SurgiQ Ltd

SurgiQ service improvement platform

SurgiQ is a real-time platform for tracking and planning health and social care services in the NHS. Providing visual management of processes (including surgical and non-surgical pathways and waiting list) with a unique prioritisation method. Bringing fully audited data, tracked changes and automatic planning of resources (including theatres, beds, staff).


  • Demand management, forecasting and capacity planning
  • Real-time waiting list management, auditing and scheduling
  • Data-driven automatic planning of resources (theatres, beds, staff...)
  • Comprehensive data audit trail (who did what, when, why)
  • Unique prioritisation method which implements the NHS Constitution urgency classes
  • Web-based access and configuration for improved flexibility
  • Quick on-boarding and deployment, in-app training
  • Extensive use of standards and coding (ASA, ICD, OPCS)
  • Highly skilled information governance professionals, ISO 27001 certification in progress
  • Open to integration, uses industry standards (HL7) and APIs


  • Protection against waiting time breaches, patient stratification and easier reporting
  • Reduced LOS Length of stay, postponements and cancellations
  • Streamline the pre-op workup and the access to elective care
  • Improved team communication, roles and responsibility separation
  • Improved bed planning and theatre productivity
  • Improved access to data, forecasting and prediction of capacity needs
  • Improved transparency and equity, better information to patients, reduces out-of-area
  • Monitors pathways in integrated care settings and across organisations
  • Support implementation of ERAS GIRFT SWORD
  • Helps reduce unwanted variations and implement organisational changes


£25000 per instance per year

Service documents


G-Cloud 11

Service ID

7 6 6 6 6 6 3 8 6 2 5 4 2 8 8


SurgiQ Ltd

Ivan Porro

020 7859 4632

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Patient Administration System, Electronic Health Record
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints Typical deployment scheme is to embrace a public cloud first policy maintaining a clear separation between customers by means of adopting a Virtual Private Cloud architecture.
SurgiQ works with a range of selected partners.
Other deployments are allowed but must agreed during project scoping / assessment.
More information available on request.
System requirements
  • Any modern web-standard compliant browser
  • Web access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard SLA: Mon to Fri (excluding bank holidays), between 9:00am and 5:30pm. Time to first response: within 4 working hours. Time to resolution (critical): within 6 working hours. Time to resolution (non critical): within 32 working hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing Assistive technologies are not implemented. The chat will link the user with a SurgiQ agent.
Onsite support Yes, at extra cost
Support levels Standard support levels ("critical" and "non-critical") are described in the Terms and Conditions document.
Support provided via email, telephone and online facilities. "Support tickets" will be allocated to a team of technical support engineers, with escalation to the Support Manager.
Cost of Standard SLA Support is included in cost of software use.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online user guides and tutorials are provided. The product includes a Tour and a contextual help to facilitate first time use.
Up to 2 general audience Kick-off / launch meetings and up to 16 hours of class (max 10 students) training are included in the price.
Additional on-site training can be arranged at an extra cost.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Key data on processes is always downloadable via the web interface before the contract ends. Specific export can be arranged.
End-of-contract process Service is terminated and all user access are disabled accordingly with a shared shut-off plan.
At an additional cost, data can be kept for a grace period after service shut-down. Otherwise data is automatically destroyed on service termination.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Tablet is the only mobile device supported.
Service interface Yes
Description of service interface A complete, real-time web platform to view and manage the fully audited data of the patient pathways.
Accessibility standards None or don’t know
Description of accessibility Increase/decrease font sizes using browser controls. Color is not used as a visual means of conveying information, except in charting for line colors, and in the patient scheduling simulator or in the waiting list order where however it is not the sole means. Audio is not used as a means for prompting the user to take any action, or for conveying information except in optional support videos. Clear labels and controls are provided when content requires user input. Any items in error are identified and the error is clearly explained. Errors and alerts do not rely only on color.
Accessibility testing None done.
What users can and can't do using the API HL7 v2.x standard messages API is enabled by default.
A FHIR interface can be enabled on request.
Custom integrations (REST API, SQL) can be enabled on request.
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The onboarding process includes customisation of the pathways to client's needs. The platform also provides an administrator interface (web-based, integrated into the application) to customise several aspects and configurations (including user roles) provided the users have enough privileges (as defined during onboarding). Example: end user can configure when a theatre is available during the week, to which surgical services and for which specialties and admission types (or even procedure) it is made available, PAC opening hours, association between wards and hospital sites, etc.


Independence of resources The service has been designed to scale to meet demand.


Service usage metrics Yes
Metrics types Access per users (unique users, unique work sessions); browser and device type statistics; number of patients managed. Others can be configured as part of the setup phase.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach The web interface allows all processed data to be downloaded as Excel tables, the printing functions shows reports in PDF format.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Detailed SLAs are agreed with the customer at point of contract negotiation.
As a standard, service availability is guaranteed at 99% over a period of one year.
Approach to resilience Available on request.
Outage reporting Server or network outages are reported via the Service Desk Portal, as published on the SurgiQ support pages.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication LDAP, OpenLDAP
Access restrictions in management interfaces and support channels Different modules of the platform may provide different access and authentication methods.
Role Based Access Control is employed.
The system presents information where necessary to users with granted permissions. All accesses are auditable.
Access restriction testing frequency At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Internal security policies, procedures and training. ISO 27001 in progress.
Information security policies and processes Internal policy and procedures are followed. These are available on request.
The policy dictates Account and Password management requirements; Data handling procedures and Responsibilities; and Employee responsibility and issue escalation.
The security policies are disseminated to staff via internal training and any Information Security concerns are raised via the internal service desk software and escalated to the Chief Information Security Officer for immediate review. SurgiQ management reserves the right to conduct an internal audit on projects to ensure that best practice is being followed and policy is being adhered to.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Software versioning tools are employed. Change management is tracked via an internal change ticketing system. There is a Change Control policy for software versioning (available on request). Recent versions of system documentation are archived.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Non urgent software patches are released as scheduled upgrade. Any urgent software updates are applied as soon as regression testing is completed.
Potential threats are identified via the service support help desk.
Protective monitoring type Supplier-defined controls
Protective monitoring approach When potential risks are identified by us or notified by users, we escalate immediately to the relevant third-party supplier to respond. They would typically respond to a significant incident within 4 hour
Incident management type Supplier-defined controls
Incident management approach Incidents are reported by email or via online support desk system. The status and updates on the progress of incidents (or linked groups of incidents) can be accessed online with updates provided as per the SLA.
Issue resolution is supported by internal documentation and Knowledge Base for resolution of common problems. This documentation is reviewed by the delivery department.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks Health and Social Care Network (HSCN)


Price £25000 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A free trial of the system is accessible online, on a shared demo environment, which shows a set-up configured for a surgical department, with waiting list, pre-admission clinic and overall pathway management to show process modeling capabilities.
A non-disclosure agreement is required to access the free demo.
Link to free trial Link provided on request.

Service documents

Return to top ↑