Zesty Ltd

Patient Portal

Zesty provides two platforms for the NHS. Our consumer platform serves as a standalone non integrated online appointment booking solution. Existing customers are community health, sexual health, primary care providers. Our enterprise platform serves as a PAS/EPR integrated patient portal. Existing customers are acute, outpatient and secondary care providers.


  • Two factor remote authentication via the patient’s mobile phone.
  • Online patient appointment booking, rescheduling and cancellations.
  • Smart two-way text message notifications and reminders.
  • Patient appointment check-in via their mobile phone.
  • Follow up e-Communications for appointments.
  • Patient survey design and collection.
  • Clinician feedback and review.
  • Replacement of paper appointment letters with digital communications.
  • Cross platform - Full mobile and tablet support.
  • PAS integration for patient appointment booking.


  • Cash releasing cost savings from Digital Letters
  • Ability for patients to self-serve their outpatient appointments.
  • Increase in appointment attendance rates.
  • Decrease in patient DNA rates.
  • Improvement in operational efficiency.
  • Optimisation of capacity management.
  • Increased CRM coverage and enhanced patient data quality.
  • Reduction in office administration and associated costs.
  • Reduction in patient waiting times.
  • Cash releasing and non cash releasing cost savings.


£27500 per licence per year

Service documents

G-Cloud 10


Zesty Ltd

Lloyd Price



Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Cerner, Cerner Millenium
Cloud deployment model Hybrid cloud
Service constraints Our platform has to be deployed with an N3 component for storing patient data.
System requirements
  • Internet Browsers - we support Internet Explorer 9 and above.
  • Internet Browsers - we support all modern Internet browsers.
  • Licensed on an annual Software as a Service basis.
  • Enterprise license is inclusive of all costs, except SMS.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within 24 hours Monday to Friday.

Within 48 hours Saturday to Sunday.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Standard support response times - 2 hours (in working hours)

With each deployment Zesty provides 2 person days of training time as part of the set up fee. Further training days are available upon request at a rate of £750 per day + VAT.

Each deployment has a remote account manager assigned to deal with any day to day issues.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Onsite training - one to one or group training provided account director or technical support team as required

Online training - web based training provided by account director or technical support team as required

User documentation - user guides are provided
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Word
End-of-contract data extraction TXT
Tab delimited

Also available via API.
End-of-contract process At the end of the contract access to the Zesty software as a service platform is removed.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The patient facing aspects of our platform are fully mobile optimised and tested over a number of devices. Features and functionality are identical on desktop and mobile.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Siri on iOS devices
Customisation available Yes
Description of customisation Web templates, SMS reminders, pre visit questionnaires, patient surveys and patient feedback can be customised.
Admin users of the system can customise each module.


Independence of resources Zesty work with Red Centric, a tier 1 HSCN approved host. Our infrastructure includes load balancing and additional ‘resource on demand’ servers to cope with unexpected spikes in user traffic. Our application has been designed around a robust message queue system, ensuring events are queued for subsequent processing during periods of heavy load


Service usage metrics Yes
Metrics types Number of user registrations
Number of user logins
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach User can export their data on request.

Access will be provided by an online sign in solution.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Zesty do not currently offer a guaranteed level availability, although this can be reviewed on a per client basis. The Zesty application is not a business critical system that requires guaranteed high availability.
Zesty is, however, hosted at a data centre with 99.99% guaranteed infrastructure availability.
Approach to resilience Fully mirrored setup with hourly backups over 2 physical locations. Tier 1 N3 accredited datacentre. Complete details and infrastructure diagrams available on request.
Outage reporting Real time monitoring on both application and infrastructure levels. Pager alerts to key staff 24/7. Dashboard available for client monitoring.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces are hosted on N3 and require N3 access. Login is via secure password and 2FA to a registered mobile device. Other 3rd party 2FA solutions are in development.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications IG Toolkit Lvl 2

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IG Toolkit Level 2
Information security policies and processes Zesty use the IG Toolkit to provide guidelines for defining and maintaining information security policies & processes.
Our policies and processes include regular auditing and classification of information assets, identification of confidential information flows, risk assessment and implementation of appropriate controls and clear roles, responsibilities and training for all staff

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Zesty utilises a robust change management system whereby all changes are appropriately tracked, tested and assessed for security impact
Vulnerability management type Supplier-defined controls
Vulnerability management approach Zesty 's systems are securely hosted at an N3 approved hosting centre. Zesty maintain a regular patching regime.
Zesty undertake regular penetration tests (infrastructure and application level) to identify potential threats.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Zesty deploy and maintain multiple automated intruder detection systems (e.g. denyhosts, fail2ban). Banning rules and automatic alerting are in place to initiate our incident management process should an incident be detected
Incident management type Supplier-defined controls
Incident management approach Zesty have a defined incident management process with appropriate reporting templates and reporting and escalation paths for any incidents that occur

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £27500 per licence per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑