ERS Connect

Surveys - Including Friends and Family/User Experience/HR/Ad-Hoc Surveys

The deliver and collation of results for broad spectrum survey requirements, including live realtime delivery and receipt, trend reporting/Business Intelligence and analytics.
Answer-based response; CQUIN targets; Accessible Information Standards; UNIFY reports. Highest UK levels of patient engagement; Survey content configurability/Support. Heatmaps/Sentiment Analysis. Patient/Staff/Ad-Hoc/User Surveys


  • Multi-media delivery of surveys and receipt of communications
  • Real-time/Live evidence results
  • Sentiment Analysis
  • Configurable surveys with user management and control
  • Concise and accurate deliver of results
  • Intelligent data fed routing and escalation paths
  • Anwer based response
  • Full auditing of all actions undertaken
  • UNIFY reports delivered via subscription services
  • Full Business Intelligence around outcomes


  • Cost releasing savings across all areas
  • NHS e-Guidance met
  • Supports addressing any areas of concern
  • Direct clinician to patient communication, where required
  • NHS 2020 Paperless Agenda & ISO14001 met
  • GDPR Compliant; ISO certified services
  • Pre-Op post-discharge and other care pathways supported


£0.03 per unit

  • Free trial available

Service documents

G-Cloud 10


ERS Connect

Georgie Whitaker


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Digital Hybrid Mail services; Appointment reminders; Pre-Admission & Post-Discharge communication services; Ad-Hoc Surveys. All using the same secure platform, with user controls and role permissions, with dashboard views, data and real-time reporting. Additional services are added to the platform, using same data upload methods to reduce unnecessary complexity via N3/HSCN/PSN
Cloud deployment model Private cloud
Service constraints There are no constraints on using the Chronos portal - it fully supports all web browsers (incl. IE8 and above). Maintenance windows are outside of core hours and the service runs in active:active mode. There are no hardware requirements for the Customer and no software installations - all delivered via a secure cloud portal with full user permissions and role access rights.
There are no requirements for hardware/software re-configurations
System requirements
  • Internet browser - all supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times All tickets are responded to in accordance to SLA's agreed with our Customers, otherwise default SLA's apply with a 4 hour response rate
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support No
Support levels 24X7X363 Support is available. Support hours are Monday - Friday 8am-6pm (Core); 6pm-8am (On Call) Evenings and Weekends - On Call Support requests are captured by our Customer Services Team, your dedicated Account Manager, or directly into our IT Support Team. These come into our enterprise class ticketing portal and each given a unique reference number and an assigned, named technical engineer. We endeavour to respond to all Customer queries within 1 hour of receipt, however 4 hours is our standard response KPI.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started As part of customer on-boarding, we deliver onsite training with trust teams. We can also support webinars; 1-2-1 training; group/classroom training. We supply support video guides and documented 'User Guides' Additionally, we have a team of Client Services specialist and technical specialist a phone call away to support any request a user may have.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Videos (.WAV)
  • Powerpoint (.PPT)
End-of-contract data extraction Data deletion is in force at the end of a contract term. Upon written request by an authorised client, we can provide any extract of data up to data deletion as agreed with the Client - typically between 90-180 days. All data received will be in an anonymised format to ensure that no Patient Identifiable Data is visible. A full version of our Business Management Policies and whitepapers are available upon request.
End-of-contract process At contract end, written consent is received by the Client to either continue the service, or to switch off the service. At the agreed date, the service is cancelled and all user permissions are revoked at the appointed time. There are no additional costs at the end of the contract term, except a final bill for any appointment reminders that have been sent in batch data that are still being delivered as part of the cycle of attempts to contact patients. At this point, no further data can be uploaded onto the Chronos portal. All data in anonymised and retained as per the agreed contract term. After which point it is deleted from all systems.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service End users have a rendered view of the questionnaires delivered via the patient portal, however surveys can also be delivered via logic driven SMS, which is concatenated for questions (but we work with you to keep within 160 characters). Once a patient responds, we send the next question until all are served/completed. The Desktop service can deliver the questions in a single instance format - both are effective and can be tailored to where a mobile or email address is known.
Accessibility standards None or don’t know
Description of accessibility Please ask for further information - as our testing information is sensitive. At a top level we confirm, translation on the fly across multiple languages and other services as required to meet the Accessible Information Standards.
Accessibility testing Our solution has been designed to meet Accessible Information Standard whereby end-users can translate on the fly; view in larger font; have the information read out to them; This is tested and in use in the field. Full Demo's are available.
What users can and can't do using the API The API is used for data uploads; role based security; managing data transfer via N3/HSCN There are no requirements to make changes by users for delivery of the secure cloud service.
API documentation Yes
API documentation formats
  • HTML
  • Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Service can be customised Service Message delivery methods.
Scripts used by agents/IVR calls etc.
SMS messages can be tailored to include:
- Templates to maintain consistency and/or
- Bespoke ad-hoc questions via SMS
Full escalation paths (to multi-media mix)

The Surveys are designed for self-sufficiency for authorised users - can can offer templates and support for questions that draw better response rates; methods when looking at demographics etc. - available from our Client Services team.

Other areas can be customised via Service Requests and are fully controlled with governance, sign-off and delivered by out technical implementation engineers.


Independence of resources The ERS Connect Chronos portal is fully scalable and works on a fully active:active resilient platform. We monitor our services with threshold alarms in the event of usage being reached, to ensure we can spin up to meet demand with no limitations. For more information, you are welcome to review our Business Management System overviews upon request.


Service usage metrics Yes
Metrics types The ERS Connect service can provide both a portal dashboard view of key usage metrics by services used; return of investment; responses; sentiment analysis; demographic trends; best methods and escalation paths.

Additionally, more comprehensive reports are available for analysis, permissions based access.

Finally, more bespoke reports with service usage metrics are available to authorised requestors.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach All backup data is encrypted. Physical access control to all SQL databases. Physical role and access levels and authorisation for access to the data. Layered access controls in place based on role; permissions and responsibilities. Sensitive fields, ie.passwords are hashed, to non-readable format in the database (no plain text storage). Full joiner and leaver process in place as part of our Business Management System and ISO certifications.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be uploaded onto the Chronos service, irrespective of which service(s) are being used - all use the same methodology for client ease:

1) HL7 integration - either 1-way or bi-directional, via an upload script (given to you by our IT team)

2) Manual upload - either by uploading a .vbs file into the web application, or;

3) Manual upload - directly onto the portal itself. Full training is provided
Data export formats
  • CSV
  • Other
Other data export formats
  • .XLS
  • Via HL7-Bi-directional
  • .VBS onto PAS
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Behind a dedicated firewalls in a secure leading manufacturer Tier 3 Data Centre with active:active load balancing and redundancy. Private VPN's over N3/HSCN connection used, for data uploads and we use TLS on HTTPS for web access over the N3/HSCN network Authorised users only with Connect permissions have access utilising roles based authentication.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network Data is protected behind leading firewalls along with anti-virus and malware protection. Role based security access and physical access security. VPN access for remote access. All servers are privately addressed. Data backups are stored behind secure location and are encrypted within leading T3 Data Centres running as Active:Active. SQL Cluster, with active:passive configuration for 99.99% uptime. More information is available upon request and detailed within our Business Management System under an NDA

Availability and resilience

Availability and resilience
Guaranteed availability ERS Connect offers a 99.99% uptime. There are no refunds for any service not meeting levels of availability - this is due to our service being ultra resilient and we have UK data centres, on separate networks in the event of any not being unavailable.
Approach to resilience We operate using the leading Data Centre providers, running in active:active sync. More information is available upon request and is fully documented within our Business Management System, which is audited.
Outage reporting Outage's are classified as follows

ERS Connect generated outage - this is only in exceptional circumstances (as yet never used), whereby notice would be given to all Clients 5 days ahead with timely reminders at intervals.

Non ERS Connect outages are communicated using either Email and/or SMS messages to all Clients notifying them of an outage and regular updates. Users can also see any notifications on our website and we are able to mobilise our Agents to call our Customers if needed

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Customers have options for inclusion of Staff and/or Patient/End User 2-factor authentication, offered via a unique pin code (Patient Portal Access), along with a further option for additional authentication around a last know digit sequence.
Access restrictions in management interfaces and support channels All users are restricted by permissions as follows: Internal ERS Connect staff members are limited based on role/function permissions. General Client users are restricted by role/function with a cut down service Administrators/Managers have more functionality and access to services on the Chronos portal. Additionally ERS Connect has a hierarchical department structure which is used for permissions access for sensitive and non-sensitive information and data.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI Group
ISO/IEC 27001 accreditation date 02/11/2017
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • ISO9001
  • ISO14001
  • Connecting for Health 100% Level 3 approval for Information Governance

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ERS Connect is certified against ISO9001/ISO14001/ISO27001:2015; IG Toolkit 14.2 Level 3 Partner (100%). We have a dedicated Compliance team headed up at senior management level as part of the company leadership team. All ERS Connect employees undertake security and governance training and must pass, IG Toolkit certification along with internal security measures. A full 'Security Policy and Processes' is available for review (upon request) and sits within our Business Management System. This is reviewed at least twice per annum, or sooner as required and forms part of our Senior Leadership Team annual meeting.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All documented within our BMS under ISO standards Service request, work item generated (unique detail); code checked-in against code item; code reviewed; tested; merged into code base; released. Testing is broken down into Unit; Integration and System testing. Documented system testing compiled - for end to end processes alongside test plans for completedness. A full Change Management and Configuration process and supporting guides are available upon request.
Vulnerability management type Undisclosed
Vulnerability management approach This is sensitive information and therefore only the highest level information is provided here - more detail can be provided on request. We test daily for vulnerabilities and further deeper monthly testing and tests run against all releases of new software. Any changes to our vulnerability scans is addressed in line with our BMS ISO and Security processes - available upon request. Against all public IP's and applications. Automated and manual patching. Technical team across alerts from leading manufacturers and organisations such as Microsoft, Rackspace, NHS Digital etc.
Protective monitoring type Undisclosed
Protective monitoring approach This information is not for public domain, however it can be supplied upon request. Identification of potential compromises are managed via leading manufacturers and organisations. These are managed within a risk register available on our BMS. Any virus, open port, vulnerability will be handled immediately as a P1 instance Bulletins and communications are given to customers should a breach be identified with our actions. During WannaCry we patched immediately and kept the NHS working - this is a case reference we are happy to share with you Speed of response to incidents is severity pending and SLA available on request
Incident management type Undisclosed
Incident management approach Below offered top level view - details provided upon request documented within ISO certified Business Management System (BMS) Pre-defined processes in-place; within BMS Breaches notified immediately at the point breach; Raised on the approved system by any team member. This auto escalates to the Director of Compliance & Manager. Management review the breach - mobilisation as set out in our BMS, Manager signs off incident at point of completion Director of Compliance presents in monthly senior leadership team, review of incidents/ear misses. full report. Full system and reports available upon request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £0.03 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial FILL OUT


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑