SocialOptic Ltd

SurveyOptic Patient Outcomes and Experience Platform

SurveyOptic delivers and manages surveys, forms and diagnostic questionnaires in a secure, reliable and accessible way. It delivers high completion rates, automates follow ups, reminders and removals, and enables secure data import, export and integration. As well as PROMs and PREMs, it enables engagement and satisfaction measurement for other stakeholders.


  • Responsive Desktop, Mobile and Tablet friendly web interface.
  • Wide web browser support for from Internet Explorer 6 upwards.
  • WCAG 2.0 compliant and fully compatible with assistive technologies.
  • Multi-lingual and multi-language support
  • Score, filter and analyse responses and trends
  • Preserves the presentation and integrity of standardised instruments.
  • Automatically generated, real-time PDF reports, scoring and data exports.
  • Optional email or text invitations and automated reminders for respondents.
  • Support staff surveys and questionnaires, feedback management and consultations
  • Email/SMS/Text notification and import for paper-based forms.


  • Enables digital-first data collection, reducing cost and saving time.
  • Optimised interface delivers fast responses and high completion rates.
  • Integrated branding and logos to provide consistent user experience.
  • Easy data-migration, with import from or export to other systems.
  • Full re-use of data and analysis for all stakeholders.
  • Measure outcomes and engagement to gain insights and improve processes.
  • Template and repeat surveys and question sets to speed development.
  • Support for questions and help text in multiple languages.
  • Control responses by date, quotas or exit criteria.
  • Data visualisation and statistics to provide rapid insights.


£40.83 per user per month

Service documents

G-Cloud 10


SocialOptic Ltd

Caalie Ellis

0203 393 6591

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No.
System requirements
  • Working internet connection
  • A supported browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 hour - 4 hours, based on severity.

8am-6pm week days with 24/7 service monitoring.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AAA
Web chat accessibility testing Tested using validation tools and manual testing.
Onsite support Yes, at extra cost
Support levels SocialOptic prides itself on providing friendly and effective customer service and support. Standard support hours are from 8am to 6pm Monday to Friday, excluding bank and public holidays.

The service is available and monitored on a 24x7 basis, via the SocialOptic service assurance infrastructure, and support requests can be raised electronically 24x7. The support service includes telephone, email, web-based and in-app support for all issues and queries.

Calls are handled by our highly skilled staff, and call severity will be categorised under the following three levels:
Severity 1 – Complete loss of service affecting multiple users. Response time < 30 minutes.
Severity 2 – Partial loss of service affecting a minority of users. Response time < 60 minutes.
Severity 3 – Issue affecting and individual user. Response time < 4 hours.

We provide a named support contact for each account, so that there is someone familiar with the particular use case, and able to answer questions within the organisational context.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started SocialOptic provides a smooth and easy onboarding experience, with a named contact on hand to provide support who will work with you to understand your objectives and requirements. An email address is all that is required to set up an account - logins are created instantly. We also provide optional tailored web-based training, and an on-site training option for groups.

The process for inviting new users is straight forward, and achieved by simply entering their email address via the user interface. There is an optional import service to automate transferring existing data on to the service, and our support staff are always happy to help with technical questions.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction CSV export
End-of-contract process Users can delete their own accounts, or accounts can be disabled (locked) via an administrator account. Users can export data as text CSV (comma separated variable) files, with descriptive headers, prior to deleting their account. Data is exported over a secure TLS encrypted link, using a standard web browser.
Exporting of data is freely available via the web interface at a user level. Data is also available via a RESTful API (Application Programming Interface), in JSON format. There is no additional cost to use the API, although extremely high volume requests may be rate limited. Key data may also be exported in PDF format as reports.
Our customer success team are always happy to help with onboarding or offboarding, and there is no charge for exporting data.
Data is scrubbed from systems within 30 days of account deletion, if that data is not held in common with any other user accounts. Data expires from backups by rotation. Custom data exports are available by arrangement, and charged according by the rate card, according to effort.
At the end-of-contract all accounts will be removed within 7 days, and all data destroyed within 30 days, and removed from backups by rotation.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Timeline page not available on low resolution devices.
Accessibility standards WCAG 2.0 AAA
Accessibility testing Tested using validation service and manual testing.
What users can and can't do using the API Users can create, edit and remove projects, work streams, milestones and actions.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources Each user is handled in an independent process, with separately managed memory and processor resources. A resource scheduling algorithm limits the maximum resources allocated to a specific user thread, protecting other threads from resource starvation.


Service usage metrics Yes
Metrics types Number of active users
Number of active plans
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach CSV export, PDF reports.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability SocialOptic has extensive operational experience, and has been running Software as a Service platforms for nearly 10 years. All systems are monitored 24x7 and target a 99.999% availability level, by using redundant systems with automated switch over. There are no scheduled maintenance windows that are excluded from the SLA, and SocialOptic operates a "zero-downtime" methodology for system updates. Should availability fall below the target SLA, a support request can be raised to obtain a pro rata refund for any outage over 30 minutes. Availability is measured to the edge of the data centre, and does not cover users' Internet Access or third party remote systems.
Approach to resilience Primary, secondary and tertiary facilities are used, with redundant mirroring. Further details available on request.
Outage reporting Public status page

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels User credentials are used to secure management interfaces and support channels and provide strong authentication. All communications make use of session level encryption to protect confidentiality and integrity. Access controls are subject to regular review, as part of the overall security policy, and scanning and penetration testing is used to increase assurance.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Between 1 month and 6 months
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards IASME and Cyber Essentials
Information security policies and processes Information Security is a board level responsibility, and is a standing agenda item at all board meetings. Security policies and procedures are regularly reviewed. SocialOptic meets the requirements of Cyber Essentials and is IASME certified, operating the core controls of the ISO27001 standard. We adhere to the model of the Cabinet Office Security Policy Framework and implement the CESG Cloud Security Principles and the requirements of new GDPR legislation. Change control systems are used throughout the service process, and regular security scans are part of the release and operate process.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components and system configurations are managed through a version control system, with a full audit log, and impact assessment process. All newly developed software goes through a code review, and is subject to vulnerability scanning as part of the release process, both in development and in the live environment.
Vulnerability management type Supplier-defined controls
Vulnerability management approach SocialOptic operates a distributed patch management and monitoring system. All operating system patches and enhancements are automatically applied to production systems, with an automated rollback where required. This ensures that updates are applied in a regular, timely manner, with the minimum impact to service. SociaIOptic operates regular scans for vulnerabilities and malware, together with log auditing. SocialOptic subscribes to the relevant advisory feeds for OS and major software components and monitors emerging threats through engagement with vendors, CERTS, specialist groups and community partners.
Protective monitoring type Supplier-defined controls
Protective monitoring approach SocialOptic's protective monitoring process logs all user session activity, backup status and suspicious device boundary activity. Logs are collected, analysed for potential compromises or inappropriate use, and archived. Where incidents are identified, the Incident Management Process is followed, and remedial action taken, if required.
Incident management type Supplier-defined controls
Incident management approach SocialOptic has a defined Incident Management Process. This includes Incident identification, Incident logging, Incident categorisation, Incident prioritisation, Initial diagnosis and Escalation. It is a closed loop process including resolution and communication throughout the lifecycle of the incident. Global incidents are reported via the status page & public feeds, while individual user incidents are communicated via the user's preferred communications channel.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £40.83 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Single survey, limited to 14 days.
Link to free trial


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑