SkinVision BV


SkinVision empowers individuals to self check their skin for early signs of skin cancer by transforming their smartphone into a CE Marked medical device.

Our machine learning algorithm recognises early signs of melanoma, basal cell carcinoma and squamous cell carcinoma and is supported by a team of medical professionals.


  • Individuals can self check skin with smartphone cloud app
  • Digital first primary care, fast access to convenient health
  • Scientifically proven accurate ML algorithm (95% sensitivity)
  • Available on iOS and Android, runs from cloud
  • CE certified as a medical device
  • Immediate answer whether spot shows early signs of skin cancer
  • Real time insight in activity & results data of userbase
  • Managed Population health management programme
  • Body Mapping promotes ease of use and regular self care
  • Skin cancer awareness & education


  • Drive early detection of skin cancer ( ~150,000 patients annually)
  • Free up scarce time of GP and Dermatologist
  • Reduce pressure on health system
  • Reduce health inequality, accessible to all with a smartphone (>85%)
  • Improve performance on cancer targets, including 28 days to diagnosis
  • Improve efficiency skin cancer care pathway
  • Reduce face to face appointments
  • Triage based on medical need so urgent cases prioritised
  • Patient centred follow up management


£10 to £20 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 1 4 3 4 9 1 0 1 9 1 4 2 9 7


SkinVision BV Gavin Matthews
Telephone: +447887651944

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
SkinVision is available for both iOS and Android. SkinVision is available on most Android smartphones (from 2017) and iPhones (5 and higher), excluding tablets like iPads.
We strive to deliver a high quality service for all users. Because mobile devices hardware varies, we are, unfortunately, not able to provide our service on every device. This means that we do not support devices which are unable to meet the requirements needed to provide an accurate risk indication, these are usually old or simple models. A list can be found here:
System requirements
  • Device type is mobile phone. Tablets are not supported.
  • Device is not rooted or jailbroken
  • Device runs an official Android version or Android runtime
  • Minimum OS version: Android >=4.4 iOS>=10.0
  • Minimum device RAM 1GB
  • Android devices need to be certified by Google
  • Back-facing camera present
  • Torch (flashlight) present
  • Video preview feed resolution of 1080p is supported

User support

Email or online ticketing support
Email or online ticketing
Support response times
On weekdays we strive to respond within 24 hours
User can manage status and priority of support tickets
Phone support
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Our webchat is available via a pop up on our web page and creates a direct chat conversation with one of our customer support members.
Web chat accessibility testing
No dedicated testing is done for assistive technology users.
Onsite support
Support levels
SkinVisions program management team will drive the program management, including kick off, IT development (when necessary), operations and awareness campaigns. The team is dedicated to designing and launching successful programs, this support is included in the pricing.

SkinVisions customer care is available on weekdays to support end users with any questions they may have. Customer Care may be reached via email, in app messaging or the chatbox on our website at no extra cost.
Support available to third parties

Onboarding and offboarding

Getting started
SkinVision's program management team will work together with the client to explain the service, understand the needs of each segment of the target cohort and codesign the success metrics and communication plan. The SkinVision team will resource the bulk of the work.

For the end user we have media available to understand the service, including:
-youtube video's:
- Customer support
- Instructions for use:
Service documentation
Documentation formats
End-of-contract data extraction
As part of GDPR compliancy, the client never has insight in personal and medical data of the end users of SkinVision.

The end users of SkinVision always have access to their SkinVision data within the SkinVision app, even if the subscription ends and can extract the data from there.
End-of-contract process
SkinVision can set up large scale population management programs where a cohort has unlimited access to our services.

When the contract ends, the client may extend the service and end users can continue to use the service as is. If for whatever reason, the contract is terminated, end users will continue to access their historical data within the SkinVision app but are unable to do new skin checks. These individuals may purchase their own SkinVision products to continue enjoying the services.

SkinVision will provide a final dashboard with data on activity & results to the client and update any communication on SkinVision's media. As the service is used by individuals, no technical disengagement is needed.

There are no extra costs for any of these activities.

Using the service

Web browser interface
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
SkinVision Skin Checks are only available via our app on the smartphone (iOS & Android) as we need the smartphone camera to capture the skin spot.
Service interface
Customisation available
Description of customisation
SkinVision's experience can be tailored to best meet the partners need, including:
- Tailored messaging to activate users
- Tailored in app and external communication campaigns
- Dedicated landing web page to explain the service
- Co branding and partner specific messaging throughout app
- Language
- Variation in active functionaility by partner


Independence of resources
We host our services on AWS cloud. Auto scaling is in place in case of high demand from customers.


Service usage metrics
Metrics types
SkinVision has real time insight in the activity and results of our programs, including:
- # active users
- # skin checks done
- % of high risk skin checks
- # suspected skin cancers identified through our platform
- £ saved thanks to SkinVision
- Performance data against service KPI's

All this data is aggregated and anonymised.
Reporting types
Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
All data is stored on AWS using AES-256 encryption.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
End users of our service can always access the results of their skin checks on SkinVision's smartphone application. They can continue to do so even when the contract between the client & SkinVision is terminated.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We can include a reasonable SLA (e.g. app availability, customer support response) as part of our agreement.
Approach to resilience
Important measure to make the system resilientare: making use of AWS infrastructure, making frequent backups and having infrastructure as code.
Outage reporting
Email alerts are sent out in case of anomalies and immediate action is taken.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Protected by strong passwords and 2factor authentication and can only be accessed from within the SkinVision network
Access restriction testing frequency
At least once a year
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
BSI Group
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO27001 Statement of applicability has only 1 exception in relation to Delivery and loading at premises. the office has a single front door and suppliers therefore enter here as part of general access control.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • ISO27001
  • NEN7510

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information Security Management System is setup according to ISO 27001

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change management is handled in the QMS according to 7.1 and 7.3.9 from ISO 13485:2016. System requirements are kept up-to-date and are traceable during the lifetime of the service. Security officer has to sign off all changes to the service.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Technical risk assessment is done in the form of threat modeling to identify vulnerabilities and other information security risks of the SkinVision infrastructure.

Patches can be deployed within one day when really required.

Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained (e.g. AWS Security Bulletins)
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Using Amazon GuardDuty to detect threats automatically. User can report incident via which is published on the website.

When potential compromise is reported initial triage will be done which includes defining the risk level. In case of risk level major and critical immediate containment is performed by the Incident Response Team. The immediate containment includes ensuring evidence is preserved, containment actions are executed and stakeholder are informed.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incidents are handled according to Security Incident Response Procedure. Continuity plan is in place for severe incidents which could threaten the continuity of the organisation. Special procedure exist for reportable incident where relevant National Competent Authority needs to be notified.

Users can report incidents via which is published on the SkinVision website.

Incident reports are logged in the internal ticketing system.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£10 to £20 a user a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.