Inference Clinical
Secure Foundation First
Before governance software can be trusted, the environment it runs in must be safe, secure, and compliant. Inference Clinical uses AWS to establish the landing zone, evidence trail, and control boundaries that make lawful responsibility transfer possible. The landing zone is not supporting context. It is the first governed act of the platform itself.
Start with a single NHS-compliant landing zone. Prove governance at the infrastructure layer. Then deploy the first boundary.
Why the landing zone is Phase 1
The platform primitive is not the record. It is the lawful transfer of responsibility between organisations. Every responsibility transfer requires a sender, a receiver, a clinical context, a legal basis, and an evidence trail. The Responsibility Ledger records all of this. But the Ledger is only as trustworthy as the environment it runs in.
A Responsibility Ledger deployed on infrastructure without immutable logging, without customer-managed encryption, without account separation, without UK data residency, and without DSPT-ready evidence has no evidentiary standing. It is a database, not a governed record. The landing zone is what makes the difference.
That is why Phase 1 of every Inference Clinical deployment is an NHS-compliant AWS landing zone. Not a migration. Not a workload assessment. Not an integration project. A secure, Well-Architected foundation with governance invariants built in from the first day.
The landing zone is where coherence begins. Not as a concept. As infrastructure.
What the landing zone protects
Responsibility Ledger
The append-only chain of custody for every responsibility transfer. Without immutable storage and tamper-evident logging, its evidentiary value collapses.
Consent and access artefacts
GP Connect consent records, access audit trails, and patient-facing transparency logs. Without customer-managed encryption and UK residency, these lack jurisdictional standing.
Evidence Fabric
The corroborated evidence layer beneath every governed act. Without cryptographic integrity and retention controls, evidence cannot be demonstrated to regulators.
BALP audit events
Basic Audit Log Patterns recording every system interaction. Without CloudTrail, Object Lock, and immutable retention, the audit trail has gaps.
GP Connect and NRL trust position
The trust framework governing NHS record access. Without account separation and identity federation, the trust position cannot be maintained.
Clinical safety evidence
DCB 0129/0160 compliance artefacts and DUAA complaint response capability. Without the landing zone, safety evidence is scattered across ungoverned storage.
Why AWS?
Why AWS for lawful operation
Control Tower, account separation, and Service Control Policies make governance non-bypassable at infrastructure level. The Constitutional Spine's principle of no silent evaluation and no implicit authority is enforced by the same AWS primitives that enforce account boundaries.
Why AWS for evidentiary integrity
CloudTrail, S3 Object Lock, KMS customer-managed keys, AWS Config, and Security Hub create the proof layer your Responsibility Ledger depends on. Every governed act is logged, encrypted, immutable, and demonstrable.
Why AWS for NHS readiness
UK data residency (eu-west-2), DSPT evidence generation, DCB 0129/0160 clinical safety support, and alignment with the NHS Cloud Security Guide. The landing zone meets NHS requirements before SafeMesh is deployed.
Why AWS for migration under safety constraints
The 6 R's are real, but in healthcare safety overrides speed. The landing zone lets organisations migrate existing workloads without breaking the audit chain or losing governance continuity.
Three levels of authority
Not all requirements carry the same weight. When we specify landing zone controls, we distinguish three levels of authority. This matters because it tells you which controls are legally mandated, which are strongly expected, and which Inference Clinical adds to strengthen evidentiary integrity beyond what regulators currently require.
Delivery Sequence
Assess
Boundary Risk Audit across five disciplines. Full regulatory mapping against DUAA, DSPT/CAF, DCB 0129/0160, DTAC, and FCA Consumer Duty. Identifies the gaps the landing zone must close. Aligns with AWS MAP Assess funding.
Learn more →Specify the landing zone
Control requirements mapped to three authority levels. Account structure, encryption, logging, residency, and identity federation specified. Co-designed with both sides of the boundary.
Learn more →Build the landing zone
Secure, Well-Architected foundation deployed. Governance invariants structural from day one. Every control traceable to its authority level. Existing workloads assessed and migration sequenced.
Learn more →Deploy the first governed boundary
12-week lighthouse: one real clinical pathway, one live Responsibility Ledger, one measurable Clearing Metric. Proof of governance before scale.
Learn more →Scale boundary by boundary
Governance rollout across the network. Each deployment faster than the last. Foundational controls serve multiple boundaries. The Clearing Metric provides the operational dashboard at network scale.
Learn more →MAP funding can offset the correct sequence
The AWS Migration Acceleration Program provides funding that aligns with this delivery sequence. The Assess phase maps to MAP Assess funding, offsetting discovery costs. Landing zone deployment and workload migration unlock further MAP credits. Funding supports the correct sequence. It does not determine it. The reason to build the landing zone is safety, lawful operation, and evidentiary integrity. MAP makes it easier to fund.
Vendor responsibility
Inference Clinical will not deploy SafeMesh into environments that cannot demonstrate the required controls. This is not a commercial preference. It is a vendor responsibility position. A governance platform deployed on infrastructure without immutable logging, without encryption under customer control, without account separation, and without UK data residency creates the illusion of governance while leaving the underlying risk untouched.
We will not advise clients to skip the landing zone. We will not deploy into environments where the Responsibility Ledger's evidentiary value is compromised by the infrastructure beneath it. We will not treat the landing zone as an optional phase that can be revisited later.
This is not inflexibility. It is the same principle the Constitutional Spine enforces at the software layer, applied at the infrastructure layer: governance must be non-bypassable, or it is not governance.
Related Content
Start with a boundary audit. We will tell you whether your infrastructure is ready for governed operation, and what it takes to get there.