ORCHA Health Ltd

ORCHA Digital Health Accreditation, Dissemination and Professional Activation Platforms and Services

ORCHA’s Platforms and Services provide a full solution to the challenges of embedding Digital-Health solutions into day-to-day Healthcare delivery systems. Powered by the worlds most advanced Digital-Health Review/Accreditation solution, the suite includes tailored Digital-Health Libraries with advance search/filter options and solutions that support Professionals to embrace this exciting new frontier


  • Existing library of over 3,500 Apps (May 2018)
  • Thousands of new apps added each year across 300+ categories
  • New versions of reviewed Apps are automatically re-reviewed
  • Unique review approach based on key standards & best practice
  • Tailorable libraries enabling a focus on your key needs/populations
  • Open APIs allow direct integration into existing platforms & assets
  • Unique App Matching capabilities driving 'right App first time' results
  • Simple and intuitive professional recommendation/prescribing solution
  • App licence management and distribution capabilities
  • Full implementation support and campaign management provided


  • Drives the uptake of digital health Apps in your populations
  • Empowers professionals to embrace and drive digital activation
  • Maximises 'right App, first time' results and longterm stickiness
  • Allows the tracking of patient, population and professional mHealth activation
  • Provides an accreditation and regulatory compliance framework
  • Delivers a constant market monitoring and horizon scanning solution
  • Helps to raise digital literacy for patients and clinicians
  • Assists in patient outreach and population health management
  • Part of a wider digital campaign - to change mindsets
  • Patients and the public gain a trusted digital adviser


£10000.00 per licence per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

1 2 3 9 2 5 9 1 4 5 9 1 1 8 2


ORCHA Health Ltd

Tim Andrews



Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
ORCHA's App Library is available 24/7/365, while allowing for necessary planned maintenance. The system is updated on a regular basis, and is fully tested before being released to the production server.
Browser access must be based on the approved list.
Mobile device access must be based on supported mobile operating systems (iOS or Android).
Mobile device management is not included.
System requirements
  • ORCHA is a browser-based solution.
  • We support all major browsers, current version minus two.
  • The ORCHA API solution uses a JSON format.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Client queries within 24 hours.

Technical issues - Please see Terms and Conditions
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Support levels
ORCHA provides Tier 2 support to client IT teams, and the cost for this is included in the main contract price.
An account manager is allocated to the client once the initial contract has been agreed.
Support available to third parties

Onboarding and offboarding

Getting started
Initial scoping and set up of an ORCHA microsite involves branding it with the client logo, with the opportunity to then tailor site visuals and language to support user engagement. ORCHA offers templates and documentation (e.g. communications strategies and collateral) to guide this process and ensure that the website is engaging for the particular target demographic.

For general users of the website, there are on-screen cues, there is an FAQs section, and there is a video which explains how to navigate the site to search, filter, and find the best apps for their needs. In addition to this, there is a function to ‘Contact Us’ for help. Outside of the site, ORCHA provides each client with bespoke physical and digital collateral/assets designed to engage the target demographic.

For ‘ORCHA Pro Account’ users using the site to support their care delivery, this existing support is extended to facilitate engagement with ORCHA’s additional ‘Pro’ functionality, not least the facility to ‘recommend’ specific apps to specific individuals. To support this, ORCHA offers a mixture of stakeholder presentations, face-to-face onsite training, online training webinars, and ‘train the trainer’ sessions to build internal capacity; as well as an additional ‘walk through’ style video.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
ORCHA can do this upon request.
End-of-contract process
After termination or expiration of the contracted services under the terms of the agreement or at your written request, ORCHA will delete or otherwise render inaccessible the production Services, including your content stored on our (cloud) servers, in a manner designed to ensure that it cannot reasonably be accessed or read, unless there is a legal obligation imposed on ORCHA preventing it from deleting all or part of the client's hosted environment.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There are small differences in resolution for the mobile version (lower) and the navigational structure is necessarily different. All functional features are the same.
Service interface
What users can and can't do using the API
The API allows clients to pull unformatted and formatted App data that delivers most of the functionality of a standard ORCHA App Library.

The API can be used on an unformatted and on a formatted basis to integrate the ORCHA App Library and App Finder functionality directly into existing websites, Apps or platforms.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The ORCHA App Library and App Finder can be configured and customised in a variety of ways. This includes:

- Choice of site look and feel, branding and URL/s
- Choice of featured or targeted App categories or areas of focus
- Choice of what types of Apps are displayed by reference to their score, who they were designed for and their compliance with specific key standards
- Choice of activation approaches for patients, populations and professionals

These customisable features are delivered as part of the standard site set-up process and can be delivered within a matter of days.

Users cannot directly customise other elements of the software, but can request that ORCHA do so (at additional cost).


Independence of resources
Servers are load balanced and have significant unused capacity. ORCHA normally operates around 2% of the CPU utilisation, hence allowing for throughput to safely increase by a factor of 35 without any service interruption. This allows ORCHA to safely cope with all current spikes in usage, and seamlessly on-board new clients.


Service usage metrics
Metrics types
ORCHA provide a full array of site usage reports and data dashboards derived from an array of internal and external analytic tools
This is provided to the client organisation as part of the contracted agreement.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
End users cannot export their data.
ORCHA can provide usage and search data to client organisations upon request.
Data export formats
Data import formats
Other data import formats
There is no import facility

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
ORCHA uses AWS (based in the UK), and their stated uptime is 99.99%.
This does not include scheduled/ planned maintenance carried out by ORCHA.
Approach to resilience
Hourly backups are taken of the main database. The code is backed up on every new build, and is source controlled. Snapshots are taken of the servers monthly, to capture latest configuration changes. All single points of failure are identified and remediation is in place.
Outage reporting
Email alerts are sent to clients as soon as any outage is notified by AWS.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Privileged access to ORCHA's production environment is highly restricted and only designated senior technical staff have direct access to it. Access to the AWS management console requires a 2 factor authentication.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
ORCHA takes a holistic approach to information security,with a multilayered defense security strategy applied across all of its systems. We look to protect data at all stages of its journey from capture (via the website) through transmission and storage, to eventual destruction (as applicable). We are ICO registered, and use AWS as our hosting provider, which is accredited to a series of international standards.
Information security policies and processes
ORCHA conforms to all current GDPR and data protection legislation. We have a Data Privacy Policy which is available via the website. All staff contracts contain data confidentiality clauses, and they are trained in this regard during their induction process. Access to data is controlled via a role-based access system, and logs are maintained to ensure compliance with internal policies.
Any issues with non-compliance would be raised via the CIO to the COO and then to the Board, and dealt with in line with the existing policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All changes to our database, application, architecture and environment are authorised, reviewed and fully logged. We use a combination of JIRA and an internal wiki (Confluence) to document bug fixes, change requests and releases, upgrades, maintenance and other elements that might impact our production environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Server security patching is conducted monthly or as required when a patch is released by a manufacturer. Information about threats is gathered from various sources including: developer bulletins, security mailing lists and other internet sources.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our AWS infrastructure continuously monitors for errors and proactively corrects them before they become an issue. This ensures that the support team can work to investigate problems before they are reported by the end user. In addition, there is a supporting second data centre in the unlikely case of a service failure.
Incident management type
Supplier-defined controls
Incident management approach
ORCHA's incident management approach utilises a helpdesk approach. Users can can contact it with their incidents of issues, usually via email, and it is routed to the most appropriate person within the organisation to respond to (within 2 working days). Depending on the nature of the incident, ORCHA would follow its relevant policy; e.g. a data breach would be dealt with in accordance with the data privacy policy; A technical failure on the site would trigger the DR plan.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£10000.00 per licence per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑