Security and assurance
Last updated: 7 June 2026
Security approach
Vecell is designed around minimum-necessary access, role-based visibility, evidence integrity, auditability, release control, and secure handling of operational data. Security and assurance are treated as product requirements, not add-ons.
Website security
The public website uses security headers, server-side form handling, payload validation, request size limits, duplicate-submit protection, rate limiting, and server-side enquiry storage. These controls help protect the website and reduce abuse of public forms.
Operational assurance
Operational deployments are expected to use environment-specific assurance, including access control, logging, monitoring, vulnerability management, incident response, backup and recovery planning, supplier assurance, and deployment review.
Healthcare data
Any deployment involving patient, clinical, NHS, or operational care data requires appropriate contractual, clinical safety, information governance, and data-protection controls for that setting. This public website does not collect patient-care requests.
Reporting a concern
If you believe you have found a security issue, contact Vecell through the contact page and include enough detail for the issue to be investigated safely.