Security & Compliance – RadAssist AI

All infrastructure hosted exclusively in Microsoft Azure UK regions to ensure data sovereignty and compliance with UK data protection requirements.

TLS 1.2+ encryption for all data in transit, ensuring secure communication between all system components.

All stored data encrypted using industry-standard AES-256 encryption with Azure-managed keys.

Single Sign-On (SSO) with Multi-Factor Authentication (MFA) for all user access.

Risk-based access controls and device compliance requirements for enhanced security.

Role-based access control (RBAC) ensuring users have only the minimum permissions required for their role.

Just-In-Time (JIT) access for administrative functions with approval workflows and time-limited access.

Advanced threat protection and real-time security monitoring across all cloud resources.

Comprehensive audit trails and security event logging with automated alerting for suspicious activities.

Azure WAF protection against common web vulnerabilities and application-layer attacks.

Implementation of CIS benchmarks and security baselines across all infrastructure components.

All system changes are version-controlled and tracked through our development lifecycle management system.

Multi-stage review process with security and compliance validation before any production deployment.

Automated rollback procedures to quickly revert changes if issues are detected post-deployment.

Automated daily backups with geo-redundant storage across multiple Azure UK regions.

Regular testing of backup integrity and restore procedures to ensure business continuity capabilities.

All data processing and storage occurs within UK borders by default, ensuring compliance with UK data sovereignty requirements.

No data transfers outside the UK without explicit contractual agreements and appropriate safeguards in place.

Company No: 16769710 • ICO: ZC024151 • ODS: G3A4H.

For assurance documents (DSPT statement, policies), email privacy@radassistai.com.

Registered in England & Wales — view our Companies House listing (Company No: 16769710).

Data Security and Protection Toolkit assessment in progress for 2025–26 compliance period.

Digital Technology Assessment Criteria (DTAC) and DCB 0129/0160 compliance planned and will be completed before any live patient data processing.

DPO contact details and responsibilities will be published on this page prior to any live patient data processing.

Caldicott Guardian information and governance framework will be published here before live deployment.

Please report security vulnerabilities to security@radassistai.com

Detailed steps to reproduce the issue, potential impact assessment, and any supporting evidence or proof-of-concept.

Do not test security vulnerabilities against live NHS systems. Use only designated testing environments or contact us for coordinated disclosure.