ULTRA Laboratory Information Management System
Cirdan ULTRA is a dedicated Laboratory Information System (LIS)/Laboratory Information Management System (LIMS). ULTRA meets the needs of high throughput, multi-site laboratories with complex requirements, from single discipline laboratories to large multi-lab organisations with advanced specimen routing requirements. ULTRA is designed for high volume data entry and minimal user input.
- End-to-end clinical, analytical, managerial solution for all laboratory disciplines.
- Secure with role based Access control and Full Audit Facilities.
- Integration with analysers from your chosen vendors.
- Specialist laboratory modules work standalone or fully integrated.
- Image Integration including your chosen Digital Pathology scanners.
- Comprehensive interoperability for external systems including EHR, Registries, Order Comms.
- Billing/costing information integrated with a variety of finance packages.
- Customisation of features including Management Reporting using BIRT.
- Support 24/7 with access to Subject Matter Experts.
- Training packages for clinicians, scientists, pathologists, administrators, IT staff
- Scale from small/single discipline to multi-lab/multi-discipline/100Mill tests per year.
- Secure for data at rest/in transit (confirms to ISO/IEC 27001).
- Rapid on-boarding process with training and configuration service supplied.
- Accessible readily from any device with an internet web browser.
- Holistic process with personalized/departmental dashboards and full audit trails.
- Management Intelligence and Data Analytics Reporting Tools as standard.
- Can support a laboratory with their ISO 15189 Regulatory compliance.
- Cloud hosting provides advanced fail-over, resilience and disaster recovery.
- Inclusive of managed services for system support, maintenance and updates.
- Proactive monitoring tools as standard to ensure peak performance.
£250 to £250 per licence per month
- Education pricing available
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
|Software add-on or extension||No|
|Cloud deployment model||
|Email or online ticketing support||Email or online ticketing|
|Support response times||Our SLAs can offer 24/7 support with response times up to 1/2 hour.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Onsite support|
We aim to provide a comprehensive set of services that are covered by your annual licence fee including the following: toll free help desk and online bi-directional communication via the Cirdan Incident Management for reporting incidents; technical product support (Levels 3 & 4); committed response times; detailed incident management tracking; nominated Account Manager; license usage monitoring, evaluation and feedback.
Additional Level 1 & 2 support services are available at extra cost, subject to an SLA agreement.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||We engage in an initial Discovery exercise where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.|
|Other documentation formats||Microsoft Word|
|End-of-contract data extraction||Oracle database extract into transportable files.|
|End-of-contract process||At the end of the licence term, access to the ULTRA system will be terminated and arrangements will be made to provide data held on ULTRA in a suitable and secure format, to be agreed and costed separately.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||The mobile service includes all those features provided in the desktop service, however, due to the complexity of some screens our recommendation is that mobile devices no smaller than a tablet device are used.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Although not compliant to WCAG 2.1 AAA, WCAG 2.1AA or WCAG 2.1A, we are aware of these standards and incorporate them wherever possible into the design of all of our user-interface screens.|
|Accessibility testing||We currently do not carry out interface testing of this kind. However, a Community of Practice is being developed with customers so this type of testing will be implemented in the future.|
|What users can and can't do using the API||
To use the API, users must first sign up as a Development Partner, and then user training and documentation can be made available.
Through the API, users can interrogate data from ULTRA and carry out standard processes, for example, a test request for a patient may be ordered.
|API documentation formats||Open API (also known as Swagger)|
|API sandbox or test environment||Yes|
|Description of customisation||Configuration Menus are an integral part of the ULTRA product and are available to any trained user. They provide customisation of, for example: specimen labelling, patient reports, individual and departmental dashboards.|
|Independence of resources||
The service can be scaled as required based on performance metrics.
Each client is hosted in a separate environment.
|Service usage metrics||Yes|
Incident/change management reports
Support issues requiring escalation
Additional metrics can be reported on as required.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Customer data can be exported upon request. Data is stored on an Oracle database and data can be exported into transportable files.|
|Data export formats||
|Data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
99.5% availability is standard, with higher availability on a sliding cost scale.
Cirdan will endeavour to make the service available without disruption during normal service hours, as detailed in the SLA, however, allowances should be made for service downtime to enable critical software upgrades and system maintenance.
Note guarantees cannot be met where local network connectivity is lost.
In the event that service availability is not met, refunds can be made subject to the terms set out in the SLA, for example, in the form of extended contract period days or additional consulting/training days etc.
|Approach to resilience||ULTRA and Oracle database services are deployed in a fault tolerant and highly available manner. For both application and database tiers, relevant clustering and load-balancing technologies are employed to ensure high availability of ULTRA services.|
|Outage reporting||All outages are reported via email alerts.|
Identity and authentication
|User authentication needed||Yes|
|User authentication||2-factor authentication|
|Access restrictions in management interfaces and support channels||
All access to the system, including management interfaces, is provided by Role Based Access Control which is dependent on the entry of a username and password.
Access to online support is managed by Role Based Access Control.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||NQA|
|ISO/IEC 27001 accreditation date||December 2018|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We are ISO 27001 accredited and this drives the content of the following policies and processes we follow:
Information Security Policy
Office & Remote Working Policy
Information Communication Acceptable Use Policy
Access Control & Asset Management Policy
Secure Development Policy
These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.
These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer notified of risks, rollbacks and timelines for approval.|
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||
Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.
Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket. All authentication logs and machine alerts are kept off-site. Engineers available 24x7 triage the tickets and raise escalation procedures as required.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected.
Users can either phone, e-mail or report via the online service desk.
All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.
|Approach to secure software development best practice||Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£250 to £250 per licence per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||This will be a limited demonstration version of ULTRA, with a limited time period of 10 days, and for up to 10 users.|