SkinVision BV


SkinVision empowers individuals to self check their skin for early signs of skin cancer by transforming their smartphone into a medical device.

Our CE certified machine learning algorithm recognizes early signs of melanoma, basal cell carcinoma and squamous cell carcinoma and is supported by a team of medical professionals.


  • Individuals can self check skin with smartphone cloud app
  • Digital first primary care, fast access to convenient health
  • Scientifically proven accurate Machine learning algorithm (95% sensitivity)
  • Available on iOS and Android, runs from cloud
  • CE certified as a medical device
  • Immediate answer whether spot shows early signs of skin cancer
  • Real time insight in activity & results data of userbase
  • Population health management program with professional program management
  • Reduce pressure on health system
  • Skin cancer awareness & education


  • Drive early detection of skin cancer ( ~150.000 patients annually)
  • Free up scarce time of GP and Dermatologist
  • Reduce health inequality, accessible to all with a smartphone (>85%)
  • Improve performance on cancer targets, including 28 days to diagnosis
  • Improve efficiency skin cancer care pathway


£10 to £20 per user per year

Service documents


G-Cloud 11

Service ID

2 2 3 0 2 3 2 6 7 0 5 1 6 3 2


SkinVision BV

Loes van Egmond


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints SkinVision is available for both iOS and Android. The app is functional for most Android devices and iPhone 6 and higher.

We strive to deliver a high quality service for all users. Because mobile devices hardware varies, we are, unfortunately, not able to provide our service on every device. This means that we do not support devices which are unable to meet the requirements needed to provide an accurate risk indication, these are usually old or simple models. A list can be found here:
System requirements
  • Device type is mobile phone. Tablets are not supported.
  • Device is not rooted or jailbroken
  • Device runs an official Android version or Android runtime
  • Minimum OS version: Android >=4.4 iOS>=10.0
  • Minimum device RAM 1GB
  • Android devices need to be certified by Google
  • Back-facing camera present
  • Torch (flashlight) present
  • Video preview feed resolution of 1080p is supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times On weekdays we strive to response within 24 hours
User can manage status and priority of support tickets No
Phone support No
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our webchat is available via a pop up on our web page and creates a direct chat conversation with one of our customer support members.
Web chat accessibility testing No dedicated testing is done for assistive technology users.
Onsite support No
Support levels SkinVisions program management team will drive the program management, including kick off, IT development (when necessary), operations and awareness campaigns. The team is dedicated to designing and launching successful programs, this support is included in the pricing.

SkinVisions customer care is available on weekdays to support end users with any questions they may have. Customer Care may be reach via email, in app messaging or the chatbox on our website at no extra cost.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started SkinVision's program management team will work together with the client to explain the service and kick off the SkinVision program, where our team will take on the bulk of the work.

For the end user we have media available to understand the service, including:
-youtube video's:
- Customer support
- Instructions for use:
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction As part of GDPR compliancy, the client never has insight in personal and medical data of the end users of SkinVision.

The end users of SkinVision always have access to their SkinVision data within the SkinVision app, even if the subscription ends and can extract the data from there.
End-of-contract process SkinVision can set up large scale population management programs where a cohort has unlimited access to our services.

When the contract ends, the client may extend the service and end users can continue to use the service as is. If for whatever reason, the contract is terminated, end users will continue to access their historical data within the SkinVision app but are unable to do new skin checks. These individuals may purchase their own SkinVision products to continue enjoying the services.

SkinVision will provide a final dashboard with data on activity & results to the client and update any communication on SkinVision's media. As the service is used by individuals, no technical disengagement is needed.

There are no extra costs for any of these activities.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service SkinVision Skin Checks are only available via our app on the smartphone (iOS & Android) as we need the smartphone camera to capture the skin spot.
Service interface No
Customisation available Yes
Description of customisation SkinVision's experience can be tailored to best meet the partners need, including:
- tailored messaging to activate users
- Dedicated landing web page to explain the service


Independence of resources We host our services on AWS cloud. Auto scaling is in place in case of high demand from customers.


Service usage metrics Yes
Metrics types SkinVision has real time insight in the activity and results of our programs, including:
- # active users
- # skin checks done
- % of high risk skin checks
- # suspected skin cancers identified through our platform
- £ saved thanks to SkinVision

All this data is aggregated and anonymised.
Reporting types Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach All data is stored on AWS using AES-256 encryption.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach End users of our service can always access the results of their skin checks on SkinVision's smartphone application. They can continue to do so even when the contract between the client & SkinVision is terminated.
Data export formats Other
Data import formats Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability We can include a reasonable SLA (e.g. app availability, customer support response) as part of our agreement.
Approach to resilience Important measure to make the system resilientare: making use of AWS infrastructure, making frequent backups and having infrastructure as code.
Outage reporting Internal email alerts are send out in case of anomalies and immediate action is taken.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Protected by strong passwords and 2factor authentication and can only be accessed from within the SkinVision network
Access restriction testing frequency At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO27001 certification in progress. Stage 1 audit passed. Final planned10-July-2019
  • NEN7510 certification in progress. Stage 1 audit passed. Final planned10-July-2019

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Management works in accordance with ISO27001, certification follows August 2019
Information security policies and processes Information Security Management System is setup according to ISO 27001

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Change management is handled in the QMS according to 7.1 and 7.3.9 from ISO 13485:2016. System requirements are kept up-to-date and are traceable during the lifetime of the service. Security officer has to sign off all changes to the service.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Technical risk assessment is done in the form of threat modeling to identify vulnerabilities and other information security risks of the SkinVision infrastructure.

Patches can be deployed within one day when really required.

Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained (e.g. AWS Security Bulletins)
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Using Amazon GuardDuty to detect threats automatically. User can report incident via which is published on the website.

When potential compromise is reported initial triage will be done which includes defining the risk level. In case of risk level major and critical immediate containment is performed by the Incident Response Team. The immediate containment includes ensuring evidence is preserved, containment actions are executed and stakeholder are informed.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incidents are handled according to Security Incident Response Procedure. Continuity plan is in place for severe incidents which could threaten the continuity of the organisation. Special procedure exist for reportable incident where relevant National Competent Authority needs to be notified.

Users can report incidents via which is published on the SkinVision website.

Incident reports are logged in the internal ticketing system.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 to £20 per user per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We'd like to invite you to experience SkinVision's technology yourself.

Follow the link from your mobile device, which will prompt you to your App store. After downloading our app and creating your account, you are immediately entitled to 30 days of unlimited access.
Link to free trial

Service documents

Return to top ↑