00

Standards.

The standards posture every NHS buyer asks about, on one page.

DTAC (Digital Technology Assessment Criteria)

Nexin's DTAC return uses the post-April-2026 form. The DTAC pack is maintained quarterly and made available to buyers via the Investor & Project Disclosure page.

DCB0129 / DCB0160

DCB0129 manufacturer's safety case and DCB0160 deployment guidance are signed off by a named Clinical Safety Officer. The safety case file is shared via the Disclosure page.

DSPT

Data Security & Protection Toolkit standards met for our hosting and access controls.

ISO/IEC 27001 & Cyber Essentials

ISO 27001-aligned data centres. Cyber Essentials Plus certification is in flight.

GDPR & UK GDPR

GDPR compliant. PII encrypted at rest and in transit. DPIA template available; we will work with your DPO during deployment.

MDR exemption

Nexin sits outside MDR 2017/745 scope as clinical-adjacent software, and is not a regulated medical-device product. Reviewed quarterly; this position is not assumed permanent.

Procurement

Nexin's intended procurement route is the NHSE Framework for Locally Delivered Workforce Systems (FT 008497-2025), with G-Cloud 14 as a fallback for individual trusts.