0203 780 7860
Compliance

Safe by design. Defensible by default.

LUTI is built for the standards your Information Governance, Caldicott and Clinical Safety teams already work to - assessed, audited and independently tested.

NHS DTACDCB0129DSPTCyber Essentials PlusISO 27001Pen TestingDPIAICO Reg
Our track record

Built by people who understand Security & Compliance.

We have been building software for frontline clinicians for over a decade. We know what works, what breaks, and what matters when patient safety is on the line.

15+
Years developing clinical software

EHR and referral management platform experience

1.8M+
NHS patients processed

Between 2012 and 2026

200+
Clinical users

Across NHS and Private organisations

Certifications

Security, Safety and Compliance at our Core

Every layer of LUTI is shaped by independent assessment, clinical governance and continuous testing - so your organisation can adopt with confidence.

NHS DTAC

NHS Digital Technology Assessment Criteria

Assessed against the NHS baseline for clinical safety, data protection, technical security, interoperability and usability - the standard NHS organisations apply before procurement.

DCB0129

Clinical Risk Management

A documented clinical safety case maintained by a qualified Clinical Safety Officer. Hazards identified, mitigated and reviewed across every release.

DSPT

Data Security & Protection Toolkit

Annual NHS Data Security and Protection Toolkit submission. Aligned to the National Data Guardian's ten standards for handling patient information.

Cyber Essentials Plus

Independently Audited Cyber Hygiene

Hands-on technical audit of our infrastructure, endpoints and access controls against the UK government's advanced cyber security certification.

ISO 27001

Information Security Management

An ISMS aligned to ISO/IEC 27001 - risk-based controls covering people, process and technology, with continuous monitoring and improvement.

Penetration Testing

Independent Offensive Testing

Regular penetration tests by accredited third parties across our mobile, web and API surfaces. Findings tracked to remediation with re-test sign-off.

DPIA

Data Protection Impact Assessment

A DPIA template ready to share with your Information Governance team, covering lawful basis, data flows, retention and the rights of data subjects.

ICO Registered

Registered Data Controller

Registered with the UK Information Commissioner's Office. UK GDPR compliant, with clear records of processing and a published privacy notice.

Principles

What your clinicians do quickly, your organisation can defend confidently.

The controls behind every message - the same ones your IG team would specify if they were building it themselves.

  • End-to-end encryption

    Messages secured in transit and at rest. Keys we cannot read.

  • Verified identity

    Every user tied to a registered professional record - GMC, NMC, HCPC.

  • Role-based access

    Reach a role, not a personal phone number. Cover and rota aware.

  • Full audit trail

    Every thread searchable and exportable for disclosure or SAR.

  • Retention you control

    Conversation history retained for as long as your policy requires.

  • Safe imagery & PID

    Share clinical images and identifiers inside a compliant container.

For IG & Procurement

Documentation pack on request.

DTAC response, DCB0129 clinical safety case, DSPT publication, ISO 27001 certificate, Cyber Essentials Plus certificate, pen test summary and DPIA - sent under NDA to your IG lead.

Request the packhello@luti.app

Join today.

Join clinicians already using LUTI" to move care forward.

Request Early AccessBook a demo

NHS DTAC · DSPT · Cyber Essentials Plus · ISO 27001 · Mobile & browser