We maintain the following governance documents internally and make them available to organisations, commissioners or appraisers on request. Where a document is published publicly it is linked below.

• Data Protection Impact Assessment (DPIA)

  Risk assessment of personal data processing in Bobl.

  Available on request from privacy@boblapp.uk.

• Clinical Risk Management Plan (DCB0129-aligned)

  How we identify, evaluate and mitigate clinical safety risks.

  Available on request from privacy@boblapp.uk.

• Hazard Log

  Living register of identified hazards and their mitigations.

  Available on request from privacy@boblapp.uk.

• Security Incident Response Procedure

  Detect, contain, assess, notify, review.

  Available on request from privacy@boblapp.uk.

• Data Breach Response Procedure

  ICO-aligned breach notification and user communication procedure.

  Available on request from privacy@boblapp.uk.

• Data Retention Schedule

  Retention periods by data category.

  Available on request from privacy@boblapp.uk.

• Acceptable Use Policy

  Mirror of the public AUP.

  Published — see public pages.

• Vulnerability Disclosure Policy

  Mirror of the public VDP.

  Published — see public pages.

• Subprocessor Register

  Snapshot of current subprocessors.

  Published — see public pages.

See also: Security & Trust, Clinical Safety, AI Safety & Governance.