Medical Tracker

Medical Tracker

Medical Tracker moves schools to a paperless first aid and medical condition management tool. We provide an easy to use application with daily updates from MIS applications with student data, instant notifications for parents/ staff, GDPR compliant user access, actionable H & S reporting and more.


  • Report accidents and illnesses with simple to use DfE-compliant forms
  • Create real-time reporting for accident analysis
  • Notify parents, carers and staff members through instant email notifications
  • Record HSE compliant Near Miss and Staff/Visitor reports
  • Upload or create individual health care plans
  • Manage medication consent flows for short or long term medication
  • Track medication and first aid qualification expiry dates
  • Create GDPR compliant user roles for data access
  • Access on any device, anywhere, 24 hours a day
  • Live automated 24 hour link with your management information system


  • Ensure all records are compliant with legislation
  • Reduce serious incidents, report to governors for H&S meetings
  • Save time and ensure necessary persons are notified of incidents
  • Ensure you are HSE compliant with standardised drop-down forms
  • All staff can access and be aware of medical conditions
  • Easily know which students have consent to take prescribed medication
  • Ensure medication and first aid qualifications never expire
  • GDPR compliant users permissions to ensure security of personal data
  • Always have access to medical records
  • Never enter information twice with our live MIS integration


£450 to £2000 per licence per year

Service documents

G-Cloud 11


Medical Tracker

Luke O'Dwyer

020 3743 9599

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to We currently support automatic integration for Arbor, Bromcom, Engage, CMIS, Integris G2, iSAMS, PASS/3SYS, Progresso, Prosolution, PupilAsset, ScholarPack, SIMS.
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Web browser
  • Internet

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Medical Tracker shall ensure that the help-desk is operational and adequately staffed during Business Hours during the Term. Within the SLA we offer the following response times:
critical: 2 Business Hour;
serious: 8 Business Hours;
moderate: 3 Business Days; and
minor: 10 Business Days.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Directly through the web application during office hours.
Web chat accessibility testing N/A
Onsite support No
Support levels All accounts will be managed by an account manager. All customers receive the same level of support as outlined in our SLA.

There is no additional costs for support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online training and user documentation enable for a quick start to using Medical Tracker. Any support issues can be raised with a member of the team.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Through a .csv export available to 'Super-users'.
End-of-contract process Everything that is on offer with Medical Tracker is included in the per annum cost.

The only time we would charge is for bespoke features that other schools would not benefit from (custom integration).

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The application has been designed to work on tablet devices rather than actual mobiles.

The difference between tablet and desktop services is simply the drop-downs in menus to make it 'tablet-friendly'.
Service interface No
Customisation available Yes
Description of customisation Depending on the access levels you can customise who receives automated notifications, who can access the system, the notifications templates sent to parents, the drop-downs within the application and what actions users can take.


Independence of resources We have industrialised processes internally that grow with the demand that users place on our service.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Through a .csv export available to specific 'Super-users'.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability We use reasonable endeavours to ensure that the uptime for the Hosted Services is at least 99% during each calendar month.

Users would be refunded through the extension of their licence for the period the application was not available.
Approach to resilience This information is available on request.
Outage reporting Email alerts and through in-app notifications.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Email and password with 2FA.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are currently working towards our ISO/IEC 27001 and this is due to be finished in October 2019.
Information security policies and processes We ensure that all users within the organisation's domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organisation stretches its authority.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach This is available on request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach This is available on request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach This is available on request.
Incident management type Supplier-defined controls
Incident management approach This is available on request.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £450 to £2000 per licence per year
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑