Medical Tracker

Medical Tracker

Medical Tracker moves schools to a paperless first aid and medical condition management tool. We provide an easy to use application with daily updates from MIS applications with student data, instant notifications for parents/ staff, GDPR compliant user access, actionable H & S reporting and more.


  • Report accidents and illnesses with simple to use DfE-compliant forms
  • Create real-time reporting for accident analysis
  • Notify parents, carers and staff members through instant email notifications
  • Record HSE compliant Near Miss and Staff/Visitor reports
  • Upload or create individual health care plans
  • Manage medication consent flows for short or long term medication
  • Track medication and first aid qualification expiry dates
  • Create GDPR compliant user roles for data access
  • Access on any device, anywhere, 24 hours a day
  • Live automated 24 hour link with your management information system


  • Ensure all records are compliant with legislation
  • Reduce serious incidents, report to governors for H&S meetings
  • Save time and ensure necessary persons are notified of incidents
  • Ensure you are HSE compliant with standardised drop-down forms
  • All staff can access and be aware of medical conditions
  • Easily know which students have consent to take prescribed medication
  • Ensure medication and first aid qualifications never expire
  • GDPR compliant users permissions to ensure security of personal data
  • Always have access to medical records
  • Never enter information twice with our live MIS integration


£450 to £2000 per licence per year

Service documents


G-Cloud 11

Service ID

5 5 7 4 9 9 8 2 2 7 3 3 9 0 3


Medical Tracker

Luke O'Dwyer

020 3743 9599

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
We currently support automatic integration for Arbor, Bromcom, Engage, CMIS, Integris G2, iSAMS, PASS/3SYS, Progresso, Prosolution, PupilAsset, ScholarPack, SIMS.
Cloud deployment model
Private cloud
Service constraints
System requirements
  • Web browser
  • Internet

User support

Email or online ticketing support
Email or online ticketing
Support response times
Medical Tracker shall ensure that the help-desk is operational and adequately staffed during Business Hours during the Term. Within the SLA we offer the following response times:
critical: 2 Business Hour;
serious: 8 Business Hours;
moderate: 3 Business Days; and
minor: 10 Business Days.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Directly through the web application during office hours.
Web chat accessibility testing
Onsite support
Support levels
All accounts will be managed by an account manager. All customers receive the same level of support as outlined in our SLA.

There is no additional costs for support.
Support available to third parties

Onboarding and offboarding

Getting started
Online training and user documentation enable for a quick start to using Medical Tracker. Any support issues can be raised with a member of the team.
Service documentation
Documentation formats
End-of-contract data extraction
Through a .csv export available to 'Super-users'.
End-of-contract process
Everything that is on offer with Medical Tracker is included in the per annum cost.

The only time we would charge is for bespoke features that other schools would not benefit from (custom integration).

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The application has been designed to work on tablet devices rather than actual mobiles.

The difference between tablet and desktop services is simply the drop-downs in menus to make it 'tablet-friendly'.
Service interface
Customisation available
Description of customisation
Depending on the access levels you can customise who receives automated notifications, who can access the system, the notifications templates sent to parents, the drop-downs within the application and what actions users can take.


Independence of resources
We have industrialised processes internally that grow with the demand that users place on our service.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Through a .csv export available to specific 'Super-users'.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
We use reasonable endeavours to ensure that the uptime for the Hosted Services is at least 99% during each calendar month.

Users would be refunded through the extension of their licence for the period the application was not available.
Approach to resilience
This information is available on request.
Outage reporting
Email alerts and through in-app notifications.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Email and password with 2FA.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We are currently working towards our ISO/IEC 27001 and this is due to be finished in October 2019.
Information security policies and processes
We ensure that all users within the organisation's domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organisation stretches its authority.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
This is available on request.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
This is available on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
This is available on request.
Incident management type
Supplier-defined controls
Incident management approach
This is available on request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£450 to £2000 per licence per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑