Compliance & standards

The standards every site we build is held to.

Compliance isn't an add-on — it's the floor. Every site we ship meets all of the standards below by default. No "premium accessibility" tier. No upsell on Welsh language. The right thing, built in.

NHS

NHS England benchmarking tool

The NHS England benchmarking tool is the de facto scoring system for primary care websites. It checks that patients can find what they need: opening hours, services offered, online access, signposting to urgent and emergency care, transparency of fees for private services, complaints process, and a host of other patient-rights items. Every site we build is designed to score full marks against the current version of the tool.

We re-audit every site against the tool annually, and update where the framework evolves. Every customer receives a yearly written compliance report for their records.

Further reading: What the NHS England benchmarking tool actually checks (and why most GP websites fail) →

Accessibility

WCAG 2.2 AA

The Public Sector Bodies Accessibility Regulations 2018 oblige NHS-facing services to meet WCAG 2.1 AA. We exceed that and build to WCAG 2.2 AA from day one — keyboard navigation, semantic HTML, ARIA where appropriate, colour-contrast ratios, focus states, large tap targets, accessible forms, alt text and accessible names on every interactive element.

Each site is tested with automated tooling (axe, Lighthouse) and manually with screen-reader and keyboard-only sessions. You receive a published accessibility statement on your site, kept current. We do not rely on accessibility overlay scripts — they are widely discredited and we explicitly avoid them.

Wales / England regulators

HIW & CQC patient-facing expectations

Healthcare Inspectorate Wales and the Care Quality Commission both look at public-facing information when assessing whether practices are well-led, safe and caring. The website is one of the first artefacts an inspector encounters. We make sure yours doesn't undermine the rest of your inspection.

Specifically: clear practice-leadership disclosure, transparent complaints route, accessible information for vulnerable patient groups, safeguarding signposting, current opening and out-of-hours arrangements, and clinical content that reflects the service you actually provide.

Cymraeg

Welsh Language Standards

Welsh public-facing services must satisfy the Welsh Language Standards under the Welsh Language (Wales) Measure 2011. For Welsh practices, that means a properly bilingual website — not a Google Translate widget bolted to the side.

We provide a real Welsh-language version with professional translation, optionally reviewed by a Welsh-speaking clinician, with a clear language toggle, lang attributes set correctly for assistive technologies, and ongoing parity between the two language versions. Every Welsh site has Cymraeg included as standard at no extra cost.

Data protection

UK GDPR & Data Protection Act 2018

Every form, every analytics call, every embedded widget, every cookie is reviewed against UK GDPR. Patient identifiable information is never routed through third-party analytics. Hosting is UK or EU only. We're happy to sign a Data Processing Agreement and engage directly with your Data Protection Officer.

Each site ships with a cookie banner that meets ICO guidance, a current privacy notice tailored to your practice, and a published list of all third parties that process any data via the site.

Security

Cyber Essentials & DSP Toolkit alignment

We build to the principles of Cyber Essentials and align with the relevant NHS Data Security and Protection Toolkit expectations for public-facing systems — TLS-only delivery, automated patching, hardened admin authentication, encrypted backups, penetration-tested hosting, and a clear incident-response process.

We're not a Cyber Essentials accreditation body, but we'll happily assist your practice in evidencing the relevant controls for your own DSP Toolkit submission.

Want to know exactly how your current site scores?

Browse our live customer demo to see exactly what compliant looks like in practice. Pricing is on the page; the wizard is two minutes to start.

See our demo site