Skip to main content
Safety & Governance

Trust is earned,
not claimed.

We work in the most sensitive data environments in UK healthcare. Our products inform board decisions, clinical governance, and workforce planning across the NHS. That responsibility shapes everything we build and how we operate.

01

Clinical safety.

Our analytics inform decisions that shape how services are configured, how resources are allocated, and how boards govern. Those decisions affect patients, staff, and communities. We treat that with the seriousness it deserves.

Every Strasys product is reviewed by our clinical leadership team before deployment. Potential risks are identified and mitigated. Our team includes former NHS Medical Directors who understand what governance looks like from the inside, not just the outside.

No Strasys product makes decisions. Our analytics inform leadership judgement. The board always decides. If an issue arises with any Strasys product, our clinical governance lead is contactable directly. Incidents are investigated, documented, and resolved.

What this means for your trust

Products are clinically reviewed before they enter your environment, even though our tools operate at the management layer, not the clinical pathway

Clinical oversight is provided by team members with NHS Medical Director and clinical governance experience

No Strasys product makes autonomous decisions. Our analytics inform leadership judgement. The board always decides

Internal clinical risk reviews and hazard assessments are conducted for every product and available for trust review on request

02

Data governance.

All data processed by Strasys is hosted on sovereign UK infrastructure. We do not transfer NHS data offshore, and we do not use patient data for any purpose beyond the scope agreed with each partner trust.

We operate under the NHS Data Security and Protection Toolkit (DSPT) standards. Formal data processing agreements are in place with every NHS partner before any data is accessed. Patient-level data is never extracted from trust environments. Our analytics products work on aggregated, anonymised datasets within secure NHS-approved infrastructure.

When an engagement ends, trust data is returned or securely destroyed in accordance with agreed retention schedules. We do not retain proprietary trust data beyond the engagement without explicit written agreement.

Standards we meet

Sovereign UK data hosting

No offshore data transfer. All processing on UK infrastructure.

IG Toolkit / DSPT compliant

Annual NHS Data Security and Protection Toolkit submission.

Anonymisation by default

Patient-level data stays inside trust environments. We work on aggregated, anonymised datasets.

Formal data processing agreements

In place with every NHS partner before any data is accessed.

03

Responsible AI.

AI in healthcare carries real consequences. We are deliberate about where and how we use it. Our position is simple: AI should make leaders more confident in their decisions, not make the decisions for them.

Human in the loop. Always.

Every AI-generated insight produced by SIA (Strasys Intelligence Agent) or MIA (Maternity Intelligence Agent) is designed to be reviewed by a human before it informs a decision. AI outputs are recommendations, not instructions. The clinician or board member always has the final say.

Explainable and auditable.

If a Strasys product surfaces a finding, the reasoning behind it must be visible. We do not operate black-box models in clinical or governance contexts. Every output can be traced back to its data source, methodology, and assumptions. If a board asks "why does it say that?", there is always an answer.

Bias and fairness.

We recognise that AI systems can perpetuate existing biases if they are not carefully designed and monitored. Our products are tested for fairness across population groups. Where we use AI in workforce or population analytics, we assess outputs for unintended disparities and document our approach.

Continuous governance.

AI governance is not a one-time exercise. We monitor the performance of our AI systems on an ongoing basis, adapt to evolving regulatory requirements, and update our models as new data and clinical evidence emerges. Our leadership team has direct accountability for AI governance across every product.

04

Named accountability.

Governance without accountability is just paperwork. At Strasys, clinical safety, data governance, and AI ethics are owned by named individuals in our leadership team, not delegated to compliance functions.

Meet our leadership team

Clinical Governance

Dr Nadeem Moghal

Chief Medical and Innovation Officer

A former NHS Medical Director with decades of clinical and system leadership experience. Provides clinical governance oversight across all Strasys products and ensures every product we build is grounded in frontline clinical reality.

Data & AI Governance

Naeem Younis

Founder and CEO

Holds ultimate accountability for data governance, responsible AI, and the ethical conduct of the organisation. Supplier assurance documentation, data processing agreements, and governance frameworks are available on request.

Frequently asked questions

Common questions about how we handle data, safety, and AI governance.

How does Strasys handle NHS patient data?

All data is hosted on sovereign UK infrastructure. We are IG Toolkit / DSPT compliant. Patient-level data is never extracted from trust environments. Our analytics work on aggregated, anonymised datasets within secure NHS-approved infrastructure. Formal data processing agreements are in place with every partner before any data is accessed.

Does Strasys use AI responsibly?

Strasys AI products, including SIA (Strasys Intelligence Agent) and MIA (Maternity Intelligence Agent), are designed with human-in-the-loop governance. AI augments human decision-making but never replaces clinical judgement. All AI outputs are explainable, auditable, and subject to clinical review before informing board decisions.

What documentation is available for procurement?

Supplier assurance documentation, clinical safety cases, data processing agreement templates, and our full Responsible AI policy are available on request. Contact hello@strasys.uk or speak to your Strasys engagement lead.

Our policies

Full policy documents for procurement and legal review.

Privacy Policy Responsible AI Policy Terms & Conditions