Datatrial Ltd


Nucleus provides a cost effective hub for clinical information (documents, communication, and technologies) to enhance collaboration and decision making. Built for the compliant clinical research environment, it can be deployed simply to enable more efficient access to information and other third party technology


  • Compliant document repository
  • Collaboration and workflows
  • Permission management and audit trail enabled
  • Multi program management
  • Instant messaging
  • Single sign on and application management
  • Two factor authentication


  • All documents and data in a compliant environment
  • Information/people can be grouped to improve ease of access
  • Enhanced security can be enabled to protect sensitive data
  • Access the latest version of documents (inbuilt document version control)
  • Improved communication via instant messaging and document sharing
  • Access multiple applications with or without single sign on
  • Initiate/manage workflows for document reviews or tasks


£50 per person per month

Service documents


G-Cloud 11

Service ID

1 0 7 0 4 9 5 9 7 7 3 5 3 5 8


Datatrial Ltd

Julie Wright

0191 2128200

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Nucleus requires a Windows or Macintosh computer with a minimum of 2GB of memory and Microsoft Internet Explorer 11, Safari v11, Chrome v64 or Firefox v58 or later browser.

Maintenance and upgrades will be notified to users prior to happening and application of any changes/maintenance will be done at a time with least impact on users.
System requirements
  • Microsoft Internet Explorer 11 or later
  • Safari v11 or later
  • Chrome v64 or later
  • Firefox v58 or later

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times depend on ticket types. Standard Support Services Policy defines this.
Hours of support by a support agent are Monday to Friday 9-5pm excluding public holidays; access to online support (raising tickets, accessing the knowledge base) is available 24 hours a day, 7 days a week
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Support based on our standard SLA is included in the license fee.
First tier support including management of user access will increase the license fees per user by £5 per month however permission management can be done by the customer
Second / third level support is provided by us and support enhanced by technical staff
An account manager will be provided but they will not be technical
Following training and implementation, all support provided via the helpdesk
Support available to third parties

Onboarding and offboarding

Getting started
We provide initial configuration training which can be done onsite or online. The system also comes with a user guide by way of the knowledge base. Configuration and permission management are the key areas of focus for the administrators of the system. For all other users, the system is straightforward to use as users only see what they are able to access
Service documentation
End-of-contract data extraction
Batch download
End-of-contract process
The license fee includes access to the system, support, hosting, and backup/disaster recovery. Training is a fixed fee; if template documents for qualification are required these are an optional extra. All data and documents can be removed from the system by any user but if a batch export is required then this will be an additional cost

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The only differences are in the way the screens are viewed once they respond to the screen size
Service interface
What users can and can't do using the API
Public API available for authentication, document management and data set management.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
The organisation structure, how information is grouped, collaborations, the document folder structure, permissions and user groups

Mainly the configuration is controlled by one or more administrators (there are a number of administrator levels), however certain users can add folders to the folder structure in the documents module


Independence of resources
The service is hosted in Microsoft Azure and performance monitoring is part of our overall hosting services. Where there are peaks of use, additional hosting resources can be activated to ensure performance as a whole is not impacted


Service usage metrics
Metrics types
Active user numbers
Amount of data stored

As the product is further enhanced these metrics and other information will be available via dashboard
Reporting types
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
All information within Nucleus can be downloaded to the users local machine as long as they have permission to do that.
Data export formats
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Microsoft Azure guarantee 99.95% uptime in their SLA. We do not offer any refunds for loss of service unless it comes under our liabilities in the contract
Approach to resilience
Available on request
Outage reporting
Email alerts
Website that shows real time availability

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Covered by the Logical Security SOP
Permissions managed at Group level via Active directory
Within Nucleus, permissions can be set by pre-defined administrators and this controls user access to all information
Access restriction testing frequency
Less than once a year
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
DPO - GDPR expectations - data breach policy and procedure. Procedures defining logical and physical security
Information security policies and processes
Logical security procedures; Data Breach Policy and procedure, Data Protection / Privacy Policies

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Internal procedures on Change Control and Configuration management are in place and available for review via audit
Security impact is handled via software development procedures (code review and risk assessment)
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We resolve critical bugs in the software immediately
Microsoft Azure is responsible for data centre vulnerability management
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Procedures in place for logical security
Network protected via third party under SLA
Incident management type
Supplier-defined controls
Incident management approach
Users can report issues with the software/hosting via the helpdesk
Any critical issues are addressed immediately
Other issues fixed under terms of SLA

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£50 per person per month
Discount for educational organisations
Free trial available
Description of free trial
A sandbox can be created with all features enabled apart from the ability to add additional users to the system

We can offer a free 90 day trial upon request
Link to free trial

Service documents

Return to top ↑