Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform

Ready to experience the CareApps difference? Request a free demo today!

Know more

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

Unit 7, Friars Mill, Bath Lane

Leicester, LE3 5BJ, United Kindom.

CONTACT

© 2025 Empathika. All rights reserved.

Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform

Ready to experience the CareApps difference? Request a free demo today!

Know more

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

Unit 7, Friars Mill, Bath Lane

Leicester, LE3 5BJ, United Kindom.

CONTACT

© 2025 Empathika. All rights reserved.

Developed by NHS England, is an essential framework that ensures digital health and social care technologies meet national standards for safety, quality, and effectiveness. It evaluates technologies across key areas, including clinical safety, data protection, technical security, interoperability, and usability.

Digital Technology Acceptance Criteria (DTAC)

Digital Technology Acceptance Criteria (DTAC)

Digital Technology Acceptance Criteria (DTAC)

Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform

Ready to experience the Empathika difference? Request a free demo today!

Know More

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

© 2025 Empathika. All rights reserved.

Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform

Ready to experience the Empathika difference? Request a free demo today!

Know More

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

© 2025 Empathika. All rights reserved.

Company Information

Provide the name of your company: CAREAPPS LIMITED Provide the name of your product: CareApps - Empathika Provide the type of product: Software-as-a-Service (SaaS) Provide the name and job title of the individual who will be the key contact at your organization: Luca Licata, CTO Provide the key contact's email address: llicata@careapps.co.uk Provide the registered address of your company First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH In which country is your organisation registered? : England Companies house registration number: 15786817 CQC assessment: Not applicable

Value Proposition

Who is this product intended to be used for? : Care home staff, including care workers, nurses, managers, and integrated pharmacy partners What is the product designed to do and how is it used? CareApps is an emerging IT and software developer company. The company has developed Empathika, a comprehensive digital care management platform designed to streamline and enhance the delivery of care services across all UK community care settings. Empathika offers end-to-end digital tools for care planning, medication management, staff coordination, and compliance monitoring. The platform is engineered to meet the evolving needs of the UK care sector, with a strong emphasis on safety, interoperability, and regulatory compliance. Platform Objectives (Empathika): Digitise care workflows to reduce administrative burden. Enhance safety and accountability in care delivery. Ensure regulatory compliance with CQC, NHS Digital, and DTAC frameworks. Enable interoperability with eMARs and NHS systems. Current Focus: Medication Management Module The Medication Management Module is a clinically sensitive component of the platform aimed at digitising and safeguarding the entire medication lifecycle within care settings. Key Features: Digital Medication Administration System: Secure, auditable system to manage and administer medications in real-time. Automated Reminders: Alerts for caregivers and management to ensure timely administration and refill of medications. Integration with eMARs: Ensures data consistency by syncing medication records across systems. Integrated Pharmacy App: Enables pharmacies to seamlessly interact with the medication module for efficient, accurate, and safe ordering of medications. The system provides real-time updates on order status, helping ensure timely delivery, reduce errors, and support a secure and reliable medication supply chain. Clinical Audit Trail: Captures all medication-related actions to support clinical governance and incident investigation. Dashboard and Reporting System: Delivers a comprehensive overview of medication activities through real-time dashboards and detailed reports. It tracks medication administration cycles, including whether doses were given or missed, and generates reports on missed medications, PRN and controlled drug usage, psychotropic medications, unscheduled administrations, pain and time-specific medications, as well as topical medication applications. This system supports safer medication management, regulatory compliance, and data-driven clinical decisions. Role-Based Access Control: Ensures that only authorised staff can manage medication-related data. What are the user journeys when using the product? Our User Journey explains the user flow of Clinicians and Nurses in which CareApps shall be used. (UR01_CareApps_Admin, V1, UR02_CareApps_Nurse user, V1) Our Data flow explains the flow of data between the clinician, CareApps Module inputs and outputs (Medication Management). (DF01_Data Flow_CareApps_V1)

Clinical Safety

Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129? CareApps has undertaken clinical risk management activities which comply with DCB0129 and DCB0160 standards. Please detail your clinical risk management system CareApps has implemented and followed a Clinical Risk Management System process that sets out the activities for Clinical Safety in line with DCB0129 standards which is incorporated in Clinical Risk Management System (CRMS001). CareApps has followed a Clinical Risk Management Plan which encompasses the plan related to identify, evaluate, mitigate and control risks on CareApps which is outlined in the plan (CRMP001) Please supply your Clinical Safety Case Report and Hazard Log CareApps has created a Clinical Safety Hazard log which lists out the hazards related to CareApps which is briefly explained in Log (CSHL001) Clinical Safety Officer (CSO) details: Name: Sajjad Nandjy Profession: Director of Clinical Governance and Quality Assurance at Langdale Care Homes. He is appointed as the Clinical Safety Officer for CareApps Registration: 2202487 Certification: GPH (General Pharmaceutical Council) If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)? Not applicable, outside of the scope of the UK Medical Devices Regulations 2002. Do you use or connect to any third-party products? Yes, we use NHS TRUD, AWS, Microsoft 365

Data Protection

ICO Registration Details: Organisation: CareApps Ltd ICO Registration Number: ZB783158 Date Registered: 9th October 2024 Do you have a nominated Data Protection Officer (DPO)? Nominated Data Protection Officer: Mark Faustino Mobile: +44 20 7031 8542 Email: mfaustino@careapps.co.uk Does your product have access to any personally identifiable data or NHS held patient data? Yes Please confirm you are compliant with the annual Data Security and Protection Toolkit Assessment. - Confirmed Organisation: CareApps Ltd Organisation code: G3D1R Status: Standards Exceeded Date of publication: 22nd May 2025 (valid until 30th June 2026) Toolkit Version: 2024-25 (version 7) Please attach the Data Protection Impact Assessment (DPIA) The Data Protection Impact Assessment shall be carried out for CareApps which explains the different integrations which put in place slightly different DPIAs based on the data flows occurring within the CareApps. (DPIA001) Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer. - Confirmed The data protection impact assessment covers the risk assessment and mitigations and access control policy, Information security policies have been reviewed, approved and signed off by DPO. Please confirm where you store and process data: UK Only All data processing activities are carried out in AWS which is in UK Region.

Technical Security

Please attach your Cyber Essentials Certificate Cyber Essentials Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Certification ID: 63a7b6f9-dd06-469B-B019-e45a6fda8de1 Valid from: 21st February 2025 Expiry Date: 21st February 2026 Issued by: IASME Coverage: Whole Organisation Cyber Essentials Plus Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Plus Certification ID: cb5f0f3f-39f7-42f0-9202-53cf5ea55e7c Valid from: 20th May 2025 Expiry Date: 20th May 2026 Issued by: Fleko Coverage: Whole Organisation Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period. CareApps has undergone an external penetration test that included the OWASP top 10 vulnerabilities which is reported in Penetration testing Report (PR001). The penetration testing / summary report demonstrates there are no vulnerabilities that score 7.0 or above using the Common Vulnerability Scoring System (CVSS). Please confirm whether all custom code had a security review. CareApps follow an internal code review process for verification. Please confirm whether logging and reporting requirements have been clearly defined. CareApps logs all users and reports shall be identified as a requirement and defined, stored in the cloud. Please confirm whether the product has been load tested CareApps conducted load testing for the evaluation and stability performance of the application

Interoperability

Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers? No - There is no API integration or channels exists for other consumers to integrate with CareApps. Do you use NHS number to identify patient record data No Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability? Yes Is your product a wearable or device, or does it integrate with them? No

Usability and accessibility

Do you engage users in the development of the product? Yes - We collect user feedback time to time and Analyse them and accommodate necessary changes and update in the app. Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey? Yes - We do proper requirement analysis and engage professional User experience designer to create a simple user flow to make the application easy for the users. Do you undertake user acceptance testing to validate usability of the system? We have deployed the application for UAT. A Number of users are using it and sharing feedback. We are also providing necessary training to the users. Users are validating the system and reporting issues where adjustment and bug fixing is required. Usability and Acceptance Evaluation – Process and Procedure.docx Usability Evaluation of CareApps – Empathika .docx Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant? - Partially Accessibility Statement for CareApps LTD Applications (UK) CareApps LTD is committed to making its applications accessible, in accordance with the Web Content Accessibility Guidelines (WCAG) 2.1 level AA, as far as is reasonably practicable. Compliance Status The CareApps web and mobile applications are partially compliant with WCAG 2.1 level AA. This means that while many parts of the applications meet accessibility standards, some areas do not fully comply. Non-accessible Content Some parts of our applications are not fully accessible due to the following: Screen reader limitations: Not all interface elements are fully compatible with screen reading software. Keyboard navigation: Some features may not be accessible without a touchscreen or mouse. Focus indicators: Certain interactive elements may lack visible focus indicators, making navigation harder for keyboard users. Dynamic content updates: Updates on some screens may not be announced to assistive technologies in real-time. These limitations primarily result from the operational context of our applications: they are designed for use by care home staff (e.g., carers, senior carers, and managers) during their shifts on tablets or mobile devices. The user interface prioritises ease of use, speed, and clarity, which can limit the feasibility of full accessibility support. Implementing all aspects of WCAG 2.1 level AA would currently present a disproportionate burden, given our size as an SME, the specific user base, and the nature of our software. However, we continue to review and improve accessibility where it adds meaningful benefit to users.

Company Information

Provide the name of your company: CAREAPPS LIMITED Provide the name of your product: CareApps - Empathika Provide the type of product: Software-as-a-Service (SaaS) Provide the name and job title of the individual who will be the key contact at your organization: Luca Licata, CTO Provide the key contact's email address: llicata@careapps.co.uk Provide the registered address of your company First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH In which country is your organisation registered? : England Companies house registration number: 15786817 CQC assessment: Not applicable

Value Proposition

Who is this product intended to be used for? : Care home staff, including care workers, nurses, managers, and integrated pharmacy partners What is the product designed to do and how is it used? CareApps is an emerging IT and software developer company. The company has developed Empathika, a comprehensive digital care management platform designed to streamline and enhance the delivery of care services across all UK community care settings. Empathika offers end-to-end digital tools for care planning, medication management, staff coordination, and compliance monitoring. The platform is engineered to meet the evolving needs of the UK care sector, with a strong emphasis on safety, interoperability, and regulatory compliance. Platform Objectives (Empathika): Digitise care workflows to reduce administrative burden. Enhance safety and accountability in care delivery. Ensure regulatory compliance with CQC, NHS Digital, and DTAC frameworks. Enable interoperability with eMARs and NHS systems. Current Focus: Medication Management Module The Medication Management Module is a clinically sensitive component of the platform aimed at digitising and safeguarding the entire medication lifecycle within care settings. Key Features: Digital Medication Administration System: Secure, auditable system to manage and administer medications in real-time. Automated Reminders: Alerts for caregivers and management to ensure timely administration and refill of medications. Integration with eMARs: Ensures data consistency by syncing medication records across systems. Integrated Pharmacy App: Enables pharmacies to seamlessly interact with the medication module for efficient, accurate, and safe ordering of medications. The system provides real-time updates on order status, helping ensure timely delivery, reduce errors, and support a secure and reliable medication supply chain. Clinical Audit Trail: Captures all medication-related actions to support clinical governance and incident investigation. Dashboard and Reporting System: Delivers a comprehensive overview of medication activities through real-time dashboards and detailed reports. It tracks medication administration cycles, including whether doses were given or missed, and generates reports on missed medications, PRN and controlled drug usage, psychotropic medications, unscheduled administrations, pain and time-specific medications, as well as topical medication applications. This system supports safer medication management, regulatory compliance, and data-driven clinical decisions. Role-Based Access Control: Ensures that only authorised staff can manage medication-related data. What are the user journeys when using the product? Our User Journey explains the user flow of Clinicians and Nurses in which CareApps shall be used. (UR01_CareApps_Admin, V1, UR02_CareApps_Nurse user, V1) Our Data flow explains the flow of data between the clinician, CareApps Module inputs and outputs (Medication Management). (DF01_Data Flow_CareApps_V1)

Clinical Safety

Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129? CareApps has undertaken clinical risk management activities which comply with DCB0129 and DCB0160 standards. Please detail your clinical risk management system CareApps has implemented and followed a Clinical Risk Management System process that sets out the activities for Clinical Safety in line with DCB0129 standards which is incorporated in Clinical Risk Management System (CRMS001). CareApps has followed a Clinical Risk Management Plan which encompasses the plan related to identify, evaluate, mitigate and control risks on CareApps which is outlined in the plan (CRMP001) Please supply your Clinical Safety Case Report and Hazard Log CareApps has created a Clinical Safety Hazard log which lists out the hazards related to CareApps which is briefly explained in Log (CSHL001) Clinical Safety Officer (CSO) details: Name: Sajjad Nandjy Profession: Director of Clinical Governance and Quality Assurance at Langdale Care Homes. He is appointed as the Clinical Safety Officer for CareApps Registration: 2202487 Certification: GPH (General Pharmaceutical Council) If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)? Not applicable, outside of the scope of the UK Medical Devices Regulations 2002. Do you use or connect to any third-party products? Yes, we use NHS TRUD, AWS, Microsoft 365

Data Protection

ICO Registration Details: Organisation: CareApps Ltd ICO Registration Number: ZB783158 Date Registered: 9th October 2024 Do you have a nominated Data Protection Officer (DPO)? Nominated Data Protection Officer: Mark Faustino Mobile: +44 20 7031 8542 Email: mfaustino@careapps.co.uk Does your product have access to any personally identifiable data or NHS held patient data? Yes Please confirm you are compliant with the annual Data Security and Protection Toolkit Assessment. - Confirmed Organisation: CareApps Ltd Organisation code: G3D1R Status: Standards Exceeded Date of publication: 22nd May 2025 (valid until 30th June 2026) Toolkit Version: 2024-25 (version 7) Please attach the Data Protection Impact Assessment (DPIA) The Data Protection Impact Assessment shall be carried out for CareApps which explains the different integrations which put in place slightly different DPIAs based on the data flows occurring within the CareApps. (DPIA001) Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer. - Confirmed The data protection impact assessment covers the risk assessment and mitigations and access control policy, Information security policies have been reviewed, approved and signed off by DPO. Please confirm where you store and process data: UK Only All data processing activities are carried out in AWS which is in UK Region.

Technical Security

Please attach your Cyber Essentials Certificate Cyber Essentials Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Certification ID: 63a7b6f9-dd06-469B-B019-e45a6fda8de1 Valid from: 21st February 2025 Expiry Date: 21st February 2026 Issued by: IASME Coverage: Whole Organisation Cyber Essentials Plus Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Plus Certification ID: cb5f0f3f-39f7-42f0-9202-53cf5ea55e7c Valid from: 20th May 2025 Expiry Date: 20th May 2026 Issued by: Fleko Coverage: Whole Organisation Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period. CareApps has undergone an external penetration test that included the OWASP top 10 vulnerabilities which is reported in Penetration testing Report (PR001). The penetration testing / summary report demonstrates there are no vulnerabilities that score 7.0 or above using the Common Vulnerability Scoring System (CVSS). Please confirm whether all custom code had a security review. CareApps follow an internal code review process for verification. Please confirm whether logging and reporting requirements have been clearly defined. CareApps logs all users and reports shall be identified as a requirement and defined, stored in the cloud. Please confirm whether the product has been load tested CareApps conducted load testing for the evaluation and stability performance of the application

Interoperability

Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers? No - There is no API integration or channels exists for other consumers to integrate with CareApps. Do you use NHS number to identify patient record data No Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability? Yes Is your product a wearable or device, or does it integrate with them? No

Usability and accessibility

Do you engage users in the development of the product? Yes - We collect user feedback time to time and Analyse them and accommodate necessary changes and update in the app. Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey? Yes - We do proper requirement analysis and engage professional User experience designer to create a simple user flow to make the application easy for the users. Do you undertake user acceptance testing to validate usability of the system? We have deployed the application for UAT. A Number of users are using it and sharing feedback. We are also providing necessary training to the users. Users are validating the system and reporting issues where adjustment and bug fixing is required. Usability and Acceptance Evaluation – Process and Procedure.docx Usability Evaluation of CareApps – Empathika .docx Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant? - Partially Accessibility Statement for CareApps LTD Applications (UK) CareApps LTD is committed to making its applications accessible, in accordance with the Web Content Accessibility Guidelines (WCAG) 2.1 level AA, as far as is reasonably practicable. Compliance Status The CareApps web and mobile applications are partially compliant with WCAG 2.1 level AA. This means that while many parts of the applications meet accessibility standards, some areas do not fully comply. Non-accessible Content Some parts of our applications are not fully accessible due to the following: Screen reader limitations: Not all interface elements are fully compatible with screen reading software. Keyboard navigation: Some features may not be accessible without a touchscreen or mouse. Focus indicators: Certain interactive elements may lack visible focus indicators, making navigation harder for keyboard users. Dynamic content updates: Updates on some screens may not be announced to assistive technologies in real-time. These limitations primarily result from the operational context of our applications: they are designed for use by care home staff (e.g., carers, senior carers, and managers) during their shifts on tablets or mobile devices. The user interface prioritises ease of use, speed, and clarity, which can limit the feasibility of full accessibility support. Implementing all aspects of WCAG 2.1 level AA would currently present a disproportionate burden, given our size as an SME, the specific user base, and the nature of our software. However, we continue to review and improve accessibility where it adds meaningful benefit to users.

Company Information

Provide the name of your company: CAREAPPS LIMITED Provide the name of your product: CareApps - Empathika Provide the type of product: Software-as-a-Service (SaaS) Provide the name and job title of the individual who will be the key contact at your organization: Luca Licata, CTO Provide the key contact's email address: llicata@careapps.co.uk Provide the registered address of your company First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH In which country is your organisation registered? : England Companies house registration number: 15786817 CQC assessment: Not applicable

Value Proposition

Who is this product intended to be used for? : Care home staff, including care workers, nurses, managers, and integrated pharmacy partners What is the product designed to do and how is it used? CareApps is an emerging IT and software developer company. The company has developed Empathika, a comprehensive digital care management platform designed to streamline and enhance the delivery of care services across all UK community care settings. Empathika offers end-to-end digital tools for care planning, medication management, staff coordination, and compliance monitoring. The platform is engineered to meet the evolving needs of the UK care sector, with a strong emphasis on safety, interoperability, and regulatory compliance. Platform Objectives (Empathika): Digitise care workflows to reduce administrative burden. Enhance safety and accountability in care delivery. Ensure regulatory compliance with CQC, NHS Digital, and DTAC frameworks. Enable interoperability with eMARs and NHS systems. Current Focus: Medication Management Module The Medication Management Module is a clinically sensitive component of the platform aimed at digitising and safeguarding the entire medication lifecycle within care settings. Key Features: Digital Medication Administration System: Secure, auditable system to manage and administer medications in real-time. Automated Reminders: Alerts for caregivers and management to ensure timely administration and refill of medications. Integration with eMARs: Ensures data consistency by syncing medication records across systems. Integrated Pharmacy App: Enables pharmacies to seamlessly interact with the medication module for efficient, accurate, and safe ordering of medications. The system provides real-time updates on order status, helping ensure timely delivery, reduce errors, and support a secure and reliable medication supply chain. Clinical Audit Trail: Captures all medication-related actions to support clinical governance and incident investigation. Dashboard and Reporting System: Delivers a comprehensive overview of medication activities through real-time dashboards and detailed reports. It tracks medication administration cycles, including whether doses were given or missed, and generates reports on missed medications, PRN and controlled drug usage, psychotropic medications, unscheduled administrations, pain and time-specific medications, as well as topical medication applications. This system supports safer medication management, regulatory compliance, and data-driven clinical decisions. Role-Based Access Control: Ensures that only authorised staff can manage medication-related data. What are the user journeys when using the product? Our User Journey explains the user flow of Clinicians and Nurses in which CareApps shall be used. (UR01_CareApps_Admin, V1, UR02_CareApps_Nurse user, V1) Our Data flow explains the flow of data between the clinician, CareApps Module inputs and outputs (Medication Management). (DF01_Data Flow_CareApps_V1)

Clinical Safety

Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129? CareApps has undertaken clinical risk management activities which comply with DCB0129 and DCB0160 standards. Please detail your clinical risk management system CareApps has implemented and followed a Clinical Risk Management System process that sets out the activities for Clinical Safety in line with DCB0129 standards which is incorporated in Clinical Risk Management System (CRMS001). CareApps has followed a Clinical Risk Management Plan which encompasses the plan related to identify, evaluate, mitigate and control risks on CareApps which is outlined in the plan (CRMP001) Please supply your Clinical Safety Case Report and Hazard Log CareApps has created a Clinical Safety Hazard log which lists out the hazards related to CareApps which is briefly explained in Log (CSHL001) Clinical Safety Officer (CSO) details: Name: Sajjad Nandjy Profession: Director of Clinical Governance and Quality Assurance at Langdale Care Homes. He is appointed as the Clinical Safety Officer for CareApps Registration: 2202487 Certification: GPH (General Pharmaceutical Council) If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)? Not applicable, outside of the scope of the UK Medical Devices Regulations 2002. Do you use or connect to any third-party products? Yes, we use NHS TRUD, AWS, Microsoft 365

Data Protection

ICO Registration Details: Organisation: CareApps Ltd ICO Registration Number: ZB783158 Date Registered: 9th October 2024 Do you have a nominated Data Protection Officer (DPO)? Nominated Data Protection Officer: Mark Faustino Mobile: +44 20 7031 8542 Email: mfaustino@careapps.co.uk Does your product have access to any personally identifiable data or NHS held patient data? Yes Please confirm you are compliant with the annual Data Security and Protection Toolkit Assessment. - Confirmed Organisation: CareApps Ltd Organisation code: G3D1R Status: Standards Exceeded Date of publication: 22nd May 2025 (valid until 30th June 2026) Toolkit Version: 2024-25 (version 7) Please attach the Data Protection Impact Assessment (DPIA) The Data Protection Impact Assessment shall be carried out for CareApps which explains the different integrations which put in place slightly different DPIAs based on the data flows occurring within the CareApps. (DPIA001) Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer. - Confirmed The data protection impact assessment covers the risk assessment and mitigations and access control policy, Information security policies have been reviewed, approved and signed off by DPO. Please confirm where you store and process data: UK Only All data processing activities are carried out in AWS which is in UK Region.

Technical Security

Please attach your Cyber Essentials Certificate Cyber Essentials Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Certification ID: 63a7b6f9-dd06-469B-B019-e45a6fda8de1 Valid from: 21st February 2025 Expiry Date: 21st February 2026 Issued by: IASME Coverage: Whole Organisation Cyber Essentials Plus Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Plus Certification ID: cb5f0f3f-39f7-42f0-9202-53cf5ea55e7c Valid from: 20th May 2025 Expiry Date: 20th May 2026 Issued by: Fleko Coverage: Whole Organisation Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period. CareApps has undergone an external penetration test that included the OWASP top 10 vulnerabilities which is reported in Penetration testing Report (PR001). The penetration testing / summary report demonstrates there are no vulnerabilities that score 7.0 or above using the Common Vulnerability Scoring System (CVSS). Please confirm whether all custom code had a security review. CareApps follow an internal code review process for verification. Please confirm whether logging and reporting requirements have been clearly defined. CareApps logs all users and reports shall be identified as a requirement and defined, stored in the cloud. Please confirm whether the product has been load tested CareApps conducted load testing for the evaluation and stability performance of the application

Interoperability

Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers? No - There is no API integration or channels exists for other consumers to integrate with CareApps. Do you use NHS number to identify patient record data No Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability? Yes Is your product a wearable or device, or does it integrate with them? No

Usability and accessibility

Do you engage users in the development of the product? Yes - We collect user feedback time to time and Analyse them and accommodate necessary changes and update in the app. Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey? Yes - We do proper requirement analysis and engage professional User experience designer to create a simple user flow to make the application easy for the users. Do you undertake user acceptance testing to validate usability of the system? We have deployed the application for UAT. A Number of users are using it and sharing feedback. We are also providing necessary training to the users. Users are validating the system and reporting issues where adjustment and bug fixing is required. Usability and Acceptance Evaluation – Process and Procedure.docx Usability Evaluation of CareApps – Empathika .docx Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant? - Partially Accessibility Statement for CareApps LTD Applications (UK) CareApps LTD is committed to making its applications accessible, in accordance with the Web Content Accessibility Guidelines (WCAG) 2.1 level AA, as far as is reasonably practicable. Compliance Status The CareApps web and mobile applications are partially compliant with WCAG 2.1 level AA. This means that while many parts of the applications meet accessibility standards, some areas do not fully comply. Non-accessible Content Some parts of our applications are not fully accessible due to the following: Screen reader limitations: Not all interface elements are fully compatible with screen reading software. Keyboard navigation: Some features may not be accessible without a touchscreen or mouse. Focus indicators: Certain interactive elements may lack visible focus indicators, making navigation harder for keyboard users. Dynamic content updates: Updates on some screens may not be announced to assistive technologies in real-time. These limitations primarily result from the operational context of our applications: they are designed for use by care home staff (e.g., carers, senior carers, and managers) during their shifts on tablets or mobile devices. The user interface prioritises ease of use, speed, and clarity, which can limit the feasibility of full accessibility support. Implementing all aspects of WCAG 2.1 level AA would currently present a disproportionate burden, given our size as an SME, the specific user base, and the nature of our software. However, we continue to review and improve accessibility where it adds meaningful benefit to users.

Company Information

Provide the name of your company: CAREAPPS LIMITED Provide the name of your product: CareApps - Empathika Provide the type of product: Software-as-a-Service (SaaS) Provide the name and job title of the individual who will be the key contact at your organization: Luca Licata, CTO Provide the key contact's email address: llicata@careapps.co.uk Provide the registered address of your company First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH In which country is your organisation registered? : England Companies house registration number: 15786817 CQC assessment: Not applicable

Value Proposition

Who is this product intended to be used for? : Care home staff, including care workers, nurses, managers, and integrated pharmacy partners What is the product designed to do and how is it used? CareApps is an emerging IT and software developer company. The company has developed Empathika, a comprehensive digital care management platform designed to streamline and enhance the delivery of care services across all UK community care settings. Empathika offers end-to-end digital tools for care planning, medication management, staff coordination, and compliance monitoring. The platform is engineered to meet the evolving needs of the UK care sector, with a strong emphasis on safety, interoperability, and regulatory compliance. Platform Objectives (Empathika): Digitise care workflows to reduce administrative burden. Enhance safety and accountability in care delivery. Ensure regulatory compliance with CQC, NHS Digital, and DTAC frameworks. Enable interoperability with eMARs and NHS systems. Current Focus: Medication Management Module The Medication Management Module is a clinically sensitive component of the platform aimed at digitising and safeguarding the entire medication lifecycle within care settings. Key Features: Digital Medication Administration System: Secure, auditable system to manage and administer medications in real-time. Automated Reminders: Alerts for caregivers and management to ensure timely administration and refill of medications. Integration with eMARs: Ensures data consistency by syncing medication records across systems. Integrated Pharmacy App: Enables pharmacies to seamlessly interact with the medication module for efficient, accurate, and safe ordering of medications. The system provides real-time updates on order status, helping ensure timely delivery, reduce errors, and support a secure and reliable medication supply chain. Clinical Audit Trail: Captures all medication-related actions to support clinical governance and incident investigation. Dashboard and Reporting System: Delivers a comprehensive overview of medication activities through real-time dashboards and detailed reports. It tracks medication administration cycles, including whether doses were given or missed, and generates reports on missed medications, PRN and controlled drug usage, psychotropic medications, unscheduled administrations, pain and time-specific medications, as well as topical medication applications. This system supports safer medication management, regulatory compliance, and data-driven clinical decisions. Role-Based Access Control: Ensures that only authorised staff can manage medication-related data. What are the user journeys when using the product? Our User Journey explains the user flow of Clinicians and Nurses in which CareApps shall be used. (UR01_CareApps_Admin, V1, UR02_CareApps_Nurse user, V1) Our Data flow explains the flow of data between the clinician, CareApps Module inputs and outputs (Medication Management). (DF01_Data Flow_CareApps_V1)

Clinical Safety

Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129? CareApps has undertaken clinical risk management activities which comply with DCB0129 and DCB0160 standards. Please detail your clinical risk management system CareApps has implemented and followed a Clinical Risk Management System process that sets out the activities for Clinical Safety in line with DCB0129 standards which is incorporated in Clinical Risk Management System (CRMS001). CareApps has followed a Clinical Risk Management Plan which encompasses the plan related to identify, evaluate, mitigate and control risks on CareApps which is outlined in the plan (CRMP001) Please supply your Clinical Safety Case Report and Hazard Log CareApps has created a Clinical Safety Hazard log which lists out the hazards related to CareApps which is briefly explained in Log (CSHL001) Clinical Safety Officer (CSO) details: Name: Sajjad Nandjy Profession: Director of Clinical Governance and Quality Assurance at Langdale Care Homes. He is appointed as the Clinical Safety Officer for CareApps Registration: 2202487 Certification: GPH (General Pharmaceutical Council) If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)? Not applicable, outside of the scope of the UK Medical Devices Regulations 2002. Do you use or connect to any third-party products? Yes, we use NHS TRUD, AWS, Microsoft 365

Data Protection

ICO Registration Details: Organisation: CareApps Ltd ICO Registration Number: ZB783158 Date Registered: 9th October 2024 Do you have a nominated Data Protection Officer (DPO)? Nominated Data Protection Officer: Mark Faustino Mobile: +44 20 7031 8542 Email: mfaustino@careapps.co.uk Does your product have access to any personally identifiable data or NHS held patient data? Yes Please confirm you are compliant with the annual Data Security and Protection Toolkit Assessment. - Confirmed Organisation: CareApps Ltd Organisation code: G3D1R Status: Standards Exceeded Date of publication: 22nd May 2025 (valid until 30th June 2026) Toolkit Version: 2024-25 (version 7) Please attach the Data Protection Impact Assessment (DPIA) The Data Protection Impact Assessment shall be carried out for CareApps which explains the different integrations which put in place slightly different DPIAs based on the data flows occurring within the CareApps. (DPIA001) Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer. - Confirmed The data protection impact assessment covers the risk assessment and mitigations and access control policy, Information security policies have been reviewed, approved and signed off by DPO. Please confirm where you store and process data: UK Only All data processing activities are carried out in AWS which is in UK Region.

Technical Security

Please attach your Cyber Essentials Certificate Cyber Essentials Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Certification ID: 63a7b6f9-dd06-469B-B019-e45a6fda8de1 Valid from: 21st February 2025 Expiry Date: 21st February 2026 Issued by: IASME Coverage: Whole Organisation Cyber Essentials Plus Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Plus Certification ID: cb5f0f3f-39f7-42f0-9202-53cf5ea55e7c Valid from: 20th May 2025 Expiry Date: 20th May 2026 Issued by: Fleko Coverage: Whole Organisation Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period. CareApps has undergone an external penetration test that included the OWASP top 10 vulnerabilities which is reported in Penetration testing Report (PR001). The penetration testing / summary report demonstrates there are no vulnerabilities that score 7.0 or above using the Common Vulnerability Scoring System (CVSS). Please confirm whether all custom code had a security review. CareApps follow an internal code review process for verification. Please confirm whether logging and reporting requirements have been clearly defined. CareApps logs all users and reports shall be identified as a requirement and defined, stored in the cloud. Please confirm whether the product has been load tested CareApps conducted load testing for the evaluation and stability performance of the application

Interoperability

Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers? No - There is no API integration or channels exists for other consumers to integrate with CareApps. Do you use NHS number to identify patient record data No Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability? Yes Is your product a wearable or device, or does it integrate with them? No

Usability and accessibility

Do you engage users in the development of the product? Yes - We collect user feedback time to time and Analyse them and accommodate necessary changes and update in the app. Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey? Yes - We do proper requirement analysis and engage professional User experience designer to create a simple user flow to make the application easy for the users. Do you undertake user acceptance testing to validate usability of the system? We have deployed the application for UAT. A Number of users are using it and sharing feedback. We are also providing necessary training to the users. Users are validating the system and reporting issues where adjustment and bug fixing is required. Usability and Acceptance Evaluation – Process and Procedure.docx Usability Evaluation of CareApps – Empathika .docx Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant? - Partially Accessibility Statement for CareApps LTD Applications (UK) CareApps LTD is committed to making its applications accessible, in accordance with the Web Content Accessibility Guidelines (WCAG) 2.1 level AA, as far as is reasonably practicable. Compliance Status The CareApps web and mobile applications are partially compliant with WCAG 2.1 level AA. This means that while many parts of the applications meet accessibility standards, some areas do not fully comply. Non-accessible Content Some parts of our applications are not fully accessible due to the following: Screen reader limitations: Not all interface elements are fully compatible with screen reading software. Keyboard navigation: Some features may not be accessible without a touchscreen or mouse. Focus indicators: Certain interactive elements may lack visible focus indicators, making navigation harder for keyboard users. Dynamic content updates: Updates on some screens may not be announced to assistive technologies in real-time. These limitations primarily result from the operational context of our applications: they are designed for use by care home staff (e.g., carers, senior carers, and managers) during their shifts on tablets or mobile devices. The user interface prioritises ease of use, speed, and clarity, which can limit the feasibility of full accessibility support. Implementing all aspects of WCAG 2.1 level AA would currently present a disproportionate burden, given our size as an SME, the specific user base, and the nature of our software. However, we continue to review and improve accessibility where it adds meaningful benefit to users.

Company Information

Provide the name of your company: CAREAPPS LIMITED Provide the name of your product: CareApps - Empathika Provide the type of product: Software-as-a-Service (SaaS) Provide the name and job title of the individual who will be the key contact at your organization: Luca Licata, CTO Provide the key contact's email address: llicata@careapps.co.uk Provide the registered address of your company First Floor, One Colton Square, Leicester, Leicestershire, United Kingdom, LE1 1QH In which country is your organisation registered? : England Companies house registration number: 15786817 CQC assessment: Not applicable

Value Proposition

Who is this product intended to be used for? : Care home staff, including care workers, nurses, managers, and integrated pharmacy partners What is the product designed to do and how is it used? CareApps is an emerging IT and software developer company. The company has developed Empathika, a comprehensive digital care management platform designed to streamline and enhance the delivery of care services across all UK community care settings. Empathika offers end-to-end digital tools for care planning, medication management, staff coordination, and compliance monitoring. The platform is engineered to meet the evolving needs of the UK care sector, with a strong emphasis on safety, interoperability, and regulatory compliance. Platform Objectives (Empathika): Digitise care workflows to reduce administrative burden. Enhance safety and accountability in care delivery. Ensure regulatory compliance with CQC, NHS Digital, and DTAC frameworks. Enable interoperability with eMARs and NHS systems. Current Focus: Medication Management Module The Medication Management Module is a clinically sensitive component of the platform aimed at digitising and safeguarding the entire medication lifecycle within care settings. Key Features: Digital Medication Administration System: Secure, auditable system to manage and administer medications in real-time. Automated Reminders: Alerts for caregivers and management to ensure timely administration and refill of medications. Integration with eMARs: Ensures data consistency by syncing medication records across systems. Integrated Pharmacy App: Enables pharmacies to seamlessly interact with the medication module for efficient, accurate, and safe ordering of medications. The system provides real-time updates on order status, helping ensure timely delivery, reduce errors, and support a secure and reliable medication supply chain. Clinical Audit Trail: Captures all medication-related actions to support clinical governance and incident investigation. Dashboard and Reporting System: Delivers a comprehensive overview of medication activities through real-time dashboards and detailed reports. It tracks medication administration cycles, including whether doses were given or missed, and generates reports on missed medications, PRN and controlled drug usage, psychotropic medications, unscheduled administrations, pain and time-specific medications, as well as topical medication applications. This system supports safer medication management, regulatory compliance, and data-driven clinical decisions. Role-Based Access Control: Ensures that only authorised staff can manage medication-related data. What are the user journeys when using the product? Our User Journey explains the user flow of Clinicians and Nurses in which CareApps shall be used. (UR01_CareApps_Admin, V1, UR02_CareApps_Nurse user, V1) Our Data flow explains the flow of data between the clinician, CareApps Module inputs and outputs (Medication Management). (DF01_Data Flow_CareApps_V1)

Clinical Safety

Have you undertaken Clinical Risk Management activities for this product which comply with DCB0129? CareApps has undertaken clinical risk management activities which comply with DCB0129 and DCB0160 standards. Please detail your clinical risk management system CareApps has implemented and followed a Clinical Risk Management System process that sets out the activities for Clinical Safety in line with DCB0129 standards which is incorporated in Clinical Risk Management System (CRMS001). CareApps has followed a Clinical Risk Management Plan which encompasses the plan related to identify, evaluate, mitigate and control risks on CareApps which is outlined in the plan (CRMP001) Please supply your Clinical Safety Case Report and Hazard Log CareApps has created a Clinical Safety Hazard log which lists out the hazards related to CareApps which is briefly explained in Log (CSHL001) Clinical Safety Officer (CSO) details: Name: Sajjad Nandjy Profession: Director of Clinical Governance and Quality Assurance at Langdale Care Homes. He is appointed as the Clinical Safety Officer for CareApps Registration: 2202487 Certification: GPH (General Pharmaceutical Council) If your product falls within the UK Medical Devices Regulations 2002, is it registered with the Medicines and Healthcare products Regulatory Agency (MHRA)? Not applicable, outside of the scope of the UK Medical Devices Regulations 2002. Do you use or connect to any third-party products? Yes, we use NHS TRUD, AWS, Microsoft 365

Data Protection

ICO Registration Details: Organisation: CareApps Ltd ICO Registration Number: ZB783158 Date Registered: 9th October 2024 Do you have a nominated Data Protection Officer (DPO)? Nominated Data Protection Officer: Mark Faustino Mobile: +44 20 7031 8542 Email: mfaustino@careapps.co.uk Does your product have access to any personally identifiable data or NHS held patient data? Yes Please confirm you are compliant with the annual Data Security and Protection Toolkit Assessment. - Confirmed Organisation: CareApps Ltd Organisation code: G3D1R Status: Standards Exceeded Date of publication: 22nd May 2025 (valid until 30th June 2026) Toolkit Version: 2024-25 (version 7) Please attach the Data Protection Impact Assessment (DPIA) The Data Protection Impact Assessment shall be carried out for CareApps which explains the different integrations which put in place slightly different DPIAs based on the data flows occurring within the CareApps. (DPIA001) Please confirm your risk assessments and mitigations / access controls / system level security policies have been signed-off by your Data Protection Officer. - Confirmed The data protection impact assessment covers the risk assessment and mitigations and access control policy, Information security policies have been reviewed, approved and signed off by DPO. Please confirm where you store and process data: UK Only All data processing activities are carried out in AWS which is in UK Region.

Technical Security

Please attach your Cyber Essentials Certificate Cyber Essentials Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Certification ID: 63a7b6f9-dd06-469B-B019-e45a6fda8de1 Valid from: 21st February 2025 Expiry Date: 21st February 2026 Issued by: IASME Coverage: Whole Organisation Cyber Essentials Plus Certification Organisation: CareApps Ltd Certificate Name: Cyber Essentials Plus Certification ID: cb5f0f3f-39f7-42f0-9202-53cf5ea55e7c Valid from: 20th May 2025 Expiry Date: 20th May 2026 Issued by: Fleko Coverage: Whole Organisation Please provide the summary report of an external penetration test of the product that included Open Web Application Security Project (OWASP) Top 10 vulnerabilities from within the previous 12-month period. CareApps has undergone an external penetration test that included the OWASP top 10 vulnerabilities which is reported in Penetration testing Report (PR001). The penetration testing / summary report demonstrates there are no vulnerabilities that score 7.0 or above using the Common Vulnerability Scoring System (CVSS). Please confirm whether all custom code had a security review. CareApps follow an internal code review process for verification. Please confirm whether logging and reporting requirements have been clearly defined. CareApps logs all users and reports shall be identified as a requirement and defined, stored in the cloud. Please confirm whether the product has been load tested CareApps conducted load testing for the evaluation and stability performance of the application

Interoperability

Does your product expose any Application Programme Interfaces (API) or integration channels for other consumers? No - There is no API integration or channels exists for other consumers to integrate with CareApps. Do you use NHS number to identify patient record data No Does your product have the capability for read/write operations with electronic health records (EHRs) using industry standards for secure interoperability? Yes Is your product a wearable or device, or does it integrate with them? No

Usability and accessibility

Do you engage users in the development of the product? Yes - We collect user feedback time to time and Analyse them and accommodate necessary changes and update in the app. Are all key user journeys mapped to ensure that the whole user problem is solved, or it is clear to users how it fits into their pathway or journey? Yes - We do proper requirement analysis and engage professional User experience designer to create a simple user flow to make the application easy for the users. Do you undertake user acceptance testing to validate usability of the system? We have deployed the application for UAT. A Number of users are using it and sharing feedback. We are also providing necessary training to the users. Users are validating the system and reporting issues where adjustment and bug fixing is required. Usability and Acceptance Evaluation – Process and Procedure.docx Usability Evaluation of CareApps – Empathika .docx Are you international Web Content Accessibility Guidelines (WCAG) 2.1 level AA compliant? - Partially Accessibility Statement for CareApps LTD Applications (UK) CareApps LTD is committed to making its applications accessible, in accordance with the Web Content Accessibility Guidelines (WCAG) 2.1 level AA, as far as is reasonably practicable. Compliance Status The CareApps web and mobile applications are partially compliant with WCAG 2.1 level AA. This means that while many parts of the applications meet accessibility standards, some areas do not fully comply. Non-accessible Content Some parts of our applications are not fully accessible due to the following: Screen reader limitations: Not all interface elements are fully compatible with screen reading software. Keyboard navigation: Some features may not be accessible without a touchscreen or mouse. Focus indicators: Certain interactive elements may lack visible focus indicators, making navigation harder for keyboard users. Dynamic content updates: Updates on some screens may not be announced to assistive technologies in real-time. These limitations primarily result from the operational context of our applications: they are designed for use by care home staff (e.g., carers, senior carers, and managers) during their shifts on tablets or mobile devices. The user interface prioritises ease of use, speed, and clarity, which can limit the feasibility of full accessibility support. Implementing all aspects of WCAG 2.1 level AA would currently present a disproportionate burden, given our size as an SME, the specific user base, and the nature of our software. However, we continue to review and improve accessibility where it adds meaningful benefit to users.

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

Unit 7, Friars Mill, Bath Lane

Leicester, LE3 5BJ,

United Kingdom.

CONTACT

© 2025 Empathika. All rights reserved.

Ready to experience the Empathika difference? Request a free demo today!

Know more

Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

Unit 7, Friars Mill, Bath Lane

Leicester, LE3 5BJ,

United Kingdom.

CONTACT

© 2025 Empathika. All rights reserved.

Ready to experience the Empathika difference? Request a free demo today!

Know more

Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform

Empowering social care providers to deliver exceptional service. Simplify tasks, improve outcomes, and elevate resident care - all in one place.

Unit 7, Friars Mill, Bath Lane

Leicester, LE3 5BJ,

United Kingdom.

CONTACT

© 2025 Empathika. All rights reserved.

Ready to experience the Empathika difference? Request a free demo today!

Know more

Digitise & dramatically improve your care home’s day-to-day operations. Imagine a central hub that frees caregivers from paperwork, manages medication, care plans, compliance, recruitment, HR and many more - all within a single, user-friendly platform.

Explore the platform