NHS North of England Commissioning Support Unit (Hosted by NHS England)


RAIDR is a business intelligence tool used by CCG, CSU and GP Practice staff and Acute Care. It provides healthcare professionals with a single portal for all their information needs, e.g. inpatient, outpatient and A&E activity, prescribing, finance and contracting, urgent care and primary care data quality and risk stratification.


  • Risk stratification and data quality
  • Training included
  • Service level activity and budget monitoring
  • Drill down to patient level
  • Prescribing data and prescribing safety
  • Quality indicator performance
  • Quality Outcomes Framework (QOF) reporting and optimising
  • No software installation required
  • Wide range of data sets available
  • Multiple risk tools


  • Improve data quality and consistency
  • Deliver reliable data and accurate information
  • Drives efficiency
  • More effective case management
  • National and local peer comparators
  • Rapid implementation
  • Achieve high quality cost effective care
  • Identify areas for concern and exemplars for best practice
  • Supports GMC / PMS contract


£0.13 per unit per year

Service documents


G-Cloud 11

Service ID

4 3 2 0 6 5 3 9 8 3 2 9 0 8 3


NHS North of England Commissioning Support Unit (Hosted by NHS England)

Amanda Smallbone

0191 3751789


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
RAIDR service provision may be forcibly terminated where underlying data systems which input into the RAIDR System are discontinued or undergo change such that the RAIDR System is no longer capable of accepting, or permitted to accept those feeds, and this materially affects RAIDR’s effectiveness and value.

Examples include but are not limited to:
• The terms on which MiQuest software is made available (third party software which enables data extraction from the customer’s IT system for the purpose of provision of the Primary Care Dashboard), change to make it uneconomical, incompatible or unsuitable for use with the RAIDR System.
System requirements
  • New NHS Networks (N3)
  • Internet 10+ (or any modern browser)

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 business hour
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Service support comprises :
Customers can access technical support services and also help and advice for non-technical ad-hoc queries and ‘how to’ guidance.
• information and advice by telephone (between the hours of 8.30 a.m. and 5.00 p.m. Monday through Friday, excluding bank and other public holidays), e-mail or by such other means as NECS deems appropriate from time to time to advise on the use of the RAIDR System;
• the creation and release to the Customer from time to time, at NECS’ sole discretion, of fixes and improvements to the RAIDR System.
Technical support services shall be provided in accordance with the following protocol:-
"Major Fault" - NECS shall as soon as reasonably practicable but in any event within 1 working day of such agreement, supply instructions to the Customer which are intended to circumvent the fault;
"Important Fault" - NECS shall, as soon as reasonably practicable, but in any event within 2 working days of such agreement, supply instructions intended to enable the Customer to circumvent the fault;
"Minor Fault" - NECS shall use its reasonable endeavours to supply instructions to the Customer which are intended to circumvent the fault within 5 working days of such agreement.
Support available to third parties

Onboarding and offboarding

Getting started
System implementation typically takes 90 days from start to ‘go live’, detailed plans are drawn up with each customer to meet their specific needs.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
Microsoft Word (Where appropriate to do so)
End-of-contract data extraction
Data is permanently deleted from the source file location via CPA Foundation-grade erasure product and destruction certificates are provided.
End-of-contract process
User access accounts are disabled and data destroyed.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
RAIDR supports a variety of screen reading and screen magnification software tools which enable visually and mobility impaired users to easily access and navigate RAIDR.
Accessibility standards
None or don’t know
Description of accessibility
RAIDR supports a variety of screen reading and screen magnification software tools which enable visually and mobility impaired users to easily access and navigate RAIDR.
Accessibility testing
We have not undertaken any interface testing with users of assistive technology.
Customisation available
Description of customisation
Customers can customise how the data they require is visualised i.e. graphs and tables can be set to only display data between selected variables, at full control of the user. Development and requests for change are reviewed and prioritised by the RAIDR User Group.


Independence of resources
Services are load balanced between multiple servers which can be scaled out on demand.


Service usage metrics
Metrics types
User access statistics by user and organisation
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Access to data is by designated staff and is restricted /only available to those who need to process the data.
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Download to CSV or PDF
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats
SQL Server data backup file

Data-in-transit protection

Data protection between buyer and supplier networks
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
Access to the service is protected by authentication of all users who access it.
Data protection within supplier network
Other protection within supplier network
All data is backed up on a regular schedule.

Availability and resilience

Guaranteed availability
99%, assured by contractual commitment
Approach to resilience
Services are all run on multiple servers and include multiple levels of redundancy.
Outage reporting
Our IT Service Desk have a process by which the affected users are identified, notified via e-mail and updated.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
User access to the service is controlled by Microsoft Active Directory.
Access restrictions in management interfaces and support channels
Management access to the service is controlled by Microsoft Active Directory
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security governance approach includes:
• Data Protection and Security Toolkit Compliance
• Information Security Management Plans which are developed practice based experience.
• Cyber Essentials Plus – NECS will continue to seek further accreditation to gain compliance against the Cyber Essentials Plus scheme.
• ISEM (Information Assurance for Small & Medium sized Enterprises) - The IASME standard, based on ISO27001, has developed to create a cyber security standard recognised by the UK Government.
• ISO27001 – NECS is aligned with the ISO27001 internationally recognised, gold standard, and Information Security standards.
Information security policies and processes
There is an Information & Cyber Security Strategy and Plan, managed through an IT Security Team with access to the wider IT teams. This is managed by our Infrastructure Security Manager. She reports into the Head of Infrastructure who reports to the Business Information Services Director.

NECS’ develop Information Security Management Plans which are developed using the valuable practice based experience. The key strategic information security principles that underpin information security management at NECS are considered in any service provided by NECS.

NECS adhere to NHS England Policies and all NECS procedures are based on ITIL good practice.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
There is an ITIL based Change Advisory Board (CAB) that manages the processes in accordance with the NECS Procedures.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
The system is regularly penetration tested for vulnerabilities in coding and security. It is fully protected by Microsoft Update Service and Sophos Threat Management. Both these products are automated and fully managed. We subscribe to Microsoft Technet Technical Security Bulletins and Sophos RSS feeds for regular updates.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We proactively monitoring against known baselines using PRTG, Solarwinds. The baseline is regularly reviewed. Sophos identifies immediate firewall breaches. Any breaches or changes to the baseline are dealt with immediately, within business hours, by a dedicated team.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
The management of Incidents follows the standards set out by ITIL and defined in our own Incident and Problem Management Policy. Users report incidents via the Service Desk either via Telephone. Each incident is given a unique reference number and a priority which defines the length of time allowed to resolve the incident. Incidents are analysed to look for common trends by reviewing the types of incidents logged and trying to identify root causes. We report each month to our customers on the number of Incidents logged and our performance in terms of meeting the fix time.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£0.13 per unit per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑