ULTRA Laboratory Information Management System

Cirdan ULTRA is a dedicated Laboratory Information System (LIS)/Laboratory Information Management System (LIMS). ULTRA meets the needs of high throughput, multi-site laboratories with complex requirements, from single discipline laboratories to large multi-lab organisations with advanced specimen routing requirements. ULTRA is designed for high volume data entry and minimal user input.


  • End-to-end clinical, analytical, managerial solution for all laboratory disciplines.
  • Secure with role based Access control and Full Audit Facilities.
  • Integration with analysers from your chosen vendors.
  • Specialist laboratory modules work standalone or fully integrated.
  • Image Integration including your chosen Digital Pathology scanners.
  • Comprehensive interoperability for external systems including EHR, Registries, Order Comms.
  • Billing/costing information integrated with a variety of finance packages.
  • Customisation of features including Management Reporting using BIRT.
  • Support 24/7 with access to Subject Matter Experts.
  • Training packages for clinicians, scientists, pathologists, administrators, IT staff


  • Scale from small/single discipline to multi-lab/multi-discipline/100Mill tests per year.
  • Secure for data at rest/in transit (confirms to ISO/IEC 27001).
  • Rapid on-boarding process with training and configuration service supplied.
  • Accessible readily from any device with an internet web browser.
  • Holistic process with personalized/departmental dashboards and full audit trails.
  • Management Intelligence and Data Analytics Reporting Tools as standard.
  • Can support a laboratory with their ISO 15189 Regulatory compliance.
  • Cloud hosting provides advanced fail-over, resilience and disaster recovery.
  • Inclusive of managed services for system support, maintenance and updates.
  • Proactive monitoring tools as standard to ensure peak performance.


£250 to £250 a licence a month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 12

Service ID

4 6 3 7 9 5 7 2 3 4 3 2 5 1 0



Presales Team


Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
System requirements
  • A HTML browser e.g. Chrome/Firefox/Safari 9+/Internet Explorer 11+/Microsoft Edge
  • No additional plugins required

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our SLAs can offer 24/7 support with response times up to 1/2 hour.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
We aim to provide a comprehensive set of services that are covered by your annual licence fee including the following: toll free help desk and online bi-directional communication via the Cirdan Incident Management for reporting incidents; technical product support (Levels 3 & 4); committed response times; detailed incident management tracking; nominated Account Manager; license usage monitoring, evaluation and feedback.

Additional Level 1 & 2 support services are available at extra cost, subject to an SLA agreement.
Support available to third parties

Onboarding and offboarding

Getting started
We engage in an initial Discovery exercise where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
Microsoft Word
End-of-contract data extraction
Oracle database extract into transportable files.
End-of-contract process
At the end of the licence term, access to the ULTRA system will be terminated and arrangements will be made to provide data held on ULTRA in a suitable and secure format, to be agreed and costed separately.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The mobile service includes all those features provided in the desktop service, however, due to the complexity of some screens our recommendation is that mobile devices no smaller than a tablet device are used.
Service interface
Description of service interface
The service is accessed through a web browser.
Accessibility standards
None or don’t know
Description of accessibility
Although not compliant to WCAG 2.1 AAA, WCAG 2.1AA or WCAG 2.1A, we are aware of these standards and incorporate them wherever possible into the design of all of our user-interface screens.
Accessibility testing
We currently do not carry out interface testing of this kind. However, a Community of Practice is being developed with customers so this type of testing will be implemented in the future.
What users can and can't do using the API
To use the API, users must first sign up as a Development Partner, and then user training and documentation can be made available.

Through the API, users can interrogate data from ULTRA and carry out standard processes, for example, a test request for a patient may be ordered.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Configuration Menus are an integral part of the ULTRA product and are available to any trained user. They provide customisation of, for example: specimen labelling, patient reports, individual and departmental dashboards.


Independence of resources
The service can be scaled as required based on performance metrics.
Each client is hosted in a separate environment.


Service usage metrics
Metrics types
Service availability
Incident/change management reports
Storage utilisation
Backup reporting
Support issues requiring escalation
Additional metrics can be reported on as required.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Customer data can be exported upon request. Data is stored on an Oracle database and data can be exported into transportable files.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.5% availability is standard, with higher availability on a sliding cost scale.

Cirdan will endeavour to make the service available without disruption during normal service hours, as detailed in the SLA, however, allowances should be made for service downtime to enable critical software upgrades and system maintenance.

Note guarantees cannot be met where local network connectivity is lost.

In the event that service availability is not met, refunds can be made subject to the terms set out in the SLA, for example, in the form of extended contract period days or additional consulting/training days etc.
Approach to resilience
ULTRA and Oracle database services are deployed in a fault tolerant and highly available manner. For both application and database tiers, relevant clustering and load-balancing technologies are employed to ensure high availability of ULTRA services.
Outage reporting
All outages are reported via email alerts.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
All access to the system, including management interfaces, is provided by Role Based Access Control which is dependent on the entry of a username and password.
Access to online support is managed by Role Based Access Control.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
December 2018
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We are ISO 27001 accredited and this drives the content of the following policies and processes we follow:
Information Security Policy
Office & Remote Working Policy
Information Communication Acceptable Use Policy
Access Control & Asset Management Policy
Secure Development Policy
Crytopgraphic Policy
GDPR Policy
These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.

These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer notified of risks, rollbacks and timelines for approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.
Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket. All authentication logs and machine alerts are kept off-site. Engineers available 24x7 triage the tickets and raise escalation procedures as required.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected.
Users can either phone, e-mail or report via the online service desk.
All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)


£250 to £250 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
This will be a limited demonstration version of ULTRA, with a limited time period of 10 days, and for up to 10 users.

Service documents

Return to top ↑