NDL Software Limited

Licencing, implementation and support for the Gloucestershire Immunisation System

The Gloucestershire Immunisation System is an end-to-end vaccination solution for school age children. It supports gaining parental consent, triage, administration, delivery and reporting. The system helps improve the uptake of vaccinations, enables paperless working, provides data insights and releases valuable clinician time.


  • Intuitive and flexible parental consent eForm that is available 24/7
  • Accessible across devices including mobile phones, tablets, desktops and laptops
  • Intelligent workflow, logic and mandatory fields to improve data quality
  • Secure administration module to electronically triage and manage vaccination sessions
  • Online/offline native mobile application to administer the vaccine
  • Available for FLU, DTP/MenACWY, MMR, HPV vaccination programmes
  • Secure data transfer and storage, either Cloud or Trust hosted
  • Collect data electronically, interrogate information and report quickly and easily
  • Supported by a growing user group and online community
  • Free upgrades for the lifetime of the contract


  • Electronic online consent forms to help your organisation go paperless
  • Increases uptake as consent eForm accessible and always available
  • Save precious clinician time through effective scheduling of vaccination sessions
  • Digital records enable ordering accurate vaccine volume, reducing waste
  • Mobile application records vaccine delivery sessions, on and off line
  • System covers all school aged vaccinations (FLU, DTP/MenACWY, MMR, HPV)
  • Improves security by collecting and storing information digitally
  • Analytics to identify and focus on low up-take student populations
  • Full training, onboarding, implementation and support service provided
  • Free updates and upgrades for the lifetime of the contract


£10800 to £35400 per licence per year

Service documents


G-Cloud 11

Service ID

6 3 1 0 7 6 4 5 2 4 7 5 0 8 6


NDL Software Limited

Tom Wright

01937 543 500


Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Please see Service Definition document for list of system requirements.

User support

Email or online ticketing support
Email or online ticketing
Support response times
See Service Definition document.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
See Service Definition document.
Support available to third parties

Onboarding and offboarding

Getting started
We offer, up to 10 days as standard for onboarding and implementation, including training customer staff. Further days be requested on an ad hoc basis.
Service documentation
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
If hosted within the customer's server, all data will reside with the customer for the duration of the contract. If hosted by NDL, a full database export will be provided at the end of contract
End-of-contract process
Data assets are retained by the client and the service is terminated.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Differences between the mobile and desktop service
Users can access the Immunisation System via any internet browser. The offline module is a mobile app.ava
Service interface
Description of service interface
Browser based eforms. Mobile device application interface.
Accessibility standards
None or don’t know
Description of accessibility
Accessibility testing
Customisation available
Description of customisation
Forms and apps can be customised by NDL on request.


Independence of resources
NDL have a robust contingency plan and employ sufficient staff to meet our service demands.


Service usage metrics
Metrics types
User defined metrics based on available meta data.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
If hosted within the customer's server, all data will reside with the customer for the duration of the contract. If hosted by NDL, a full database export can be provided upon request.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
SLA contract dependant
Approach to resilience
Architectural, platform and data centre resilience. More information available on request.
Outage reporting
Client communications via agreed channels.

Identity and authentication

User authentication needed
User authentication
Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Role based access, and privileged identity management.
Access restriction testing frequency
At least every 6 months
Management access authentication
Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Certificate

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
All data is held on customer infrastructure, whether that be on premise or in the Azure Cloud option. The customer can apply their chosen standard security governance policies.
Information security policies and processes
Supplier defined controls.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Supplier defined controls.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Available on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Available on request.
Incident management type
Supplier-defined controls
Incident management approach
Available on request.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£10800 to £35400 per licence per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑