|Trust Centre
As a digital health company developing software as a medical device (SaMD), Tesu Health designs and operates regulated products in accordance with recognised standards for information security, privacy, clinical safety and quality management. Our assurance programme reflects a risk-based, security-by-design approach across the full product lifecycle.
Frequently Asked Questions
Company and regulatory context
Tesu Health develops regulated digital health products classified as software as a medical device (SaMD), designed for use in healthcare settings and subject to applicable UK and international regulatory requirements.
Tesu Health acts as a data controller for its direct-to-consumer products and as a data processor or joint controller where products are deployed on behalf of healthcare organisations, depending on the deployment model.
Information security and assurance
Tesu Health operates an information security management system aligned with ISO/IEC 27001 and UK Cyber Essentials, supported by formal risk management, access control, incident response, and supplier assurance processes.
Details of ISO 27001 certification status, scope, and evidence are available within this Trust Centre.
Yes. Tesu Health aligns with the NHS Data Security and Protection Toolkit (DSPT), demonstrating compliance with the National Data Guardian’s data security standards.
Data protection and privacy (GDPR)
Tesu Health operates a structured data protection framework covering lawful basis, data minimisation, transparency, data subject rights, breach management, and DPIAs, proportionate to the processing of health data.
Tesu Health maintains documented processes to support data subject rights, including access, rectification, erasure, restriction, and objection, with defined timelines, verification steps, and escalation procedures.
Medical device and clinical safety
Yes. Tesu Health’s SaMD products are developed and maintained in accordance with the UK Medical Devices Regulations (UK MDR), including applicable post-market surveillance and risk management requirements.
Tesu Health applies clinical safety and risk management processes aligned with relevant standards, including hazard identification, risk control, and ongoing monitoring.
Yes. Tesu Health applies DCB0129 clinical risk management requirements for health IT systems, including clinical safety case documentation and named clinical safety officers where applicable.
NHS and market access frameworks
Tesu Health aligns with the NHS Digital Technology Assessment Criteria (DTAC), covering clinical safety, data protection, technical security, interoperability, and usability.
Yes. Relevant policies, certifications, and assurance artefacts are available through this Trust Centre or can be shared under NDA where required.
Operational and governance controls
Tesu Health operates a supplier assurance process including risk classification, contractual controls, and ongoing review of critical suppliers.
Tesu Health maintains formal incident response and breach management procedures, including escalation, investigation, notification, and post-incident review.
Trust centre usage
This Trust Centre is maintained as a live resource and updated following material changes to Tesu Health’s assurance posture, certifications, or regulatory status.
Contact details for security, privacy, and assurance enquiries are provided within this Trust Centre.