Compliant innovation, always.

Having worked with clients across the healthcare and pharma sectors since 2006, we understand the importance of regulatory compliance.

We work closely with regulatory teams at each step of the process, strengthening relationships and building mutual trust and understanding to ensure your digital products are approved.

Holding ourselves to the highest professional standards, we have worked hard to obtain and maintain ISO certification — ISO 9001:2015, ISO 14001:2015 and ISO 27001:2013.

ISO certification involves ongoing training to adapt to best practice standards and regular auditing of our processes, offering peace of mind to your security, risk, compliance and legal teams about the robust processes and standards we have in place. 

ISO 9001:2015: The international standard that defines the requirements for a Quality Management System (QMS).

ISO 14001:2015: Specifies the requirements for an environmental management system that an organisation can use to enhance its environmental performance.

ISO 27001:2013: The internationally recognised specification for an Information Security Management System (ISMS), and one of the most popular standards for information security.

Our teams have in-depth knowledge of regulatory requirements in the pharma and healthcare sector and how they may impact the design of your digital products and services.

Working with 90% international clients, we make every effort to keep up to date with regulatory standards that impact the work we do. We work with clients to find the right balance between ensuring that we don’t waste time designing solutions that can’t be approved, but also avoid just rolling out the same easy-to-approve work time and again at the cost of the experience to the end user.

When conducting user research with patients, HCPs or consumers, their safety, privacy and wellbeing are our number one priority. Some of the ways we ensure this are:

• All research study designs and practices strictly adhere to the British Psychological Society’s code of human research ethics, which aims to actively prevent any psychological or physical harm to participants.

• A fully informed, valid consent process is followed for all user research projects and participants are fully debriefed after research sessions are completed.

• Our clinical UX researchers have undertaken safeguarding training and enhanced DBS checks.

• All research is conducted and stored using GDPR and HIPPA compliant research tools.

• Research data monitoring is actively maintained and all raw research data regularly deleted according to GDPR and HIPPA guidelines.

In working with Graphite, you can feel safe in the knowledge that you’re partnering with a company that cares about doing things right — by our people, our clients, our community, and in terms of our contributions to and impact on wider society. 

B Corps are companies verified by B Lab to meet the highest standards of social and environmental performance, transparency, and legal accountability to balance profit and purpose.

Read more about our journey to becoming a B Corporation.

We take online security seriously and are committed to protecting and respecting your personal information and your privacy while engaging with us online.

Our full terms and conditions and privacy policy can be read here.