Trust & Compliance
Clinical safety, documented and defensible
Safety cases and hazard logs that satisfy DCB0129 and DCB0160 — produced efficiently, reviewed properly.
The safety process
From hazard to assurance
- Scope & intended useDefine the clinical claim and where the product is used.
- Hazard identificationWorkshop hazards, causes and clinical consequences.
- Risk evaluation & controlsSeverity, likelihood and mitigations, captured in the hazard log.
- Safety caseA clear argument and evidence that residual risk is acceptable.
- Review & maintenanceUpdate on change, with a scheduled review cadence.
Scope. We support and quality-assure your clinical safety process; the accountable Clinical Safety Officer role and final sign-off remain within your organisation.
Manufacturer and deployer
Two standards, one continuous chain of safety
Clinical safety for health IT in England rests on two complementary standards. DCB0129 places obligations on the manufacturer of a system: identify the clinical hazards introduced by the product, control them, and assemble a clinical safety case report and hazard log that justify why the residual risk is acceptable. DCB0160 places parallel obligations on the deploying healthcare organisation: take the manufacturer's evidence, add the hazards that arise from local configuration, integration and clinical workflow, and maintain its own clinical risk-management file. Neither standard is sufficient alone — a well-built product can still cause harm if it is deployed into the wrong workflow, and a careful deployment cannot rescue a fundamentally unsafe product.
We work either side of that line. For innovators we help build the manufacturer evidence under DCB0129; for provider organisations we help structure the local risk file under DCB0160. Crucially, we make the handover between them coherent, so the assumptions a manufacturer made about safe use are explicitly tested against how the deploying team will actually use the system.
Why it matters to buyers. NHS procurement increasingly expects to see both sides of this chain. A manufacturer safety case with no thought for deployment, or a deployment with no manufacturer evidence behind it, is a recognisable gap that stalls purchases.
What we deliver
Artefacts that withstand scrutiny
- A clinical safety case report with a clear, evidenced acceptability argument
- A maintained hazard log linking each hazard to its cause, consequence and control
- Clinical Safety Officer mentoring and support, with accountability held in your organisation
- For AI products, hazard analysis covering incorrect, biased, drifting and overconfident outputs
- A defined review cadence and change-triggered re-assessment process
- Documentation structured for DTAC and NHS procurement scrutiny
Clinical safety is one strand of a wider assurance picture. It interlocks with AI governance and human oversight for live monitoring, with data protection and security where the system handles patient data, and with our AI validation and clinical safety service. For a plain-English comparison of the standards, see DCB0129 vs DCB0160 and what is a clinical safety case.
Answers
Frequently asked questions
What artefacts does clinical safety require?
Under DCB0129 a manufacturer produces a clinical safety case report and a hazard log, owned by a named Clinical Safety Officer. Under DCB0160 the deploying organisation maintains its own clinical risk management file for local use.
Can you act as our Clinical Safety Officer?
We can support and mentor your CSO function and help produce the artefacts; the accountable CSO role sits within your organisation. We make the process efficient and audit-ready.
How often should safety documentation be reviewed?
At defined milestones and whenever the product, intended use or deployment context changes materially — with a scheduled periodic review in between.
What is the difference between DCB0129 and DCB0160?
DCB0129 is the clinical risk-management standard for the manufacturer of a health IT system, producing a clinical safety case report and hazard log for the product as built. DCB0160 is the standard for the organisation deploying that system, producing a local clinical risk-management file that accounts for how it is actually used in their setting. The two are complementary: a safe product can still be deployed unsafely, so both perspectives are needed.
What exactly is a clinical safety case?
It is a structured, evidenced argument that the residual clinical risk of a system is acceptable for its intended use. It draws on the hazard log, the controls applied and the testing performed to reach a clear, defensible conclusion that an accountable Clinical Safety Officer can sign. It is a living document, not a one-off certificate.
Does clinical safety apply to AI-based products?
Yes, and often with greater force. AI systems can behave unpredictably as data shifts, so hazards around incorrect, biased or overconfident outputs must be identified, controlled and monitored. We integrate clinical-safety thinking with AI-specific risk so the safety case reflects how the model actually behaves over time, not just at launch.
Talk to a clinical safety lead
Bring your product and we'll scope the safety artefacts you need.