top of page

What is DCB0129?

DCB0129 is a mandatory clinical risk management standard that applies to all health IT vendors and many medical device manufacturers and network infrastructure/cybersecurity suppliers operating in the NHS in England. This standard is now an integral part of tenders, procurement processes and compliance onboarding and can or may be requested by any of the following stakeholders:

  • Clinical Safety Officers (CSOs) or compliance teams at individual healthcare organisations.

  • Regional bodies covering compliance work on behalf of purchasing organisations (e.g. Clinical Commissioning Groups or Integrated Care Systems).

  • National regulators running procurement frameworks (NHS Digital).

  • Any organisation overseeing a DTAC (Digital Technology Assessment Criteria) process.

  • Other vendors, resellers and managed service companies you may be working with.

Meeting at office

Why is DCB0129 Important?

DCB0129 will apply to a huge number of companies looking to sell to the NHS, including many sectors you may not imagine. The definition in the standard itself is suitably vague - “any product used to provide electronic information for health or social care purposes” - but if you fall into any of the following categories, DCB0129 will be requested from you:

  • Any health IT product, app, or software.

  • Any network infrastructure that underpins clinical service provision.

  • Any cybersecurity product that covers healthcare organisations.

  • Many medical device manufacturers.

  • Any company that has a product (hardware or software) that is involved with patient data, patient or clinician workflow or would cause any disruption to clinical services if it was compromised or unavailable.

DCB0129 compliance can seem complex and laborious at first glance. There are a number of specific processes, activities, appointments and documents that need to be put in place by any applicable organisation:


  • Appoint a Clinical Safety Officer (CSO) – This needs to be a registered clinician with experience in risk management activities and a comprehensive knowledge and experience of health IT systems. The standard doesn’t specify if the clinician needs to be UK-based, but a working knowledge of the NHS and its policies, procedures and infrastructure does help.

  • Define an appropriate Clinical Risk Management Process – This is really the core function that underpins DCB0129 – ensuring a rigorous clinical risk assessment methodology that is followed by the company to ensure its products are built, developed and released safely.

  • Issue a specific set of documents to help show DCB0129 compliance – The key documents that are frequently requested are the Clinical Risk Management Plan (in essence the methodology of your risk processes), the Clinical Safety Case Report (a structured document that shows the rationale behind why you believe the product is safe to use) and the Hazard Log (a comprehensive view of all the potential hazards associated with the product and the associated mitigation and risk scoring). We provide several other documents to help support compliance.

  • Ensure appropriate ongoing clinical risk work – This is key and marks DCB0129 out from other compliance standards – vendors must ensure ongoing clinical safety activities are in place to cover current products, new products and functionalities. There is not a single sign-off that covers DCB0129 for a year, for example.

Operation Theater

How We Ensure DCB0129 Compliance

Our team of expert clinicians can develop the core documentation required as well as handle any ongoing clinical safety activities that arise, giving you peace of mind in this area. We generally provide this in a two-step approach:

Step 1 – Core Documentation Creation

First off, we will work with your product, sales and compliance leads to establish the base set of core documents that are required for DCB0129. A series of structured workshops will provide the knowledge for us to create these and start developing the processes around them for your institution. The final output of these activities is to create the key documents required (Clinical Risk Management Plan, Clinical Safety Case Report and Hazard Log) as well as other supporting documents to help cover other questions that may arise (third-party risk management, medical device applicability, incident management and how to help deploying organisations with their DCB0160 documentation).

Step 2 – Ongoing Compliance

One of the headaches of DCB0129 compared to other compliance standards is the nature of the ongoing work that needs to take place to remain compliant. Any new release or new product needs to be vetted in a similar fashion, any clinical safety incidents need to be captured and written up and questions from regional or national regulators will need to be responded to. Our solution to this is an effective, flexible retainer that allows us to manage all aspects of ongoing clinical safety work for you. We will (if requested) also act as the named CSO, for the purposes of responding to procurement activities for you.

Why Choose The AbedGraham Group for Your DCB0129 Compliance?

At The AbedGraham Group, we have provided risk management and DCB0129 consultancy services to some of the largest technology vendors in the world, as well as at the national and international levels.

Track Record

We have overseen clinical safety for numerous products and guided vendors through the complete spectrum of the Digital Technology Assessment Criteria (DTAC), national and regional frameworks, as well as direct bids. Our unparalleled expertise in this field and the meticulous detail within our documents set the highest standard in the industry.

Diverse Experience

Achieving DCB0129 compliance is most effective when you have a Clinical Safety Officer (CSO) with some level of clinical experience related to the specific healthcare product. With a track record of successfully overseeing more than a hundred products across various healthcare domains and a team boasting decades of hands-on experience across all sectors, we are exceptionally equipped to navigate risk for any product entering the market.

Peace of Mind

Navigating clinical safety is complex, especially when delving into product specifics, interacting with deploying organisations, or engaging with regulators. Ensuring the reliability, evidence-based foundation, and trustworthiness of your materials are paramount. With our extensive experience overseeing numerous products, we've encountered a myriad of requests and queries from regulators, healthcare entities, and partners. Many companies fall into the trap of superficially addressing clinical risk management or retrofitting existing compliance materials, often leading to complications during document reviews. Avoiding these issues can significantly streamline procurement, facilitating more timely budget discussions and ensuring compliance doesn't impede deal closures.

Other Value-Adding Services 
Meeting clinical risk management standards serve as the initial step in a broader conversation encompassing compliance, strategic planning, and marketing excellence. Whether you require support with the Data Security and Protection Toolkit (DSPT) or seek assistance with strategic and marketing services, we're well-equipped to guide you through various aspects of NHS procurement, ultimately expediting your returns.

Doctor in Hospital Corridor

Ready To Speak to One of the team?

If you need help with your DCB0129 compliance, or any other healthcare legislation, partnering with The AbedGraham Group will ensure your applications run smoothly and that you are able to operate in the healthcare sector.

​Contact The AbedGraham Group
Contact us today to leverage the power of clinically led consulting.
  • LinkedIn Social Icon

Success! Message received.


Is DCB0129 mandatory?

DCB0129 is mandatory if your product is considered applicable, as part of the Health and Social Care Act 2012. You must show evidence of a suitable risk assessment and appoint a Clinical Safety Officer to manage DCB0129 compliance on an ongoing basis. If you are unsure as to whether your product is applicable, then contact us for a free consultation. 

What is clinical risk in the NHS?

Clinical risk management in the NHS is centred around the deployment of two standards: DCB0129 (applying to vendors) and DCB0160 (applying to healthcare organisations). Vendors must ensure they have covered all parts of the standard to ensure compliance that they can show to healthcare organisations, regulators and partners. 

What is digital clinical safety?
Digital clinical safety is about ensuring that technologies deployed in the NHS are safe to use, but also that those technologies then help to improve patient safety. The Digital Clinical Safety Strategy published in 2021 outlines the nationwide strategy and the stakeholders involved in maintaining this. 

Copyright © 2024-25  AbedGraham Healthcare Strategies Ltd.

bottom of page