Data security and compliance

At Xploro we take our responsibilities seriously. That’s why, in addition to legal requirements around data security and online safety, we choose to comply with some of the most rigorous standards set right now.


The International Organization for Standardization (ISO) 27001 delineates a globally recognized framework intended for organizations to systematically establish, implement, operate, monitor, review, maintain, and enhance an Information Security Management System. Our accreditation under ISO 27001 encompasses both our entities based in the United States and the United Kingdom.

SOC2 type II

Service Organization Control Type 2 (SOC 2) is a leading cybersecurity compliance framework created by the American Institute of Certified Public Accountants (AICPA). SOC 2 stands as a vital assurance, ensuring that third-party service providers maintain the utmost security standards when handling and managing client data. Xploro is currently working towards the SOC2 audit and we expect to be certified in Spring 2024.


The Digital Technology Assessment Criteria (DTAC) is designed to be used within the United Kingdom’s National Health Service (NHS) framework for the evaluation of healthcare organizations. This process forms an integral part of due diligence procedures to verify that digital technologies adhere to minimum standards across critical domains including clinical safety, data protection, technical security, interoperability, as well as usability, and accessibility standards.

Cyber Essentials

Cyber Essentials is a self-assessment scheme endorsed by the UK Government, designed to fortify defenses against a diverse range of common cyber threats. Attaining certification affords reassurance that our security measures are equipped to thwart the bulk of typical cyber assaults, as such attacks predominantly target organizations lacking the requisite technical controls stipulated by the Cyber Essentials framework.

ICO certification

The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights in the public interests. They set the standards for the UK General Data Protection Regulation (GDPR) and provide certification to data controllers and data processors to demonstrate compliance with the UK GDPR.

NHS Data Security and Protection Toolkit

The Data Security and Protection Toolkit (DSPT) is a self-assessment tool allowing organizations to measure their performance against the UK National Health Service’s National Data Guardian’s ten data security standards.

Any organization with access to NHS patient data or systems must use the toolkit to provide assurance they are practicing good data security and that personal information is handled correctly.

Penetration testing

Penetration testing is the process of assessing digital applications and infrastructure for vulnerabilities which a hacker might use to put a company or their customers at risk. Xploro works closely with Pentest, a British security specialist whose researchers, developers and penetration testers are experts at identifying potential areas of exposure so we can address problems before we release a product.