Refero Software Ltd

Refero Online Consultations

Refero is a service with a simple mission – leverage technology to provide people with convenient, easy-to-use, online access to public and private sector services. Refero’s purpose lives in the ability to connect people to experts and expertise, to help in an appropriate and timely manner.

Features

  • Secure, two-way messaging between citizens and providers
  • Self help capability with credible sources of information and support
  • Sign posting to the most appropriate resources, services and professionals
  • Secure, easy to use, one time only event video consultations
  • Interoperability with CRM, EPR and primary care principal clinical systems
  • Web portal, smartphone and tablet (iOS / Android) applications
  • UK Sovereign, UK Dominated. Data never leaves the UK
  • Artificial Intelligence overlay powered by IBM Watson
  • Flexible, service catalogue driven commercial and adoption model
  • Facilitates communication and collaboration between providers

Benefits

  • Supports active signposting and self care
  • Enables new consultation types and citizen engagement
  • Actively supports reduction of Did Not Attends (DNAs)
  • Reduction in time and cost associated with travel
  • Nil cost or very low-cost proof of concepts trials
  • Enablement of agile working frees up time and real estate
  • Better patient experience as fewer outpatient appointments required
  • More convenient and timely appointments can be offered
  • More patients can be cared for in their own location
  • Patients better educated and more invested in their own care

Pricing

£0.02 to £300 per person per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

739729692818333

Refero Software Ltd

G-Cloud Team

0203 957 7800

g-cloud@refero.xyz

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Refero is built upon open standards and supports integration and interoperability with CRM, EPR and primary care principal clinical systems via Application Programming Interfaces (APIs). Please contact us for full information.
Cloud deployment model Private cloud
Service constraints The underlying UKCloud platform is engineered to be highly resilient and can tolerate both unplanned component failure and planned maintenance activities. UKCloud is committed to frequent and regular maintenance of the platform to ensure that the service delivers the highest levels of security and availability.
System requirements
  • Service Connectivity: Internet, N3/HSCN, PSN or Private Ethernet
  • Service Access: All modern Internet browsers and operating systems supported
  • Service Access: All modern iOS and Android devices supported

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our response times are based upon priority of the incident:

P1 - Severe Business Impact - 15 minutes
P2 - High Business Impact - 30 minutes
P3 - Medium Business Impact - 2 hours
P4 - Minor / no Business Impact - 4 hours
P5 - Service Request / Service Query - 1 business day
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Refero operates a 24x7x365 Service Desk & NOC, providing cover for incidents, service requests, change requests and technical assistance. The Service Desk is manned 08:00 to 18:00 Monday to Sunday.

Out of hours coverage provided is by on-call engineers and managers who will take calls and resolve critical incidents.

Our support services are managed by our dedicated skilled and certified engineers in the NOC whose goal is to take ownership of incidents and events to resolve them quickly and effectively. The level of expertise within our NOC means that most incidents are dealt with by the same team without the need to escalate to our DevOps team.

The Refero Service Desk Team are supported by our ITIL V3 aligned processes and procedures which include:

- Lifecycle management of incidents and service requests from logging through to resolution
- Integration between the processes to manage the services and suppliers in a holistic manner
- Ownership to drive resolution within SLAs
- Consistency in delivery of services

We provide a named Technical Account Manager for all of our customers, providing a point of escalation, a named contact for service queries and technical update / roadmap workshop sessions.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We understand the importance of successfully and sensitively engaging stakeholders in all engagements and programmes of change. We have experience in engaging with all types of stakeholders.

We believe that an emphasis on stakeholder engagement and consultation is critical to the success of all projects. Our stakeholder engagement and management approach is focussed on the development and maintenance of relationships with all individuals and groups impacted and those with influence whose buy in is required to support any proposed changes, as well as general engagement with interested parties including patients. We start every engagement with an initiation meeting, bringing together the key people to clearly set the direction and objectives of the project, identify key stakeholders and their priorities, sensitivities and expectations, and agree communication and governance structures.

Following initiation, we continue to work closely and collaboratively to maintain stakeholder communication and relationships throughout the project. We will develop a holistic stakeholder map and develop an engagement approach and plan that we review and sign off with clients prior to delivery. Typically, a mixture of engagement methods will be used throughout the project, including 1-to-1 meetings, workshops, attending existing groups and web-based sessions.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction In the event you wish to leave our service, we will meet all necessary obligations in order to enable a smooth transition of service, including the release of any software licenses to you.

Service cessation should be initiated by request in writing, where we will be happy to work with you define a service cessation plan.
End-of-contract process In the event you wish to leave our service, we will meet all necessary obligations in order to enable a smooth transition of service, including the release of any software licenses to you.

Service cessation should be initiated by request in writing, where we will be happy to work with you define a service cessation plan.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing None
API Yes
What users can and can't do using the API Our application will feature a RESTful API service, delivered over HTTPS and secured using a multi-layer authentication approach. The API will provide access to a number of features such as statistical data and video appointment booking functionality. As well as standard authentication for access, individuals may also grant access to their data/account using an OAuth service, upon which full application functionality will be possible via the API.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Requirements of individual organisations are delivered through customisation of our platform. A cloud service, built with elasticity at its core, it will scale up and down based on changes in focus and priorities at both national and local level.

National priorities will be managed through ongoing regular dialogue and change requests with national stakeholders by our consultancy team of subject matter experts. Local priorities will be managed with contracting organisations. Platform development requirements will be assigned to our dedicated platform DevOps team.

We will curate and share platform learning at local and national level.

Management of local user groups, feedback, collection and ranking of improvement suggestions will be fed into the roadmap and reported up to national level to support learning and development of national priorities.

This enables pace and flexibility for platform development, aligned to local and national needs. The most appropriate systemic milestones for platform development and approach will be clearly communicated to local and national stakeholders.

Scaling

Scaling
Independence of resources In order to guarantee that users are not affected by the demands from other users, our cloud infrastructure provider (UKCloud) uses resource reservations and shares such as internet bandwidth shaping. In addition, the capacity planning team ensure that usage in terms of all resources are constantly monitored and increased accordinglty relating to user demand.

Services provided by Refero are multi-instance, rather than multi-tennant, meaning that each customer gets their own dedicated instance of the service.

Analytics

Analytics
Service usage metrics Yes
Metrics types - Service uptake and repeat usage
- User demographics
- Time of day, and day of week of usage
- Number of messages sent
- Number of messages handled by role
- Conversion of messages to face to face appointment
- Number of patients using symptoms checking
- Symptoms checking recommendation outcomes
- Citizen satisfaction with Refero
- Provider satisfaction with Refero
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Authorised users may export end user and configuration data from the service administrative interface. Exported data is typically downloaded as .CSV
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The Service Level Agreement (SLA) for Refero is 99.99%

If the service level falls below the stated availability percentage (excluding Planned and Emergency Maintenance periods), customers will be eligible for Service Credits on affected Refero services. Service Credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the failure occurred (to be applied at the end of the billing cycle).

The Service Credit regime for Refero is 15% of the affected service monthly spend.
Approach to resilience Our service is deployed across a number of geographic sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware).
Outage reporting All outages will be reported via email. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Technical Account Manager will proactively contact customers as appropriate.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels For online systems (e.g. Customer Portal & API interfaces), all users are required to have a unique username, password and memorable word combination. Customers may also use 2FA authentication tokens.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Refero has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Refero has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of our asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Our service is based upon UKCloud Infrastructure as a Service. Following best practice from the National Cyber Security Centre, UKCloud protects both its Assured and Elevated platforms with enhanced protective monitoring services (SIEM), at the hypervisor level and below. Thier approach to protective monitoring continues to align with the Protective Monitoring Controls (PMC 1-12) outlined in CESG document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks on time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and the status of backups, amongst many others. All alerts are immediately notified to the UKCloud NOC for prompt investigation.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Refero has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by personnel, and incidents identified and reported. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks
  • Public Services Network (PSN)
  • New NHS Network (N3)
  • Joint Academic Network (JANET)
  • Other

Pricing

Pricing
Price £0.02 to £300 per person per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Refero offers a time limited no commitment, free trial of our service, which may be supported by equipment loan where necessary.

All features are available within the trial.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑