3E Europe Limited

CIRIS for NICE Compliance

Delivered as a service over the Internet, CIRIS for NICE Compliance is workflow solution for compliance with NICE guidance where assessments are devolved to clinicians. All stakeholders - including clinicians, service managers, clinical committees and the board - can have direct access to the system.


  • All NICE guidance prepopulated in the system
  • Automated guidance assignment, assessment, assurance, ratification and action progress monitoring
  • Audit requirement assessment with configurable criteria
  • Comprehensive set of standard reports
  • All workflow participants receive online forms via email
  • Principal assessor can delegate assessments of selected recommendations to clinicians
  • Import data from legacy systems
  • Bundle reports into a single PDF and schedule its distribution
  • Support for single sign-on
  • Application Program Interface (API) for links to other systems


  • Configurable automated end-to-end business process
  • One system - no more reinput of Recommendations from spreadsheets
  • One system - no more reinput of assessments from spreadsheets
  • All 26,000+ NICE recommendations in a searchable repository
  • Single repository for all NICE compliance related matters
  • Automated progress chasing and monitoring of actions
  • Automated report distribution to predefined user groups
  • Configurable workflow task timescale and escalation rules
  • No more end-user training - instructions built into all forms
  • All the advantages of an in-house solution without the risk


£3618 to £12170 per licence per year

  • Free trial available

Service documents

G-Cloud 11


3E Europe Limited

Richard Brown

01223 421148


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support is business hours, Monday to Friday. We typically respond the same day, but sooner depending on severity of the ticket and in line with our stated response times in our SLA.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a comprehensive level of support for the duration of the license at no additional cost (except for onsite support). Members of the support team have sufficient technical expertise to handle the vast majority of support requests, and direct access to specialists to assist in the resolution of issues.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide online training for system administrators. End-user training is not required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Each report has an export button that allows users to export their data in CSV format. We also have a service that exports all uploaded documents, which we forward on to the client via e-mail, DVD etc.
End-of-contract process At the end of the contract, access to CIRIS is removed and customer data deleted. Therefore, customers must ensure that they export any data they wish to retain prior to expiry of the contract. There are no additional costs involved in the off-boarding process.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
Service interface Yes
Description of service interface Access using an internet browser.
Accessibility standards None or don’t know
Description of accessibility Web pages are titled, have headings and labels. Help is context-sensitive and text-based. Functions, like buttons and menus, have captions. All non-text content presented to users has a text alternative, except for content uploaded by end-users who have not specified a text alternative for the non-text content.

Navigation within and between pages is simple and consistent; there are just two clicks to most data in the application. User input is validated before submission and errors are described in text.

Web pages do not contain anything that flashes more than three times in any one second period.
Accessibility testing We have not performed any testing with users of assistive technology
What users can and can't do using the API Users can retrieve, edit, insert and delete rows from any report in the service via the API. Documents stored in the service can also be retrieved via the API.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The configurable elements includes forms, email alerts, reports, dashboards, data transformations, query customisation and query permissions, making CIRIS a feature-rich and flexible enterprise platform for managing NICE Compliance. CIRIS can be configured by 3E or by the customer with or without reference to 3E.


Independence of resources Our hosting partner has built-in support for enterprise-class network segregation between client environments, and segregation between networks within client environments. On the application side, we monitor the response times for each customer, and adjust the system as necessary to maintain response times in accordance with our service level agreements.


Service usage metrics Yes
Metrics types For each user, CIRIS keeps a record of the dates and times that the user logged in and logged out, along with which reports the user ran. CIRIS also includes an audit trail facility that can be configured to record every change to a field in a record as well as providing a function to view records that have been deleted.
Reporting types
  • API access
  • Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach CIRIS provides users the functionality to export any report to CSV format, which can be read by Microsoft Excel. Added flexibility for exporting data is provided through the CIRIS Application Programming Interface (API).
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 3E shall use all reasonable commercial efforts to ensure that CIRIS is operational and available 99.99% of the time in any calendar month, excluding the Scheduled Maintenance Time, and that it runs 90% of reports within 6 seconds, and all reports within 30 seconds. However, this does not apply to any performance issues cause by events outside of 3E’s control, customer equipment and/or third party equipment that is not within the primary control of 3E, limitations, delays, and other problems inherent in the use of the internet and electronic communications.
Approach to resilience Available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels CIRIS allows system administrators to control access to the application and to individual reports. 3E provide support to named contacts.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We have Cyber Essentials Accreditation. We are working towards compliance with ISO 27001 : 2013.
Information security policies and processes We have developed internal polices and procedures regarding information security. All employees must adhere to these policies and any breach reported to senior management. We perform audits to ensure that policies are being correctly followed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have operational documents that detail the configuration of each component in the system. Any changes required must be documented, and must include the procedure for making those changes and a roll-back plan. This is then submitted to QA, who apply it to a test environment, evaluate it and perform regression testing prior to accepting/rejecting it. Once accepted, the operational documents are updated and a schedule for rolling out the change is drawn up.
Vulnerability management type Undisclosed
Vulnerability management approach 3E has a patch management policy that specifies that all critical patches released by vendors be applied within one month of their publication, and important patches within two months. News regarding potential treats come from signing-up to vendor news feeds and daily industry bulletins.
Protective monitoring type Undisclosed
Protective monitoring approach We collect and study the event logs and application logs of all servers involved in the delivery of CIRIS. Furthermore, we monitor firewall logs, web-server logs and database logs. Any potential compromise is recorded in the incident log and an investigation begun immediately.
Incident management type Undisclosed
Incident management approach 3E has a documented incident management policy that describes how to handle incidents. Users can report incidents via email or telephone.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3618 to £12170 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We provide a guided tour of the application and then give the customer a free unrestricted access to a fully-functional version of the application containing demo data. The trial period is usually for a period of up to one month.

Service documents

pdf document: Pricing document odt document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑