Restore Scan Limited

Medical Records Scanning and Workflow

Scanning of legacy and day forward medical records as an offsite service or an onsite system provision.


  • Scanning legacy medical records
  • Scanning day forward medical records


  • Reduction of paper resulting in reduced storage costs
  • Improved accesibility to medical records
  • Reduced risk of lost records


£5.00 per transaction

  • Free trial available

Service documents

G-Cloud 9


Restore Scan Limited

Daniel Hampton


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints SLAs for the service or system will be defined as part of the design stage and the system or service will then be expected to perform as agreed. Where Restore Scan is providing a service, maintenance windows will be arranged to minimise any impact and should an impact be unavoidable, it will be communicated in advance. For onsite systems, appropriate support will be agreed.
System requirements As per service description cross compatibility matrix for onsite systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard support hours are Monday to Friday, 9am - 5pm with a standard response time of 4 hour response, 4 hour fix. Alternative support arrangements can be made should they be required, cost options would be dependent on requirement.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support hours are Monday to Friday, 9am - 5pm with a standard response time of 4 hour response, 4 hour fix. Cost for this provision is 20% per annum of the professional services required for implementation. Alternative support arrangements can be made should they be required, cost options would be dependent on requirement.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is provided according to the system being deployed and the end user requirements but normally falls under two main categories, user training and administration training.

User Training
User training is provided on a train the trainer basis for all components of the system that have user interaction and that the users are expected to be responsible for. A group of key ‘super’ users are expected to be identified by the customer that can be trained as required and then disseminate the information amongst other users as required. Training will be given to users on the front end scanning software and hardware to ensure that users are familiar with processing documents, dealing with any basic troubleshooting that might need to happen and performing maintenance routines on the hardware.

Administration Training
Administration training is usually provided to the key members of the IT teams and covers the core components of the system, the process flow of work through these components and the services that will be running to facilitate this. A detailed architecture diagram will be supplied to outline which components and services are deployed on which servers and a basic troubleshooting guide will also be provided.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction In general, data will be supplied back to the customer on an on-going basis either as part of the service or kept on their own systems if an onsite system is provided. Should any data fall outside of this, data migration services can be provided.
End-of-contract process Should an onsite system have been purchased at the end of the contract the system would remain the buyers to use with only the on-going support element to be considered. The buyer would then be able to proceed with using the system without support or make alternative arrangements to continue with a support provision in place. If a scanning service is being provided, the service would stop on the given date. We wouldn't expect to hold any data at that point, but should that not be the case we would arrange for the data transfer as required. If this is a simple data transfer in the format as agreed for the service, this would be included. Should any more complex data migration services be needed, this would be at additional cost.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility Accessibility standards are dependent on the type of deployment and further information can be discussed dependent on the options selected.
Accessibility testing N/A
Customisation available Yes
Description of customisation If choosing an onsite solution, the system will be configured as per the buyers requirements prior to delivery. System administrators can either then be trained in basic system configuration for future changes or further professional services can be purchased to undertake these changes.


Independence of resources Onsite systems are dependent on the buyers own network infrastructures and so within their control.
If providing an offsite service, the Restore Scan network is carefully controlled and constantly reviewed to allow adequate resources for all clients.


Service usage metrics Yes
Metrics types Reports will be tailored to the specific requirements of the buyer but include: items received; items processed, automation levels achieved.
Reporting types Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Opex

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data will be provided in the buyers required XML format and made available on an on-going basis via an agreed method.
Data export formats Other
Other data export formats XML
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability In the event that our service levels are not met and that it can be proven that this is due to our service failures (and not third party, client or other intervention) we will provide suitable recompense.
Approach to resilience Available on request.
Outage reporting E-mail alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels A complete security model is in place which can be linked with Active Directory and can control access to all user and administrative functions at a granular level.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Certification Europe
ISO/IEC 27001 accreditation date 18/07/2011
What the ISO/IEC 27001 doesn’t cover TBC
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes An information security policy is in place and available on request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All software and hardware components of the systems and services that we resell are continually monitored for bug fixes and new version releases and customers advised how to proceed accordingly. As new releases become available they are tested internally in a development environment prior to release. It is also suggested that prior to deployment to any system, in-house at a customer site or onsite in a Restore Scan facility, the update is tested again within the project specific test environment prior to deployment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Internal vulnerability testing is conducted using Nessus during annual internal security audits. Threats are placed on a risk register for review in the IT Management team meetings. Patches are deployed as soon as available, with all IT staff receiving email alerts from mailing lists to security vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Compromises will come in the form of alerts from our Managed Firewall service provider, who monitor the IDS/IPS on all public facing firewalls.
Third party security providers will patch security issues as they are found, and report the incident immediately via our customer portal.
Incident management type Supplier-defined controls
Incident management approach Incident Management is based on Restore Scans ISO 27001 accreditation. The procedure for Security Incident management includes processes for common incidents (password misuse etc..).
Users report incidents to their Line Manager and log with the Service Desk incident reports are provided to the Senior Management Team each month, or immediately if considered high risk.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5.00 per transaction
Discount for educational organisations No
Free trial available Yes
Description of free trial Low volume trials can be supplied free of cost. These are against our standard configuration, are based on a very limited volume and are intended to prove concept on the clients’ documents. The trial services does not have any functionality to perform volume load test.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑