Enodatio Consulting Ltd

Cross Charges - Managing Out-Of-Area Sexual Health Charges

Streamline your out-of-area cross charging process for sexual health activity / GUM services.
Providers can identify each responsible local authority, issue charges with compliant backing data and track invoices.
Local authorities / councils can automatically check backing-data to validate cross-charges against customisable rules and process valid invoices from providers.


  • Simple and easy to use system for managing cross-charges
  • Providers upload all activity data in standardised formats
  • Providers automatically identify which Local Authorities to invoice
  • Providers submit invoices with GDPR compliant backing-data to LAs
  • Providers track processing of invoices through to payment
  • Local Authorities define customisable rules for validating out-of-area activity
  • Local Authorities automatically identify charges provided with validated backing data
  • Local Authorities track processing of valid or disputed invoices
  • Various reports available to track / audit activity levels


  • Spend less time managing the cross charging process
  • Providers spend less time calculating charges / issuing invoices
  • Providers spend less time chasing for payment
  • Local Authorities spend less time validating whether charges are payable
  • Local Authorities spend less time in disputes over backing data
  • Easy to manage, even when key staff are on leave


£2000 to £4500 per licence per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

7 8 1 3 8 2 7 1 2 3 2 7 7 0 8


Enodatio Consulting Ltd

Jon Gilbert



Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Planned maintenance will be announced to users and scheduled to avoid peak times (e.g. month-end).
System requirements
  • Web-browser interface
  • Providers to upload charges in standardised Excel format

User support

Email or online ticketing support
Email or online ticketing
Support response times
8hr business day response, Monday - Friday 9am -5pm excluding Bank Holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Cross Charges is a Software-as-a-Service product with Service Desk, Hosting, Infrastructure Support all included within the cost. Standard Service Desk support is the same for all customers: Service Desk hours 9am to 5pm weekdays (except bank holidays), accessed via email or phone, responses within 8 hours (typically within 1 hour), severity one incidents addressed within a further 8 hours. The Service Desk is staffed with trained and experienced staff who able to resolve the majority of incidents on the first call.
Support available to third parties

Onboarding and offboarding

Getting started
The standard onboarding process is free and consists of the initial set-up and user training. We set up the administrators who can then manage the rest of the staff. Each customer will have an account manager who takes care of the onboarding process to enable the correct configuration set-up and user familiarisation with the software. Users have access to user guides. Integrated user help is built into the software and online training is provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can access their cross charges data in CSV/ODF/Excel format at the end of the contract.
End-of-contract process
Users can access their cross charges data in CSV/ODF/Excel format at the end of the contract, without additional charge.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Service interface
Customisation available
Description of customisation
Users can configure validation rules (e.g. local authorities can set when they will pay charges) via the web interface. This configuration can be restricted by user roles.


Independence of resources
Performance across all customer systems is monitored with real-time dashboard displaying utilisation of processor, memory and disk, and extra capacity can be added if required.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The system allows users to generate spreadsheets in a standardised format via a web interface, to export their cross charges information.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
Excel (.xlsx)
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
Excel (.xlsx)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Cross Charges SLA is 99.9% availability during core hours (9am to 5pm weekdays except bank holidays) and 99% outside core hours with the exception of scheduled maintenance. Maintenance windows for application enhancements, system patching and security updates are notified to the user and scheduled outside peak times (i.e. outside core hours and avoiding month-end where possible)

If availability falls below 99.9% in core hours in a month - users are refunded 10% of licence fee for that period.
Approach to resilience
Cross Charges' datacentre setup is resilient through redundant hardware, ensuring continuity of service to our guaranteed SLA. In the unlikely event of a full site disaster, our offsite backups ensure disaster recovery processes can be quickly and efficiently enacted. More information is available to our customers on request.
Outage reporting
Customers are alerted by email if any significant outage has occured or is occuring.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Data centre has ISO/IEC 27001

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Our data centre's security governance is certified to ISO/IEC 27001.
Information security policies and processes
All staff and subcontractors comply with an integrated business management system, which contractually obliges them to follow this, with disciplinary actions linked in with all policies and procedures we operate. All staff have direct line managers who report to a Director.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All proposed Change Requests (CRs) to Cross Charges are reviewed and must be approved in advance at senior level. They are assessed in relation to product development pathways, infrastructure management and information security prior to any approval. The CR specifies all configurations items that will be impacted by the change and, once the change has been completed, tested and implemented the product manager verifies that these changes have been logged centrally.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our operations team are tasked with ensuring all security threats are assessed for likelihood and impact. Security patches are applied during scheduled maintenance. Severe risks may result in a low-impact unscheduled maintenance window while critical risks may result in immediate suspension of service for application of security patches. All patches/hot-fixes recommended by the equipment/software vendors are installed, even if those services are temporarily or permanently disabled.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Compromises are determined through system monitoring. If a compromise is detected the operations team are informed and will assess the severity and liaise with any clients affected. Incidents are dealt with immediately where clients are always informed within the hour with our basic analysis of the situation.
Incident management type
Supplier-defined controls
Incident management approach
We operate full business management to meet compliance and follow an incident management procedure. All parties should report incidents to the company via their normal channel and incident reports will be provided in response.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£2000 to £4500 per licence per year
Discount for educational organisations
Free trial available
Description of free trial
Three-month trial versions of the service are available for new clients.

Service documents

Return to top ↑