Cyber Essentials and Cyber Essentials Plus certification, independently verified by government-approved assessors to confirm our defences against cyber threats across every NHS deployment.

CREST Penetration Testing

Our infrastructure is tested annually by independent CREST-accredited security specialists. Testing is also conducted after every major release, ensuring continuous resilience and proactive defence against evolving threats.

End-to-End Encryption

All data is protected using TLS 1.2+ and AES-256-bit encryption in transit and at rest. This is the same level of security trusted by global financial institutions and defence systems.

UK GDPR and DPIA

QuantumLoopAI is fully UK GDPR compliant, supported by detailed Data Protection Impact Assessments and a rigorous internal governance framework. Every deployment includes a completed DPIA, ensuring compliance and streamlined approval for NHS information governance teams.

Data Sovereignty

All patient data is securely hosted within UK jurisdiction and never leaves England. Data is never shared, sold, or stored outside the NHS environment. Every byte stays within the UK, under NHS-approved infrastructure, and under full clinical safety oversight.

SOC 2 and Cloud Infrastructure

All services operate on SOC 2-compliant infrastructure hosted within Microsoft Azure's NHS-approved UK cloud, ensuring strict privacy, integrity, and reliability controls verified by independent assessors.

Failover and Reliability

EMMA maintains Tier 1 telecoms redundancy and instant failover routing. In the event of any system downtime, calls are automatically re-routed to your existing phone system within seconds. This built-in failover ensures no disruption to patient access or continuity of care.

Zero-Trust Security Model

QuantumLoopAI employs a Zero-Trust architecture. Every interaction is verified before access is granted. Immutable, tamper-proof audit logs are maintained for all access and data events.

Audit Trail and Transparency

Every patient call is logged, recorded, and auditable, with transcripts, summaries, and timestamps. Surgeries can review these records at any time for internal governance, CQC compliance, or clinical safety audits.

Continuous Assurance

Every release is clinically reviewed under NHS clinical safety standards DCB0129 and DCB0160, ensuring continuous safety validation and compliance with NHS clinical governance standards throughout the product lifecycle.

Clinical Governance and Oversight

A dedicated Clinical Safety Officer oversees all deployments. QuantumLoopAI maintains a full Clinical Safety Hazard Log with formal clinical sign-off and robust documentation aligned with NHS DCB0129 risk management protocols.

Our Advisory Board is chaired by Sir David Sloman, former Chief Operating Officer of NHS England.

"This is incredibly impactful and pioneering technology that can make a real difference to the lives of staff and patients across the NHS. It directly improves patient access, reduces pressure on staff, and delivers real efficiencies for the system."

Sir David Sloman, QuantumLoopAI Advisory Board, former COO of NHS England

AI Governance Leadership

Our Clinical Safety Officer contributes directly to NHS England's AI governance frameworks, helping define national standards for safe and ethical AI in healthcare.

NHS Integration Standards

QuantumLoopAI connects securely with NHS systems via IM1, GP Connect, and FHIR, ensuring consistent and safe data exchange across NHS primary care infrastructure.

ISO Alignment

QuantumLoopAI is fully aligned with ISO 37001 (Anti-Bribery Management Systems) and ISO 13485 (Medical Device Quality Management Systems), with active progression toward formal certification in both standards.

Crown Commercial Service

QuantumLoopAI is listed on the Crown Commercial Service RM6200 AI and Automation Framework, enabling ICBs, federations, and NHS providers to procure directly and compliantly.

In-House Security and Engineering

QuantumLoopAI maintains a dedicated in-house engineering and clinical safety team. The team continuously monitors, tests, and enhances system performance to ensure consistent safety and compliance across all deployments.

What Assurance Documentation Is Available?

QuantumLoopAI provides NHS partners with all required documentation on request, including:

  • DTAC and DSPT certificates
  • DPIA templates
  • DCB0129 Clinical Safety Case Report
  • Cyber Essentials Plus verification

To request documentation or ask compliance questions, visit quantumloopai.com/compliance-security or contact the team through the website.