Naq Compliance Scorecard

Naq Compliance Scorecard is a self-assessment tool designed to help health technology organisations evaluate their readiness to meet NHS compliance requirements. Users answer a structured set of yes/no questions across four compliance domains, receiving a scored result that identifies gaps in their current posture. The four assessment domains covered are: 1. Data Security & Protection – covering UK-GDPR compliance, ICO registration, staff GDPR training, employment contract requirements, Data Protection Impact Assessments (DPIA), the Data Security and Protection Toolkit (DSPT), data breach reporting systems, and business continuity planning. 2. Clinical Safety – covering DCB 0129 clinical risk management, clinical safety case definition, clinical hazard log maintenance, Clinical Safety Officer (CSO) designation, and per-release clinical safety reviews. 3. Technical Security – covering Cyber Essentials / Cyber Essentials Plus certification, multi-factor authentication enforcement, source code security reviews, load testing, and penetration testing within the past twelve months. 4. Accessibility & Usability – covering user engagement in product development, user acceptance testing, user journey mapping, and WCAG 2.1 level AA compliance. Based on the score achieved, the tool provides tailored feedback indicating the organisation's compliance maturity level and recommends next steps. The scorecard acts as a lead-generation and awareness tool for Naq's broader compliance management platform, used by organisations seeking to work with or supply to the NHS.