SurgiQ is a real-time platform for tracking and planning health and social care services in the NHS. Providing visual management of processes (including surgical and non-surgical pathways and waiting list) with an unique prioritisation method. Bringing fully audited data, tracked changes and automatic planning of resources (including theatres, beds, staff).
- Demand management, forecasting and capacity planning
- Integrated, cross-provider pathway and waiting list management
- Real-time planning and scheduling day-by-day and crisis management
- Fully audited data with track-change (who, what, when, why)
- Unique prioritisation method which implements NHS Constitution urgency classes
- Users can configure/change most of the system without the vendor
- Quick on-boarding and deployment, in-app training
- Extensive use of standards and coding (ASA ICD)
- Highly skilled information governance professionals, ISO 27001 certification in progress
- Open to integration, uses industry standards (HL7) and APIs
- Protection against waiting time breaches, patient stratification and easier reporting
- Reduced LOS Length of stay, postponements and cancellations
- Streamline the workup and the access to elective care
- Improved team communication, roles and responsibility separation
- Improved bed planning and theatre productivity
- Improved access to data, forecasting and prediction of capacity needs
- Improved transparency and equity, better information to patients, reduces out-of-area
- Monitors pathways in integrated care settings and across organisations
- Support implementation of ERAS GIRFT SWORD
- Helps reduce unwanted variations and implement organisational changes
£1 to £10 per unit per year
020 7859 4632
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||Patient Administration System, Electronic Health Record|
|Cloud deployment model||Public cloud|
Typical deployment scheme is to embrace a public cloud first policy maintaining a clear separation between customers by means of adopting a Virtual Private Cloud architecture.
SurgiQ works with a range of selected partners.
Other deployments are allowed but must agreed during project scoping / assessment.
More information available on request.
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Mon to Fri (excluding bank holidays), between 9:00am and 5:30pm.
Time to first response: within 4 working hours.
Time to resolution (critical): within 6 working hours.
Time to resolution (non critical): within 32 working hours.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard support levels ("critical" and "non-critical") are described in the Terms and Conditions document.
Support provided via email, telephone and online facilities. "Support tickets" will be allocated to a team of technical support engineers, with escalation to the Support Manager.
Cost of Standard SLA Support is included in cost of software use.
|Support available to third parties||Yes|
Onboarding and offboarding
Online user guides and tutorials are provided. The product includes a Tour and a contextual help to facilitate first time use.
Up to 2 general audience Kick-off / launch meetings and up to 16 hours of class (max 10 students) training are included in the price.
Additional on-site training can be arranged at an extra cost.
|End-of-contract data extraction||Key data on processes is always downloadable via the web interface before the contract ends. Specific export can be arranged.|
Service is terminated and all user access are disabled accordingly with a shared shut-off plan.
At an additional cost, data can be kept for a grace period after service shut-down. Otherwise data is automatically destroyed on service termination.
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||Tablet is the only mobile device supported.|
|Accessibility standards||None or don’t know|
|Description of accessibility||
Increase/decrease font sizes using browser controls.
Colour is not used as a visual means of conveying information, except in charting for line colours, and in the patient scheduling simulator or in the waiting list order where however it is not the sole means.
Audio is not used as a means for prompting the user to take any action, or for conveying information except in optional support videos.
Clear labels and controls are provided when content requires user input.
Any items in error are identified and the error is clearly explained. Errors and alerts do not rely only on color.
|Accessibility testing||None done.|
|What users can and can't do using the API||User-defined API on request|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||The service provide an administrator interface (web, integrated into the application) to customise several aspects and configurations (including user roles) provided the users have enough privileges (as defined during onboarding). Example: end user can configure when a theatre is available during the week, to which surgical services and for which specialties and admission types.|
|Independence of resources||The service has been designed to scale to meet demand.|
|Service usage metrics||Yes|
|Metrics types||Access per users (unique users, unique work sessions); browser and device type statistics; number of patients managed. Others can be configured as part of the setup phase.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||Less than once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||The web interface allows all processed data to be downloaded as Excel tables, the printing functions shows reports in PDF format.|
|Data export formats||
|Other data export formats||
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
Detailed SLAs are agreed with the customer at point of contract negotiation.
As a standard, service availability is guaranteed at 99% over a period of one year.
|Approach to resilience||Available on request.|
|Outage reporting||Server or network outages are reported via the Service Desk Portal, as published on the SurgiQ support pages.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||Username or password|
|Access restrictions in management interfaces and support channels||
Role Based Access Control is employed.
The system presents information where necessary to users with elevated permissions. All access activities are auditable.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||Internal security policies, procedures and training. ISO 27001 in progress.|
|Information security policies and processes||
Internal policy and procedures are followed. These are available on request.
The policy dictates Account and Password management requirements; Data handling procedures and Responsibilities; and Employee responsibility and issue escalation.
The security policies are disseminated to staff via internal training and any Information Security concerns are raised via the internal service desk software and escalated to the Chief Information Security Officer for immediate review. SurgiQ management reserve the right to conduct an internal audit on projects to ensure that best practice is being followed and policy is being adhered to.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Software versioning tools are employed. Change management is tracked via an internal change ticketing system. There is an Change Control policy for software versioning (available on request). Recent versions of system documentation are archived.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Non urgent software patches are released as scheduled upgrade. Any urgent software updates are applied as soon as regression testing is completed.
Potential threats are identified via the service support help desk.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||When potential risks are identified by us or notified by users, we escalate immediately to the relevant third-party supplier to respond. They would typically respond to a significant incident within 4 hour|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Incidents are reported by email or via online support desk system. The status and updates on progress of incidents (or linked groups of incidents) can be accessed online with updates provided as per the SLA.
Issue resolution is supported by internal documentation and Knowledge Base for resolution of common problems. This documentation is reviewed by the delivery department.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Connected networks||New NHS Network (N3)|
|Price||£1 to £10 per unit per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
A free trial of the system is accessible online, on a shared demo environment, which shows a set-up configured for a surgical department, with waiting list, pre-admission clinic and overall pathway management to show process modeling capabilities.
A non-disclosure agreement is required to access the free demo.
|Link to free trial||Link provided on request.|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|