Living With Ltd

Living With Condition Management Platform

Living With will be the UK market leader in cloud based digital solutions for the self management of chronic conditions and multimorbidity, for both the public and private healthcare industries, using its suite of Living with solutions to change behaviour and so reduce costs and improve patient outcomes


  • Management of long term health conditions
  • Providing personalised content and tools for patients
  • Providing clinical interfaces to give visibility of patient progress
  • Capturing Patient Reported Outcome Measures


  • Using PROMS to optimise appointments
  • Track patients progress to adjust medication as appropriate
  • Reduce treatment cycle times.
  • Reduce length of some appointments in a treatment series
  • Increase periods between consultations due to self management


£10 per licence per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10


Living With Ltd

David Anahory


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints None
System requirements
  • Browser access - Internet Explorer, Edge, Google Chrome, Firefox, Safari
  • Firewall not to block access to the platform domain

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Depending on the SLA and level of severity of the issue. Initial response is 30 minutes, fix times vary depending on severity. Standard support is Mon-Friday 8am - 6pm. Enhanced Support is 24/7.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Support costs are included in the licence.
P1-There is a total loss of the functionality provided by the Software and the software is mission critical. Most content and site functions are not available to most users
P2. Some operations can continue in a highly restricted fashion, but there is some severe and critical loss of use of functionality affecting the majority of users. Major site pages or most content are unavailable to most users.
Major site features not functioning (e.g. search, alerts).
Most users are unable to access significant portions of content.
Severe performance problems across the site.
P3. The s Software can be used with some restrictions, but some of the software does not function correctly and no alternative features are available to achieve equivalent functionality.
Broken site functionality that does not prevent users' access to content.
P4 The Software can be used with some inconvenience because some of the Software does not function correctly. Users can work around the problem or may use alternative features in the Bloomsbury Collections Software to achieve equivalent functionality. Spelling error or incorrect spacing or punctuation.
Cosmetic display issues that do not prevent users from accessing the content on the site.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide both onsite and online training. We supply extensive documentation and user guides. We also supply online videos which provide easy to follow step by step instruction.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data can be downloaded at any time, via the export tools available. This can also be used to import data into a company's data warehouse.
End-of-contract process Migration of data an be completed within the cost of the contract. Additional costs will only arise if data to be exported needs to be in a format different to the standard one we use.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No differences- fully responsive.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Regular user groups with people with disabilities to ensure, hearing or sight impairments, or physical impairments do not prevent the user from using the software.
What users can and can't do using the API The API can provide access to all the content and data generated by the platform. This allows connectivity with external devies, wearables, CRM or EPR.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Customisation allows information thats specific to a clinic, hospital or NHS trust. All information and treatment options can be customised to reflect desired patient pathways.


Independence of resources Platform structure is scaled so that no more than 20% of capacity is used at any one time. Full multi-tenant environments ensure that usage is linked to the number of user licences each customer has.


Service usage metrics Yes
Metrics types We provide a weekly report on service usage, showing invitations to use the service, people who have accepted, active users, how active and engaged they are etc.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Through the web inteface provided there is a one click export facility of requested data. You can select what data you wish to export through a wizard.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Service level availability for core services is 99.999% for non-core it is 99.95%.
Approach to resilience Available in request
Outage reporting Email alerts and text alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Access is restricted to authenticated users, either clinicians or customers.Unauthenticated users are rejected and are unable to access management interfaces or support channels.
Access restriction testing frequency At least every 6 months
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Day to day management of security is delegated to the security officer. There are documented policies that he is responsible for ensuring that the business follows. Any breaches of policy are logged and reviewed by management on a monthly basis. The Managing Director has overall board responsibility for Security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Each feature is allocated to a release managed in JIRA. The software build for each release, is run via the continuous integration server and is subject to both automated and manual testing. Any changes to this feature in the future are logged in JIRA and are taken into a development Sprint. Testing will include security testing for changes to the existing feature to ensure no vulnerabilities are introduced as part of the update to the feature.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We have automated tools running scripts to highlight any potential vulnerability. We also have a number of tools which highlight potential vulnerabilities which send alerts to the development team to investigate.Any issues highlighted whether through tests or alerts on potential attacks are highlighted and investigated. We aim to deploy patches within 4 hours of the potential threat being highlighted, in most cases patches are deployed within less time.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protective monitoring of services is delivered through active reporting on the platform. Any potential issues are notified to the development team to investigate. We aim to deploy any relevant software patches within 4 hours.
Incident management type Supplier-defined controls
Incident management approach For Incident management we use a trouble ticketing tool called Zendesk. We get users to report incidents, these reports must be responded to within 30 minutes with a target resolution time of 4 hours in 95% of cases. Incident reports are available to customers on request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £10 per licence per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial The ability to be set up on the Living With platform. Time limited trial of between 120-180 days. Unlimited users during this period.


Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑