Security & Compliance Built for the Public Sector
Purple Scribe meets the highest standards of security, regulatory compliance and data protection required for deployment across NHS, prisons and local government.
Certifications & Accreditations
A trusted government supplier since 2019, with the certifications and security practices demanded by the most rigorous public sector organisations.
MHRA Registered
Class I Medical Device
GMDN 61087: Clinical management support software. Registered 4 September 2025.
ISO 27001:2022
UKAS Approved
Information security management system. UKAS-approved, certificate #9940.
Cyber Essentials Plus
Government Backed
Government-backed cyber security certification for robust security practices.
UK GDPR
Data Protection
Full compliance with UK General Data Protection Regulation.
MHRA Registered Medical Device
Purple Scribe is registered with the Medicines and Healthcare products Regulatory Agency (MHRA) as a Class I medical device under the UK Medical Devices Regulations 2002.
- Classification
- Class I Medical Device
- GMDN Code
- 61087: Clinical management support software
- Registration Date
- 4 September 2025
- Regulation
- UK MDR 2002, Rule 11, Schedule 9
- Manufacturer
- Made Purple Ltd
MHRA Registered
Class I Medical Device
GMDN 61087
Infrastructure Security
Enterprise-grade security infrastructure designed for the public sector.
UK-Only Infrastructure
All data is processed and stored exclusively within the United Kingdom on UK-only infrastructure. No data leaves the UK at any point, ensuring full data sovereignty and compliance with UK regulations.
Encryption at Rest & in Transit
All data encrypted using AES-256 at rest and TLS 1.3 in transit. No unencrypted data at any point.
Role-Based Access Control
Granular role-based access controls ensure staff only access the data they need. Full admin controls for organisation-level user and permissions management.
Zero-Trust API Integration
Secure, zero-trust APIs for custom integrations with your existing systems. Every request is authenticated and authorised with no implicit trust.
Full Audit Trails
Every action logged including uploads, access, edits, deletions and exports. Complete traceability for compliance and governance.
Customisable Data Retention
Fully customisable data retention policies to meet your organisation's governance requirements. Audio can be deleted immediately after transcription or retained according to your policies.
CREST-Certified Penetration Testing
Independent penetration testing conducted by a CREST-certified third party to identify and address vulnerabilities proactively.
Purple MDM
Dedicated, secure devices can be provided using Purple MDM for environments requiring managed hardware. The Purple Scribe app can also be securely distributed to staff devices.
Secure App Distribution
The Purple Scribe mobile application is penetration tested by a CREST-certified third party and can be distributed securely to your organisation's staff devices.
Ready to reduce administrative burden across your organisation?
Join NHS trusts, prison services and local authorities already using Purple Scribe to save time and improve documentation quality.