Our Mobile Health

Assessment of Digital Health Apps & Wearables (Cloud-based)

We provide an assessment service using the latest NHS health apps and wearables standards for digital health services. Our cloud-based solution includes a self-assessment and expert review. The owner of an app or wearable receives confidential feedback and guidance from our many expert assessors to improve their product.


  • Assessment to NHS Digital standards
  • Automated workflow and reminders
  • Information gathering uses conditional branching, ensuring only relevant questions asked
  • Online consultancy to assist app/wearable owners being assessed
  • Hugely experienced team always on call
  • Always up-to-date with current/upcoming regulation, standards & best practice
  • Independent expert reviewers


  • Assessment to the highest standards
  • Ensure compliance with all relevant laws, regulations & standards
  • Expertise on tap to assist with successful assessment
  • Only ever get relevant information requests
  • Preserves anonymity of reviewers whilst enabling follow-up questions & responses
  • Works completely independent of location of any participant
  • Efficient automated process


£3200 per unit per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Our Mobile Health

Julie Bretland

07799 133 598


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints N/A
System requirements Internet Connectivity

User support

User support
Email or online ticketing support No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our standard support is 2 working days response time within the following times, included in the service cost.
Normal Working Week: Monday to Friday, excluding Bank Holidays and between Christmas and New Year.
Normal Working Day: 09.00-17.00 - 7.5 hours excluding Bank Holidays and between Christmas and New Year.
Office hours 09.00-17.00 Monday-Friday excluding Bank Holidays and between Christmas and New Year.
Alternative levels of support including onsite support can be organised by special arrangement.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide user documentation online as well as training over the phone or by video call. Onsite training and workshops can be provided by arrangement.

The onboarding process is straightforward; the participants are each sent a welcome email when their accounts are created. On clicking the hyperlink within the email, each user must first set their password. Once logged in, the user is presented with a set of structured questions behind which there is branched logic and an automatic scoring system.

As the assessment is progressed, the user is provided with guidance throughout the process.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction On request, an OMH administrator with the necessary security permissions is able to extract the relevant data into a CSV file.
End-of-contract process There are no additional costs at the end of a contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is no difference as the solution is completely web-based.
Customisation available Yes
Description of customisation The buyer may choose to limit or expand the scope of an assessment for a mobile application.


Independence of resources Automated monitoring offers 24x7 immediate notification and escalation to our operational teams providing around-the-clock network, application, and server support. A link from our website provides any user with the current status of the platform.


Service usage metrics Yes
Metrics types The user is able to review progress through the dashboards and it is possible to generate custom reports on request.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest Encryption of all physical media
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach On request to our administrators by phone or email.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Legacy SSL and TLS (under version 1.2)
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Our assessment solution is based on a proven third party platform that offers an uptime SLO of 99.9%.
Approach to resilience Our solution is a customised set of forms and questionnaires using a proven third party platform. This is a tried and tested architecture with resilience designed into their system architecture and they maintain an SLO that exceeds 99.9% availability.
Outage reporting Automated monitoring offers 24x7 immediate notification and escalation to our operational teams providing around-the-clock network, application, and server support. A link from our website provides realtime status of the platform. Email alerts are automatically sent to OMH's support team.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Username or password
  • Other
Other user authentication Unique API token for each user to automate login process.
Access restrictions in management interfaces and support channels Management interfaces and support channels are restricted through the user permissions granted to each user role. By default, users do not have management or administrator access.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We are in the process of working towards ISI/IEC 27001
Information security policies and processes OMH has an Information Security Policy. The CTO and CEO discuss security standards and requirements at the monthly meeting and adhoc as necessary to cater for changes.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach The development team uses an agile development methodology. The development team employs secure coding techniques and best practices that are described by The Open Web Application Security Project (OWASP). Developers are formally trained in secure web application development practices at least annually. We also use peer-review model to ensure code complied with sated objected.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our third party supplier is responsible for monitoring and managing any vulnerabilities. Any changes are managed and released through their change control process which are documented in their releases.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The platform that delivers our solution is actively monitored in real time, ensuring that potential compromises are responded to at the earliest opportunity.
Incident management type Supplier-defined controls
Incident management approach Incidents can be reported by email or phone to our support team where they will be logged and prioritised (P1-P3) accordingly. Updates and incident resolution will be fed back by email.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3200 per unit per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A trial may be made available on request

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑