Information for Developers about the Apps Library (Beta)

Digital Assessment Questions – Beta

A group of subject matter experts, across a number of specialist organisations developed this beta version of the Digital Assessment Questions. They cover a series of clinical and technical standards, questions and best practice aimed to help you develop or enhance your digital product to the required and recommended standard.

These questions are currently being used for pilot purposes and in the interests of transparency we are publishing this beta version to allow developers and vendors to see the latest thinking of this evolving assessment.

You are welcome and free to access the Digital Assessment Questions to assess your product against, but your results will not be submitted for review or assessment at this time.

The beta version will be updated and published to live at a later date, although will continue to evolve over time.  Our ambition is that the specialist organisations will hold responsibility for maintaining and updating these questions, so NHS Digital retain the technical categories, The National Institute for Health and Care Excellence (NICE) reside over the indicators of effectiveness questions and in the same way regulatory questions will be maintained by the relevant bodies. Updates will be published here and we encourage you to continue to access this site to stay informed.

0. General

DAQ - Section Zero

Digital Tool Information

Company Registration

Key Personnel

Please supply key contact details for each area.

1. Indicators of Effectiveness

DAQ - Section One (Indicators of Effectiveness)

Clarity of Purpose & Intended Use

Evidence Basis of Digital Service

Data and Evidence Related to the Specific Digital Service

Ongoing Studies

2. Regulatory Approval

DAQ - Section Two




3. Clinical Safety

Section Two - Clinical Safety


4. Privacy & Confidentiality

Section Three - Privacy & Confidentiality

Privacy & Consent

5. Security

DAQ - Section Five (Security)

Mobile Standards

The following questions are applicable to any app/web service (unless otherwise indicated) regardless of the data it processes (all levels MASVS-L1, MASVS-L2 and MASVS-L2+R)

Architecture, Design and Threat Modelling

Data Storage and Privacy


Authentication and Session Management

Network Communication

Environmental Interaction

Code Quality and Build Setting

The following questions are applicable to levels MASVS-L2 and MASVS-L2+R (those web tools which handle personal and personal sensitive data

Architecture, Design and Threat Modelling

Data Storage and Privacy

Authentication and Session Management

Environmental Interaction

The following questions are only applicable to MASVS-L2+R (Only for those tools that store sensitive data on the device they are installed on)

Resiliency Against Reverse Engineering

6. Usability & Accessibility

DAQ - Section Six (Usability & Accessibility)

Usability & Accessibility

7. Interoperability

Section Seven - Interoperability


8. Technical Stability

DAQ - Section Eight (Technical Stability)

Quality Assurance

Service Management

Product Development

9. Change Management

DAQ - Section Nine (Change Management)

Version Control