Messly Workforce Engagement

Messly Workforce Engagement offers healthcare organisations an opportunity to connect directly into over 20,000 doctors to share key information and announcements, capture feedback and reach doctors more effectively. We provide bespoke online engagement campaigns targeting junior doctors leveraging our expertise in reaching and communicating with doctors nationally.


  • Share key information with medical workforce online
  • Promote organisation to medical workforce and wider community
  • Targeted doctor communication to doctors via mobile app
  • Engage workforce through medical app
  • Feedback and reviews from medical workforce
  • Bespoke online campaigns to engage medical workforce
  • Promote organisation on social media
  • Real-time analytics and reporting on feedback
  • Dedicated support team available


  • Improve engagement with the medical workforce
  • Better visibility of organisation - access to 20,000 doctors
  • Improve reputation of organisation - promote to 20,000 doctors
  • Save medical workforce time - increase efficiency
  • Increase uptake of vacant posts - access to 20,000 doctors
  • Improved collaboration within medical workforce
  • Monitor wellbeing and morale of staff
  • Better insights into problems facing workforce
  • Improve process for reporting problems - improve staff morale
  • No obligation free trial - risk free


£500 to £1000 per unit

  • Free trial available

Service documents


G-Cloud 11

Service ID

5 0 4 2 6 1 7 6 5 1 3 8 4 8 2



Abrar Gundroo


Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Bank Builder - Add doctors to your staff bank by accessing top medical talent from our community of UK-based clinicians.
Messly Locum - Manage your rota gaps efficiently improving fill rates.
Cloud deployment model Public cloud
Service constraints None
System requirements
  • Internet connection
  • Minimum browser requirements

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Weekdays: Within 2 hours
Weekends: Within 24 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible WCAG 2.0 A on all checklist items except:

1.4.1 – Use of Colour: Don’t use presentation that relies solely on colour

2.1.1 – Keyboard: Accessible by keyboard only
Web chat accessibility testing Basic assistive technology check against WCAG 2.0 A checklist
Onsite support Onsite support
Support levels Ongoing Support:

- Account Manager as point of contact
- Available through phone and email 9:00-17:00 Monday to Friday. Two Hours response time
- Out of hours /weekend support is provided via email ticketing and live-chat. Twenty-four hour response time
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide comprehensive

1. Preparation

We take an initial review of current processes and requirements of each organisation. This includes understanding current processes and engagement levels.

2. Agree targets

We work collaboratively with organisations to assess their current requirements. We use these to build bespoke campaigns targeted at doctors within the organisation.

Where end-users are required to engage with Messly, we offers in person staff training for all relevant staff. This takes approx 30 mins. Our support team is available on an ongoing basis to answer any queries, troubleshoot issues and support adherence to new processes..

Alongside this Messly runs a campaign in conjunction with the organisation to inform doctors of the new process, including on site drop-in events and online outreach.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction We are able to provide full data extraction of trust and department level data on request at no cost. Data is provided CSV format with one week notice required.
End-of-contract process Termination can be easily requested by contacting the assigned Account Manager. There are no termination costs.

No uninstallation is required. The end-user’s account will be blocked with immediate effect.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Our platform is built with best practice Responsive Web Design (RWD) enabling access from any internet-connected mobile device. The user interface has been optimised to enable the product feature to be identical on both mobile to desktop.
Service interface Yes
Description of service interface We operate a RESTful Application Programmable Interface that enables Messly products to securely communicate with each other, expose data and programmatically connect with external services to augment functionality. The methods we use are performed over HTTP, including GET, POST, PUT and DELETE.
Accessibility standards None or don’t know
Description of accessibility WCAG 2.0 A on all checklist items except:
1.4.1 – Use of Colour: Don’t use presentation that relies solely on colour
2.1.1 – Keyboard Accessible by keyboard only
Accessibility testing Basic assistive technology check against WCAG 2.0 A checklist
What users can and can't do using the API Messly's API is a fully featured RESTful JSON API.

Users can integrate with and use our API by generating an authentication token for their account which is passed along with every request as a header.

With API access set-up, users can then:
- apply for and confirm attendance for shifts.
- apply and join hospital departments.
- set up trust level work eligibility and payroll information.
- add relevant medical information (grade, specialty, work history, exams etc. )
- post department shifts.
- offer to and approve doctors to work shifts.
- invite, remove and accept doctors into your department's approved "locum bank".
API documentation Yes
API documentation formats Other
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The software has in-built features to enable users to customise their experience, both on setup and through the duration of the contract from within the application.

This includes:

- Cohort of doctors to target
- Communications to be sent to doctors
- Information to be shared with doctors


Independence of resources We have monitoring tools and have implemented some restrictions on our shared environments to ensure that usage does not affect the performance of individual users. In the case that you do experience any type of performance issues with the server, we are able to migrate your users to a new environment.


Service usage metrics Yes
Metrics types Messly can provide reporting on any activity that takes place on the platform, and can tailor reports to your needs.

Standard reports on engagement campaigns include

Number of doctors reached
Number of doctors engaged
Feedback received from doctors
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Export made by request to Messly. All exports are provided in CSV format.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99% uptime SLA for end-users

Pro rata refund for failure to meet uptime e.g. 0.5% additional downtime would incur refund of 0.5% contract value.
Approach to resilience Available on request.
Outage reporting 1. Public banner on website homepage
2. Email and SMS alerting to relevant end-users
3. Uptime Robot (for internal monitoring)

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Members of the doctor community must provide a valid GMC number.
Access restrictions in management interfaces and support channels Restriction in management interfaces and support channels is based on secure individual user login and passwords. End-users are assigned individuals roles within the application which restrict their access to specific interfaces they are not required to interact with.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications SSL Certification

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IG Toolkit v14.1
Information security policies and processes * Data Protection Act Compliant
*ICO registered with registered data controller
*Fully Caldicott compliant
* Security roles and responsibilities
* Specifying risk appetite, tolerance, scope and period of risk assessment, and ongoing risk management process
* Security standards
* Disaster recovery policy
* Incident response policy
* Security awareness, training, and education
* Asset access specifying access rights to categories of assets and how these are managed
* Staff training to ensure adherence to policy, policy waivers and exceptions, and consequences of non-compliance

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We adopt Agile methodology through the Scrum framework:

- Our product owner creates a prioritised wish list (product backlog).
- During sprint planning, the team pulls a small chunk from the top of that wish list, a sprint backlog, and decides how to implement those pieces.
- The team has a certain amount of time — a sprint (usually two to four weeks) — to complete its work, but it meets each day to assess its progress and monitor changes.
- At the end of the sprint, detailed quality assurance is carried out to ensure components are ready to ship.
Vulnerability management type Undisclosed
Vulnerability management approach Vulnerabilities are assessed at two levels:

1. Server level: These are assessed by our third-party host who have a dedicated team to assessing potential threats and addressing them which entails deploying patches, typically within 48 hours.

2. Application Level:
Our development team regularly use vulnerability management software (Qualys) to assess for vulnerabilities. These are run against the OWASP Top 10 Risks and common hacker techniques. Patching is typically deployed within 48 hours.
Protective monitoring type Undisclosed
Protective monitoring approach We use a number of different tools to assess potential compromises:

- Sucuri’s SiteCheck
- Google Webmaster Tools
- Google Safe Browsing diagnostics
- Scanner

If a vulnerability is identified we follow a rigorous 4-stage process within 24 hours to identify and restore the site as quickly as possible.

1. Application take offline
2. Assess the damage and apply restoration of data if necessary
3. Work on recovery and preventative solutions
4. Application restored online
Incident management type Supplier-defined controls
Incident management approach We follow rigorous 8-stage incident management

1. Identifying Incidents
Based on compromise testing

2. Logging Incidents
Submitted by end-users via online ticketing system and email

3. Categorising Incidents
Categorisation based on inputted category/subcategory or email topic.

4. Prioritisation of Incidents
Based on impact/urgency/priority metrics

5. Initial Diagnosis of Incidents
Carried out by member of service desk

6. Escalation of Incidents
Tickets escalated based on level of inactivity to prevent incidents from being missed.

7. Investigation and Diagnosis of Incidents

8. Resolution and Recovery of Incidents
Status of incident updated and fed back to end-user with outcome via bespoke email reporting.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £500 to £1000 per unit
Discount for educational organisations No
Free trial available Yes
Description of free trial This is agreed with customers on a case-by-case basis.

Service documents

Return to top ↑