The page covers the Digital Technology Assessment Criteria and what we at Ogma do to handle data securely. The DTAC is the national baseline criteria for digital health technologies entering and already used in the NHS and social care.To be DTAC compliant, all organisations must rigorously ensure they assess, manage, and mitigate clinical risks, including ensuring that clinical safety measures are in place and clinical risk management activities are implemented.
At Ogma we place clinical risk management at the heart of everything we do and constantly strive to improve our management of clinical risk, respond to emerging risks, and quickly and effectively enact mitigation policies. We’re fully compliant against the full suite of DTAC clinical risk criteria, detailed below.
You can find out more about the DTAC here.
For any questions or concerns about our regulatory compliance, please reach out to our team at info@ogmatherapy.com
The DTAC requires that products are assessed on clinical safety measures, ensuring that organisations undertake clinical risk management activities to manage any potential risk.
Named CSO
Organisations must have a Named Clinical Safety Officer (CSO). We couldn’t imagine a better CSO than our very own Angela Whiteley. With 20+ years as a NHS clinical speech and language therapist, as well as extensive experience implementing digital systems in the NHS as a Digital Health Lead and Programme Lead for Digital Community Strategy, Angela is perfectly placed to ensure Ogma continuously improves out clinical risk management systems to make sure the safety of the kids we serve is always paramount.
At Ogma, we make sure all of our products are assessed to ensure that data protection and privacy is ‘by design.' By doing so, we ensure the rights of all of our customers are protected.
Named DPO
Organisations must appoint a Named Data Protection Officer (DPO). We are proud to have guidance from our specialist Data Protection Officers at Mishcon de Reya. With their professional support helps us achieve end-to-end GDPR compliance at every stage of our business. ertise ensures that Ogma's data handling practices are robust, secure, and always aligned with the best interests of the children we serve.
Risk assessments and mitigations
Conducting thorough risk assessments and implementing effective mitigations is crucial to ensuring the safety and reliability of our digital systems. At Ogma, we prioritise comprehensive risk management processes, led by our dedicated team. Our approach includes identifying potential risks, evaluating their impact, and implementing mitigation strategies. We regularly update our risk assessments to reflect new threats and changes in our operating environment. By proactively managing risks, we safeguard the integrity of our systems and the safety of the children we serve. Our commitment to continuous improvement and rigorous testing ensures that we can swiftly address any vulnerabilities, maintaining a secure and reliable platform for our users.
Data Protection Impact Assessment (DPIA)
Ensuring GDPR compliance is paramount at Ogma. Our DPIA process involves conducting thorough DPIAs at key milestones for all data-intensive projects and processes. These include detailed reviews of our data processing activities to identify and mitigate privacy risks. By evaluating how personal data is collected, stored, and used, we ensure adherence to GDPR requirements. Through regular DPIAs, we demonstrate our commitment to transparency and the continuous improvement of our data protection measures, safeguarding the privacy and security of the children and families we serve.
Data is hosted and processed in the UK
By keeping and processing our data on UK soil, we adhere to strict data protection laws, providing an additional layer of security and assurance for the families we serve. This approach minimises risks associated with international data transfers and aligns with GDPR requirements. Hosting data locally also enhances our ability to monitor and protect sensitive information effectively.
At Ogma, we assess everything we make to ensure that they are secure and stable.
External Pentetration Testing
At Ogma, we prioritise the security of our digital systems by conducting comprehensive external penetration tests. These tests are designed to identify and address vulnerabilities, focusing on the OWASP (or Open Web Application Security Project) Top 10 vulnerabilities. Our rigorous testing process ensures that there are no vulnerabilities with a severity score of 7.0 or above. By engaging independent security experts to perform these tests, we confirm the robustness of our security measures and proactively mitigate potential threats.
Internal or an external custom code security review
To ensure our applications are robust and secure, we conduct thorough security reviews, both internally and externally. Our internal reviews involve our skilled development team performing detailed code analysis to identify and address potential vulnerabilities. Additionally, we engage external security experts to perform custom code security reviews, providing an unbiased assessment of our codebase. This dual approach ensures that any security issues are promptly identified and mitigated, maintaining the integrity and safety of our applications
Multi Factor authentication
At Ogma, we keep all our systems secure by implement Multi-Factor Authentication (MFA) across our software stack. MFA adds an extra layer of protection by requiring users to provide two or more verification factors to access their accounts (for example, a text message to your phone). This typically involves something they know (a password), something they have (a smartphone or hardware token), and something they are (biometric verification). By leveraging MFA, we significantly reduce the risk of unauthorised access, even if passwords are compromised.
Ensuring Logging and auditing access
Our logging mechanisms meticulously record every user action, including login attempts, data access, and changes made to the system. These audit trails are crucial for monitoring user behavior, detecting potential security incidents, and conducting thorough investigations when necessary. By maintaining detailed logs, we can quickly identify and respond to suspicious activities, ensuring the integrity and security of our systems.
Load Testing
How does a tech company guarantee that its services remain stable and efficient, even during periods of high demand? You load test it. At Ogma, we ensure the reliability and performance of our digital systems through rigorous load testing. This process involves simulating high volumes of traffic and usage to evaluate how our applications perform under stress. By conducting comprehensive load tests, we identify potential bottlenecks, performance issues, and capacity limits. This proactive approach allows us to optimize our systems, ensuring they can handle peak loads without compromising functionality or user experience.
To make sure all of our services are accessible for our users, we carry out robust usability and accessibility procedures. For DTAC, products are allocated a conformity rating having been benchmarked against good practice and the NHS service standard.
Takes user needs into account
We prioritise the needs of our users by placing them at the center of our design and development processes. Our approach involves comprehensive user research, including interviews, surveys, and usability testing, to understand the unique requirements and preferences of the children, families, and therapists we serve. We gather feedback directly from users to inform our design decisions, ensuring that our digital solutions are intuitive, user-friendly, and accessible.
All key user journeys mapped
At Ogma, we meticulously map all key user journeys to ensure a seamless and intuitive experience for our users. This process involves identifying and detailing each step a user takes to achieve their goals within our digital platform, from initial interaction to task completion. By thoroughly understanding these journeys, we can identify potential pain points and optimise the user flow to make it as smooth and efficient as possible.
User acceptance testing to validate usability
At Ogma, we validate the usability of our digital solutions through rigorous User Acceptance Testing (UAT). This process involves real users testing our applications to ensure they meet their needs and expectations. By engaging end-users in the testing phase, we can gather valuable feedback on the functionality, ease of use, and overall user experience. Any identified issues or areas for improvement are addressed promptly to enhance the final product. UAT ensures that our solutions are not only technically sound but also user-friendly and accessible,
Ensuring accessibility for our users
At Ogma, we are committed to making our digital platforms accessible to all users. This means that we strive to make our applications usable by people with a wide range of disabilities, including visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities.
Uses agile ways of working
Agile ways of working involve iterative development, continuous feedback, and adaptive planning, allowing us to respond swiftly to changing user needs and technological advancements. At Ogma, Our cross-functional teams collaborate closely, prioritising tasks based on user value and incorporating regular feedback cycles to refine our products continuously.
If you'd like to learn more about how we work to keep you and your data safe, please reach out to our team at info@ogmatherapy.com.