Zesty provides two platforms for the NHS. Our consumer platform serves as a standalone non integrated online appointment booking solution. Existing customers are community health, sexual health, primary care providers. Our enterprise platform serves as a PAS/EPR integrated patient portal. Existing customers are acute, outpatient and secondary care providers.
- Two factor remote authentication via the patient’s mobile phone.
- Online patient appointment booking, rescheduling and cancellations.
- Smart two-way text message notifications and reminders.
- Patient appointment check-in via their mobile phone.
- Follow up e-Communications for appointments.
- Patient survey design and collection.
- Clinician feedback and review.
- Replacement of paper appointment letters with digital communications.
- Cross platform - Full mobile and tablet support.
- PAS integration for patient appointment booking.
- Cash releasing cost savings from Digital Letters
- Ability for patients to self-serve their outpatient appointments.
- Increase in appointment attendance rates.
- Decrease in patient DNA rates.
- Improvement in operational efficiency.
- Optimisation of capacity management.
- Increased CRM coverage and enhanced patient data quality.
- Reduction in office administration and associated costs.
- Reduction in patient waiting times.
- Cash releasing and non cash releasing cost savings.
£27500 per licence per year
|Software add-on or extension||Yes|
|What software services is the service an extension to||Cerner, Cerner Millenium|
|Cloud deployment model||Hybrid cloud|
|Service constraints||Our platform has to be deployed with an N3 component for storing patient data.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
Within 24 hours Monday to Friday.
Within 48 hours Saturday to Sunday.
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Standard support response times - 2 hours (in working hours)
With each deployment Zesty provides 2 person days of training time as part of the set up fee. Further training days are available upon request at a rate of £750 per day + VAT.
Each deployment has a remote account manager assigned to deal with any day to day issues.
|Support available to third parties||Yes|
Onboarding and offboarding
Onsite training - one to one or group training provided account director or technical support team as required
Online training - web based training provided by account director or technical support team as required
User documentation - user guides are provided
|Other documentation formats||Word|
|End-of-contract data extraction||
Also available via API.
|End-of-contract process||At the end of the contract access to the Zesty software as a service platform is removed.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The patient facing aspects of our platform are fully mobile optimised and tested over a number of devices. Features and functionality are identical on desktop and mobile.|
|Accessibility standards||WCAG 2.0 AAA|
|Accessibility testing||Siri on iOS devices|
|Description of customisation||
Web templates, SMS reminders, pre visit questionnaires, patient surveys and patient feedback can be customised.
Admin users of the system can customise each module.
|Independence of resources||Zesty work with Red Centric, a tier 1 HSCN approved host. Our infrastructure includes load balancing and additional ‘resource on demand’ servers to cope with unexpected spikes in user traffic. Our application has been designed around a robust message queue system, ensuring events are queued for subsequent processing during periods of heavy load|
|Service usage metrics||Yes|
Number of user registrations
Number of user logins
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||
User can export their data on request.
Access will be provided by an online sign in solution.
|Data export formats||CSV|
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||Private network or public sector network|
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
Zesty do not currently offer a guaranteed level availability, although this can be reviewed on a per client basis. The Zesty application is not a business critical system that requires guaranteed high availability.
Zesty is, however, hosted at a data centre with 99.99% guaranteed infrastructure availability.
|Approach to resilience||Fully mirrored setup with hourly backups over 2 physical locations. Tier 1 N3 accredited datacentre. Complete details and infrastructure diagrams available on request.|
|Outage reporting||Real time monitoring on both application and infrastructure levels. Pager alerts to key staff 24/7. Dashboard available for client monitoring.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Management interfaces are hosted on N3 and require N3 access. Login is via secure password and 2FA to a registered mobile device. Other 3rd party 2FA solutions are in development.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||IG Toolkit Lvl 2|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||Other|
|Other security governance standards||IG Toolkit Level 2|
|Information security policies and processes||
Zesty use the IG Toolkit to provide guidelines for defining and maintaining information security policies & processes.
Our policies and processes include regular auditing and classification of information assets, identification of confidential information flows, risk assessment and implementation of appropriate controls and clear roles, responsibilities and training for all staff
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Zesty utilises a robust change management system whereby all changes are appropriately tracked, tested and assessed for security impact|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Zesty 's systems are securely hosted at an N3 approved hosting centre. Zesty maintain a regular patching regime.
Zesty undertake regular penetration tests (infrastructure and application level) to identify potential threats.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Zesty deploy and maintain multiple automated intruder detection systems (e.g. denyhosts, fail2ban). Banning rules and automatic alerting are in place to initiate our incident management process should an incident be detected|
|Incident management type||Supplier-defined controls|
|Incident management approach||Zesty have a defined incident management process with appropriate reporting templates and reporting and escalation paths for any incidents that occur|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£27500 per licence per year|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|