GOV.UK
Refero Software Ltd
Refero Online Consultations
Refero is a service with a simple mission – leverage technology to provide people with convenient, easy-to-use, online access to public and private sector services. Refero’s purpose lives in the ability to connect people to experts and expertise, to help in an appropriate and timely manner.
Features
- Secure, two-way messaging between citizens and providers
- Self help capability with credible sources of information and support
- Sign posting to the most appropriate resources, services and professionals
- Secure, easy to use, one time only event video consultations
- Interoperability with CRM, EPR and primary care principal clinical systems
- Web portal, smartphone and tablet (iOS / Android) applications
- UK Sovereign, UK Dominated. Data never leaves the UK
- Artificial Intelligence overlay powered by IBM Watson
- Flexible, service catalogue driven commercial and adoption model
- Facilitates communication and collaboration between providers
Benefits
- Supports active signposting and self care
- Enables new consultation types and citizen engagement
- Actively supports reduction of Did Not Attends (DNAs)
- Reduction in time and cost associated with travel
- Nil cost or very low-cost proof of concepts trials
- Enablement of agile working frees up time and real estate
- Better patient experience as fewer outpatient appointments required
- More convenient and timely appointments can be offered
- More patients can be cared for in their own location
- Patients better educated and more invested in their own care
Pricing
£0.02 to £300 per person per year
- Education pricing available
- Free trial available
Service documents
Framework
G-Cloud 10
Service ID
739729692818333
Contact
Service scope
| Software add-on or extension | Yes, but can also be used as a standalone service |
| What software services is the service an extension to | Refero is built upon open standards and supports integration and interoperability with CRM, EPR and primary care principal clinical systems via Application Programming Interfaces (APIs). Please contact us for full information. |
| Cloud deployment model | Private cloud |
| Service constraints | The underlying UKCloud platform is engineered to be highly resilient and can tolerate both unplanned component failure and planned maintenance activities. UKCloud is committed to frequent and regular maintenance of the platform to ensure that the service delivers the highest levels of security and availability. |
| System requirements |
|
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times |
Our response times are based upon priority of the incident: P1 - Severe Business Impact - 15 minutes P2 - High Business Impact - 30 minutes P3 - Medium Business Impact - 2 hours P4 - Minor / no Business Impact - 4 hours P5 - Service Request / Service Query - 1 business day |
| User can manage status and priority of support tickets | Yes |
| Online ticketing support accessibility | WCAG 2.0 AA or EN 301 549 |
| Phone support | Yes |
| Phone support availability | 24 hours, 7 days a week |
| Web chat support | Web chat |
| Web chat support availability | 24 hours, 7 days a week |
| Web chat support accessibility standard | WCAG 2.0 AA or EN 301 549 9: Web |
| Web chat accessibility testing | None |
| Onsite support | Yes, at extra cost |
| Support levels |
Refero operates a 24x7x365 Service Desk & NOC, providing cover for incidents, service requests, change requests and technical assistance. The Service Desk is manned 08:00 to 18:00 Monday to Sunday. Out of hours coverage provided is by on-call engineers and managers who will take calls and resolve critical incidents. Our support services are managed by our dedicated skilled and certified engineers in the NOC whose goal is to take ownership of incidents and events to resolve them quickly and effectively. The level of expertise within our NOC means that most incidents are dealt with by the same team without the need to escalate to our DevOps team. The Refero Service Desk Team are supported by our ITIL V3 aligned processes and procedures which include: - Lifecycle management of incidents and service requests from logging through to resolution - Integration between the processes to manage the services and suppliers in a holistic manner - Ownership to drive resolution within SLAs - Consistency in delivery of services We provide a named Technical Account Manager for all of our customers, providing a point of escalation, a named contact for service queries and technical update / roadmap workshop sessions. |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started |
We understand the importance of successfully and sensitively engaging stakeholders in all engagements and programmes of change. We have experience in engaging with all types of stakeholders. We believe that an emphasis on stakeholder engagement and consultation is critical to the success of all projects. Our stakeholder engagement and management approach is focussed on the development and maintenance of relationships with all individuals and groups impacted and those with influence whose buy in is required to support any proposed changes, as well as general engagement with interested parties including patients. We start every engagement with an initiation meeting, bringing together the key people to clearly set the direction and objectives of the project, identify key stakeholders and their priorities, sensitivities and expectations, and agree communication and governance structures. Following initiation, we continue to work closely and collaboratively to maintain stakeholder communication and relationships throughout the project. We will develop a holistic stakeholder map and develop an engagement approach and plan that we review and sign off with clients prior to delivery. Typically, a mixture of engagement methods will be used throughout the project, including 1-to-1 meetings, workshops, attending existing groups and web-based sessions. |
| Service documentation | Yes |
| Documentation formats | |
| End-of-contract data extraction |
In the event you wish to leave our service, we will meet all necessary obligations in order to enable a smooth transition of service, including the release of any software licenses to you. Service cessation should be initiated by request in writing, where we will be happy to work with you define a service cessation plan. |
| End-of-contract process |
In the event you wish to leave our service, we will meet all necessary obligations in order to enable a smooth transition of service, including the release of any software licenses to you. Service cessation should be initiated by request in writing, where we will be happy to work with you define a service cessation plan. |
Using the service
| Web browser interface | Yes |
| Supported browsers |
|
| Application to install | Yes |
| Compatible operating systems |
|
| Designed for use on mobile devices | Yes |
| Differences between the mobile and desktop service | None |
| Accessibility standards | WCAG 2.0 AA or EN 301 549 |
| Accessibility testing | None |
| API | Yes |
| What users can and can't do using the API | Our application will feature a RESTful API service, delivered over HTTPS and secured using a multi-layer authentication approach. The API will provide access to a number of features such as statistical data and video appointment booking functionality. As well as standard authentication for access, individuals may also grant access to their data/account using an OAuth service, upon which full application functionality will be possible via the API. |
| API documentation | Yes |
| API documentation formats | |
| API sandbox or test environment | Yes |
| Customisation available | Yes |
| Description of customisation |
Requirements of individual organisations are delivered through customisation of our platform. A cloud service, built with elasticity at its core, it will scale up and down based on changes in focus and priorities at both national and local level. National priorities will be managed through ongoing regular dialogue and change requests with national stakeholders by our consultancy team of subject matter experts. Local priorities will be managed with contracting organisations. Platform development requirements will be assigned to our dedicated platform DevOps team. We will curate and share platform learning at local and national level. Management of local user groups, feedback, collection and ranking of improvement suggestions will be fed into the roadmap and reported up to national level to support learning and development of national priorities. This enables pace and flexibility for platform development, aligned to local and national needs. The most appropriate systemic milestones for platform development and approach will be clearly communicated to local and national stakeholders. |
Scaling
| Independence of resources |
In order to guarantee that users are not affected by the demands from other users, our cloud infrastructure provider (UKCloud) uses resource reservations and shares such as internet bandwidth shaping. In addition, the capacity planning team ensure that usage in terms of all resources are constantly monitored and increased accordinglty relating to user demand. Services provided by Refero are multi-instance, rather than multi-tennant, meaning that each customer gets their own dedicated instance of the service. |
Analytics
| Service usage metrics | Yes |
| Metrics types |
- Service uptake and repeat usage - User demographics - Time of day, and day of week of usage - Number of messages sent - Number of messages handled by role - Conversion of messages to face to face appointment - Number of patients using symptoms checking - Symptoms checking recommendation outcomes - Citizen satisfaction with Refero - Provider satisfaction with Refero |
| Reporting types |
|
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Conforms to BS7858:2012 |
| Government security clearance | Up to Security Clearance (SC) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | Yes |
| Datacentre security standards | Managed by a third party |
| Penetration testing frequency | At least every 6 months |
| Penetration testing approach | ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider |
| Protecting data at rest |
|
| Data sanitisation process | Yes |
| Data sanitisation type |
|
| Equipment disposal approach | Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001 |
Data importing and exporting
| Data export approach | Authorised users may export end user and configuration data from the service administrative interface. Exported data is typically downloaded as .CSV |
| Data export formats | CSV |
| Data import formats | CSV |
Data-in-transit protection
| Data protection between buyer and supplier networks |
|
| Data protection within supplier network | TLS (version 1.2 or above) |
Availability and resilience
| Guaranteed availability |
The Service Level Agreement (SLA) for Refero is 99.99% If the service level falls below the stated availability percentage (excluding Planned and Emergency Maintenance periods), customers will be eligible for Service Credits on affected Refero services. Service Credits will be calculated as a percentage of the fees for the affected services for the monthly billing period during which the failure occurred (to be applied at the end of the billing cycle). The Service Credit regime for Refero is 15% of the affected service monthly spend. |
| Approach to resilience | Our service is deployed across a number of geographic sites, regions and zones. Each zone is designed to eliminate single points of failure (such as power, network and hardware). |
| Outage reporting | All outages will be reported via email. Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. In addition, the designated Technical Account Manager will proactively contact customers as appropriate. |
Identity and authentication
| User authentication needed | Yes |
| User authentication |
|
| Access restrictions in management interfaces and support channels | For online systems (e.g. Customer Portal & API interfaces), all users are required to have a unique username, password and memorable word combination. Customers may also use 2FA authentication tokens. |
| Access restriction testing frequency | At least every 6 months |
| Management access authentication |
|
Audit information for users
| Access to user activity audit information | Users receive audit information on a regular basis |
| How long user audit data is stored for | At least 12 months |
| Access to supplier activity audit information | Users receive audit information on a regular basis |
| How long supplier audit data is stored for | At least 12 months |
| How long system logs are stored for | At least 12 months |
Standards and certifications
| ISO/IEC 27001 certification | No |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | Yes |
| Any other security certifications |
|
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes | The Company is governed by an integrated suite of information security policies. Under the top level Information Security Policy itself are second-level documents with specific focus on Acceptable Use, Antivirus Protection, Asset Management, Business Continuity Management, Data Protection, Password Management, Personnel Management, Supply Chain Management and many others. |
Operational security
| Configuration and change management standard | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Configuration and change management approach | Refero has documented configuration and change management policies and processes, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 standard. |
| Vulnerability management type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Vulnerability management approach | Refero has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of our asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention. |
| Protective monitoring type | Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402 |
| Protective monitoring approach | Our service is based upon UKCloud Infrastructure as a Service. Following best practice from the National Cyber Security Centre, UKCloud protects both its Assured and Elevated platforms with enhanced protective monitoring services (SIEM), at the hypervisor level and below. Thier approach to protective monitoring continues to align with the Protective Monitoring Controls (PMC 1-12) outlined in CESG document GPG13 (Protective Monitoring for HMG ICT Systems). It includes checks on time sources, cross-boundary traffic, suspicious activities at a boundary, network connections and the status of backups, amongst many others. All alerts are immediately notified to the UKCloud NOC for prompt investigation. |
| Incident management type | Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402 |
| Incident management approach | Refero has a documented incident management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by personnel, and incidents identified and reported. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution. |
Secure development
| Approach to secure software development best practice | Conforms to a recognised standard, but self-assessed |
Public sector networks
| Connection to public sector networks | Yes |
| Connected networks |
|
Pricing
| Price | £0.02 to £300 per person per year |
| Discount for educational organisations | Yes |
| Free trial available | Yes |
| Description of free trial |
Refero offers a time limited no commitment, free trial of our service, which may be supported by equipment loan where necessary. All features are available within the trial. |
Documents
| Pricing document | View uploaded document |
| Skills Framework for the Information Age rate card | View uploaded document |
| Service definition document | View uploaded document |
| Terms and conditions document | View uploaded document |