Do you manufacture software which runs on a conventional computing platform such as a PC, phone, tablet or server? It’s likely that your product will need to comply with DCB 0129 if you sell to the NHS. And that’s generally the case, even if the product is a certified medical device. To comply with the standard, you’ll need to have a qualified Clinical Safety Officer in place.
Medical device companies developing software are already working rigorously within the ever-evolving CE and UKCA marking requirements, often supported by dedicated regulatory, clinical and quality teams.
Questions about DCB0129 compliance and the identification of a Clinical Safety Officer (CSO) commonly arise during assurance, procurement and onboarding discussions within NHS organisations. This is not because healthcare organisations consider clinical safety to have been overlooked, but because DCB0129 examines clinical safety through a different regulatory lens.
The distinction lies in the specific focus of DCB0129, which examines clinical risk to patients arising from the use of software as a medical device in healthcare settings, rather than product conformity alone.
The Clinical Safety Officer Requirement in DCB0129
A core requirement of DCB0129 is the appointment of a named Clinical Safety Officer. The CSO is responsible for overseeing clinical risk management activities and providing assurance that clinical safety risks associated with the system have been identified, assessed and appropriately controlled.
The standard does not mandate a specific job title, but it is explicit that clinical safety must be led by a suitably qualified and experienced clinician.
Qualifications and Training
Under DCB0129, the Clinical Safety Officer must be a registered healthcare professional with relevant clinical experience, appropriate training in clinical risk management for health IT systems.
The role is not intended to be nominal or retrospective, and CSO training supports the individual in fulfilling their responsibilities effectively across the system lifecycle.
Formal CSO training typically supports understanding of:
- DCB0129 requirements and the responsibilities of the Clinical Safety Officer
- Assurance expectations associated with DCB0129
- Clinical hazard identification and risk assessment
- Clinical Safety Case development and maintenance
- Clinical safety governance across the system lifecycle
From an assurance perspective, evidence of CSO training provides confidence that clinical safety is being managed in a consistent, structured and informed way.
Visibility Through DTAC
The role of the Clinical Safety Officer is further surfaced through the Digital Technology Assessment Criteria (DTAC). Within DTAC Section C (Clinical Safety), suppliers are required to identify their CSO and demonstrate compliance with DCB0129.
As a result, clinical safety governance is increasingly assessed earlier in procurement and onboarding processes. Suppliers are expected to clearly articulate how clinical safety is led, rather than relying on implicit assumptions about existing regulatory roles.
Final thoughts
In practice, meeting DCB0129 expectations is less about adding bureaucracy and more about clearly demonstrating that clinical safety is being led, governed and assured in line with NHS requirements. Addressing the Clinical Safety Officer role and assurance evidence early can help avoid friction later in contracting and deployment.
For more information about DCB 0129 compliance and proportionate clinical safety assurance, read our quick guide or contact us at safehand.co.uk
Michelle Emmerson
Team Lead, Safehand Consulting Limited