ULTRA Laboratory Information Management System

Cirdan ULTRA is a dedicated Laboratory Information System (LIS)/Laboratory Information Management System (LIMS). ULTRA meets the needs of high throughput, multi-site laboratories with complex requirements, from single discipline laboratories to large multi-lab organisations with advanced specimen routing requirements. ULTRA is designed for high volume data entry and minimal user input.


  • End-to-end clinical, analytical, managerial solution for all laboratory disciplines.
  • Secure with role based Access control and Full Audit Facilities.
  • Integration with analysers from your chosen vendors.
  • Specialist laboratory modules work standalone or fully integrated.
  • Image Integration including your chosen Digital Pathology scanners.
  • Comprehensive interoperability for external systems including EHR, Registries, Order Comms.
  • Billing/costing information integrated with a variety of finance packages.
  • Customisation of features including Management Reporting using BIRT.
  • Support 24/7 with access to Subject Matter Experts.
  • Training packages for clinicians, scientists, pathologists, administrators, IT staff


  • Scale from small/single discipline to multi-lab/multi-discipline/100Mill tests per year.
  • Secure for data at rest/in transit (confirms to ISO/IEC 27001).
  • Rapid on-boarding process with training and configuration service supplied.
  • Accessible readily from any device with an internet web browser.
  • Holistic process with personalized/departmental dashboards and full audit trails.
  • Management Intelligence and Data Analytics Reporting Tools as standard.
  • Can support a laboratory with their ISO 15189 Regulatory compliance.
  • Cloud hosting provides advanced fail-over, resilience and disaster recovery.
  • Inclusive of managed services for system support, maintenance and updates.
  • Proactive monitoring tools as standard to ensure peak performance.


£250 to £250 per licence per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11



Jackie Devine


Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints None
System requirements
  • A HTML browser e.g. Chrome/Firefox/Safari 9+/Internet Explorer 11+/Microsoft Edge
  • No additional plugins required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our SLAs can offer 24/7 support with response times up to 1/2 hour.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels We aim to provide a comprehensive set of services that are covered by your annual licence fee including the following: toll free help desk and online bi-directional communication via the Cirdan Incident Management for reporting incidents; technical product support (Levels 3 & 4); committed response times; detailed incident management tracking; nominated Account Manager; license usage monitoring, evaluation and feedback.

Additional Level 1 & 2 support services are available at extra cost, subject to an SLA agreement.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We engage in an initial Discovery exercise where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats Microsoft Word
End-of-contract data extraction Oracle database extract into transportable files.
End-of-contract process At the end of the licence term, access to the ULTRA system will be terminated and arrangements will be made to provide data held on ULTRA in a suitable and secure format, to be agreed and costed separately.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile service includes all those features provided in the desktop service, however, due to the complexity of some screens our recommendation is that mobile devices no smaller than a tablet device are used.
Accessibility standards None or don’t know
Description of accessibility Although not compliant to WCAG 2.1 AAA, WCAG 2.1AA or WCAG 2.1A, we are aware of these standards and incorporate them wherever possible into the design of all of our user-interface screens.
Accessibility testing We currently do not carry out interface testing of this kind. However, a Community of Practice is being developed with customers so this type of testing will be implemented in the future.
What users can and can't do using the API To use the API, users must first sign up as a Development Partner, and then user training and documentation can be made available.

Through the API, users can interrogate data from ULTRA and carry out standard processes, for example, a test request for a patient may be ordered.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Configuration Menus are an integral part of the ULTRA product and are available to any trained user. They provide customisation of, for example: specimen labelling, patient reports, individual and departmental dashboards.


Independence of resources The service can be scaled as required based on performance metrics.
Each client is hosted in a separate environment.


Service usage metrics Yes
Metrics types Service availability
Incident/change management reports
Storage utilisation
Backup reporting
Support issues requiring escalation
Additional metrics can be reported on as required.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Customer data can be exported upon request. Data is stored on an Oracle database and data can be exported into transportable files.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.5% availability is standard, with higher availability on a sliding cost scale.

Cirdan will endeavour to make the service available without disruption during normal service hours, as detailed in the SLA, however, allowances should be made for service downtime to enable critical software upgrades and system maintenance.

Note guarantees cannot be met where local network connectivity is lost.

In the event that service availability is not met, refunds can be made subject to the terms set out in the SLA, for example, in the form of extended contract period days or additional consulting/training days etc.
Approach to resilience ULTRA and Oracle database services are deployed in a fault tolerant and highly available manner. For both application and database tiers, relevant clustering and load-balancing technologies are employed to ensure high availability of ULTRA services.
Outage reporting All outages are reported via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels All access to the system, including management interfaces, is provided by Role Based Access Control which is dependent on the entry of a username and password.
Access to online support is managed by Role Based Access Control.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 NQA
ISO/IEC 27001 accreditation date December 2018
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We are ISO 27001 accredited and this drives the content of the following policies and processes we follow:
Information Security Policy
Office & Remote Working Policy
Information Communication Acceptable Use Policy
Access Control & Asset Management Policy
Secure Development Policy
Crytopgraphic Policy
GDPR Policy
These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.

These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer notified of risks, rollbacks and timelines for approval.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.
Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket. All authentication logs and machine alerts are kept off-site. Engineers available 24x7 triage the tickets and raise escalation procedures as required.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected.
Users can either phone, e-mail or report via the online service desk.
All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


Price £250 to £250 per licence per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial This will be a limited demonstration version of ULTRA, with a limited time period of 10 days, and for up to 10 users.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑