SkinVision
SkinVision empowers individuals to self check their skin for early signs of skin cancer by transforming their smartphone into a CE Marked medical device.
Our machine learning algorithm recognises early signs of melanoma, basal cell carcinoma and squamous cell carcinoma and is supported by a team of medical professionals.
Features
- Individuals can self check skin with smartphone cloud app
- Digital first primary care, fast access to convenient health
- Scientifically proven accurate ML algorithm (95% sensitivity)
- Available on iOS and Android, runs from cloud
- CE certified as a medical device
- Immediate answer whether spot shows early signs of skin cancer
- Real time insight in activity & results data of userbase
- Managed Population health management programme
- Body Mapping promotes ease of use and regular self care
- Skin cancer awareness & education
Benefits
- Drive early detection of skin cancer ( ~150,000 patients annually)
- Free up scarce time of GP and Dermatologist
- Reduce pressure on health system
- Reduce health inequality, accessible to all with a smartphone (>85%)
- Improve performance on cancer targets, including 28 days to diagnosis
- Improve efficiency skin cancer care pathway
- Reduce face to face appointments
- Triage based on medical need so urgent cases prioritised
- Patient centred follow up management
Pricing
£10 to £20 a user a year
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
5 1 4 3 4 9 1 0 1 9 1 4 2 9 7
Contact
SkinVision BV
<removed>
Telephone: <removed>
Email: <removed>@97aaf97c-014e-40b5-81fe-b589bd966963.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
SkinVision is available for both iOS and Android. SkinVision is available on most Android smartphones (from 2017) and iPhones (5 and higher), excluding tablets like iPads.
We strive to deliver a high quality service for all users. Because mobile devices hardware varies, we are, unfortunately, not able to provide our service on every device. This means that we do not support devices which are unable to meet the requirements needed to provide an accurate risk indication, these are usually old or simple models. A list can be found here:
https://www.skinvision.com/compatibility - System requirements
-
- Device type is mobile phone. Tablets are not supported.
- Device is not rooted or jailbroken
- Device runs an official Android version or Android runtime
- Minimum OS version: Android >=4.4 iOS>=10.0
- Minimum device RAM 1GB
- Android devices need to be certified by Google
- Back-facing camera present
- Torch (flashlight) present
- Video preview feed resolution of 1080p is supported
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- On weekdays we strive to respond within 24 hours
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Our webchat is available via a pop up on our web page and creates a direct chat conversation with one of our customer support members.
- Web chat accessibility testing
- No dedicated testing is done for assistive technology users.
- Onsite support
- No
- Support levels
-
SkinVisions program management team will drive the program management, including kick off, IT development (when necessary), operations and awareness campaigns. The team is dedicated to designing and launching successful programs, this support is included in the pricing.
SkinVisions customer care is available on weekdays to support end users with any questions they may have. Customer Care may be reached via email, in app messaging or the chatbox on our website at no extra cost. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
SkinVision's program management team will work together with the client to explain the service, understand the needs of each segment of the target cohort and codesign the success metrics and communication plan. The SkinVision team will resource the bulk of the work.
For the end user we have media available to understand the service, including:
- www.skinvision.com
-youtube video's: https://www.youtube.com/channel/UC0S7A_z4rATdIACdyo1aK0w
-FAQ https://skinvision.zendesk.com/hc/en-us/categories/200985265-FAQ-SkinVision
- Customer support
- Instructions for use: https://content.skinvision.com/website/en/instructions-for-use.pdf - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
As part of GDPR compliancy, the client never has insight in personal and medical data of the end users of SkinVision.
The end users of SkinVision always have access to their SkinVision data within the SkinVision app, even if the subscription ends and can extract the data from there. - End-of-contract process
-
SkinVision can set up large scale population management programs where a cohort has unlimited access to our services.
When the contract ends, the client may extend the service and end users can continue to use the service as is. If for whatever reason, the contract is terminated, end users will continue to access their historical data within the SkinVision app but are unable to do new skin checks. These individuals may purchase their own SkinVision products to continue enjoying the services.
SkinVision will provide a final dashboard with data on activity & results to the client and update any communication on SkinVision's media. As the service is used by individuals, no technical disengagement is needed.
There are no extra costs for any of these activities.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- SkinVision Skin Checks are only available via our app on the smartphone (iOS & Android) as we need the smartphone camera to capture the skin spot.
- Service interface
- No
- API
- No
- Customisation available
- Yes
- Description of customisation
-
SkinVision's experience can be tailored to best meet the partners need, including:
- Tailored messaging to activate users
- Tailored in app and external communication campaigns
- Dedicated landing web page to explain the service
- Co branding and partner specific messaging throughout app
- Language
- Variation in active functionaility by partner
Scaling
- Independence of resources
- We host our services on AWS cloud. Auto scaling is in place in case of high demand from customers.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
SkinVision has real time insight in the activity and results of our programs, including:
- # active users
- # skin checks done
- % of high risk skin checks
- # suspected skin cancers identified through our platform
- £ saved thanks to SkinVision
- Performance data against service KPI's
All this data is aggregated and anonymised. - Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Encryption of all physical media
- Other
- Other data at rest protection approach
- All data is stored on AWS using AES-256 encryption.
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- End users of our service can always access the results of their skin checks on SkinVision's smartphone application. They can continue to do so even when the contract between the client & SkinVision is terminated.
- Data export formats
- Other
- Data import formats
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We can include a reasonable SLA (e.g. app availability, customer support response) as part of our agreement.
- Approach to resilience
- Important measure to make the system resilientare: making use of AWS infrastructure, making frequent backups and having infrastructure as code.
- Outage reporting
- Email alerts are sent out in case of anomalies and immediate action is taken.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Protected by strong passwords and 2factor authentication and can only be accessed from within the SkinVision network
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI Group
- ISO/IEC 27001 accreditation date
- 16/07/2019
- What the ISO/IEC 27001 doesn’t cover
- ISO27001 Statement of applicability has only 1 exception in relation to Delivery and loading at premises. the office has a single front door and suppliers therefore enter here as part of general access control.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO27001
- NEN7510
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Information Security Management System is setup according to ISO 27001
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Change management is handled in the QMS according to 7.1 and 7.3.9 from ISO 13485:2016. System requirements are kept up-to-date and are traceable during the lifetime of the service. Security officer has to sign off all changes to the service.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Technical risk assessment is done in the form of threat modeling to identify vulnerabilities and other information security risks of the SkinVision infrastructure.
Patches can be deployed within one day when really required.
Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained (e.g. AWS Security Bulletins) - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Using Amazon GuardDuty to detect threats automatically. User can report incident via itsecurity@skinvision.com which is published on the website.
When potential compromise is reported initial triage will be done which includes defining the risk level. In case of risk level major and critical immediate containment is performed by the Incident Response Team. The immediate containment includes ensuring evidence is preserved, containment actions are executed and stakeholder are informed. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incidents are handled according to Security Incident Response Procedure. Continuity plan is in place for severe incidents which could threaten the continuity of the organisation. Special procedure exist for reportable incident where relevant National Competent Authority needs to be notified.
Users can report incidents via itsecurity@skinvision.com which is published on the SkinVision website.
Incident reports are logged in the internal ticketing system.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Pricing
- Price
- £10 to £20 a user a year
- Discount for educational organisations
- No
- Free trial available
- No