Security & Compliance

PharmacyIQ takes a security-first approach suited to regulated UK pharmacy environments. This page sets out the principles we build on, the safeguards in place and how we govern them.

01Security philosophy

The platform is built on six core tenets: confidentiality, integrity, availability, accountability, least-privilege access and traceability. Security runs through design and operations — it is not a bolt-on.

02Data protection framework

Our compliance alignment covers UK GDPR, the Data Protection Act 2018, NHS information governance standards, General Pharmaceutical Council professional guidelines and MHRA regulatory guidance. Internal governance covers data handling, access management, incident protocols, retention schedules and confidentiality safeguards. In pharmacy deployments the pharmacy organisation is Data Controller and PharmacyIQ is Data Processor under contract — see the Privacy Policy.

03Hosting and infrastructure

Cloud-hosted infrastructure provides encrypted transport via TLS, automated patching, network-layer access restrictions, firewalls and continuous monitoring. Providers are selected for security maturity and regulatory appropriateness, and customer environments are logically segregated.

04Access control and authentication

Role-based access control with least-privilege assignment, secure authentication, enforced password standards and session management. Configurable roles include pharmacist, technician, store administrator and master administrator. Administrative access is restricted and overseen.

05Audit logging and traceability

Structured logs cover authentication events, inventory transactions, configuration changes, permission adjustments and integration activity — supporting regulatory accountability, internal investigation and operational review. The logs themselves are protected from unauthorised alteration.

06Encryption

Data is protected in transit via HTTPS/TLS and at rest within compatible infrastructure. Credentials, secrets and keys are handled under secure configuration protocols.

07NHS integration security

NHS system connections use authorised secure channels, appropriate system authentication and comprehensive transaction logging, with controls against unauthorised transmission. Implementations follow NHS technical specifications; we do not claim NHS endorsement unless formally granted.

08Incident response

Documented procedures cover identification, containment, investigation, root-cause analysis, customer notification where applicable, legally mandated regulatory reporting and corrective action. Incidents are handled urgently with proper escalation.

09Data segregation

Each pharmacy organisation’s data is logically isolated from every other’s. Production data access is restricted to authorised personnel under internal controls, and development and test environments are safeguarded against inappropriate exposure to live data.

10Application security

Secure development practice includes source-control safeguards, version tracking, structured deployment workflows, pre-release testing and dependency oversight, with security integrated throughout the development process.

11Continuity and resilience

Infrastructure is designed for high availability, with backup and restoration capabilities and disaster recovery arrangements that minimise data-loss exposure.

12Vulnerability disclosure

Please report security vulnerabilities to security@pharmacyiq.co.uk. We ask that reports are kept non-public until a coordinated fix is in place.

13Certification roadmap

We may pursue additional formal certifications and compliance attestations as the platform develops, and will announce them publicly once acquired.

14Contact

Security enquiries: security@pharmacyiq.co.uk