Innerstrength LTD.


Tickerfit is a web-based platform for health professionals and mobile application for patients with Heart Failure and/or undergoing cardiac rehab. TickerFit manages and delivers a curriculum of daily activity and education. Results are tracked in real-time using web based technologies enabling actionable insights and driving improved patient outcomes.


  • Healthcare practitioner dashboard allows for real-time monitoring and communication
  • Secure and confidential
  • Application can integrate with Fitbit and Apple Watch
  • Application can be adapted based on specific clinical requirements
  • Application can be adapted based on specific patient requirements
  • Patient can add in their own exercise records
  • On-site training can be provided to clinical teams
  • Passive activity recording via HealthKit/Google Fit
  • Tailored content delivery to patient - Audio/Video/PDF
  • Ability to capture Patient Reported Outcome Measures


  • Monitoring and communication allows for care programme to be adapted
  • Reduce unnecessary visits
  • Support self care and management
  • Targeted conversations for better patient outcomes
  • Improve efficiency in patient interactions
  • Provide reach and scale to healthcare professional's expertise and oversight
  • Empower patients to be in control of their own recovery


£20 to £150 per licence

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

7 9 9 1 2 3 4 6 7 7 5 8 1 9 1


Innerstrength LTD.

Avril Copeland


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Access to the mobile application can only be offered to a patient by invitation from a healthcare professional.
System requirements
  • Internet access with Chrome/Firefox/MS Edge/Safari
  • IOS / Android for mobile application

User support

Email or online ticketing support
Email or online ticketing
Support response times
Critical issues < 2 hours
Others < 5 hours
Support is available 9 to 5 Monday to Friday. Critical issue support is available 24/7/365
User can manage status and priority of support tickets
Phone support
Web chat support
Onsite support
Yes, at extra cost
Support levels
Healthcare professional email support is available Monday to Friday 9 to 5.
Critical Issues - Response and resolution < 3 hours
Other Issues - Response < 5 hours, resolution < 5 working days.

User manuals and FAQs are available to cover common support questions.

HCP training is available (see pricing document)
Support available to third parties

Onboarding and offboarding

Getting started
Healthcare Practitioners - we provide training as well as train-the-trainer to enable all users to access the system

Patients - a get-started guide is provided
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
PowerPoint files
End-of-contract data extraction
We are a data processor, contracted to a healthcare provider. The healthcare provider decides which data to collect and the legal basis for collecting it. Patients are invited to use the service by the healthcare provider.

Data retention periods and end of service data management/transfer are covered in each contract. Options for data extraction include:
1. Continue to provide the Hosted service for use by the clinic only in a read-only format. Subject to a new agreement/contract covering this service with commercials and costs agreed at that time.
2. Continue to store data for archiving purposes instead of transferring it back to the customer. Subject to a new agreement/contract covering this service with commercials and costs agreed at that time.
3. Provide professional services to assist the customer in an orderly transition to any replacement system on an hourly charged basis at Innerstrength’s then current rates. Innerstrength will not be obliged to disclose any confidential information to the customer or replacement.
4. Return the customer data to the customer in an industry standard format requested by the customer; and/or destroy all copies of the customer data held by Innerstrength and provide the customer with written verification of such destruction.
End-of-contract process
The contract end service is defined in each respective contract and can include:

- Data return and retention periods
- Statistical analyses
- Extended contract to only include data storage

In the majority of circumstances data is returned and deleted.

Data is not returned to the patient by Innerstrength Health.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The web application is for Healthcare Practitioners

The smartphone application is for patients
Service interface
Description of service interface
The web application is for Healthcare Practitioners

The smartphone application is for patients
Accessibility standards
None or don’t know
Description of accessibility
The mobile app has been designed for mobile devices with capabilities for user accessibility.

We work with app users during initial design phases of our application in order to constantly imporve usability.
Accessibility testing
Currently we do not underake testing specific to users of assistive technology.
What users can and can't do using the API
All of the functionality of our applications is exposed through our secure APIs. Additionally, we expose custom integration APIs to support specific customer requirements.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
During the implementation phase, the customer can decide on:


These can be changed during the lifetime of the contract, by contacting the support team


Independence of resources
Our platform is hosted on AWS and is configured to provision additional resources as the demand on existing resources increases. This guarantees that load on any part of the infrastructure is maintained within its operating tolerances.


Service usage metrics
Metrics types
Usage metrics can be made available to customers upon request (this usually forms part of the contractual agreement)
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
All personally identifying and protected health information is encrypted at rest

Access is via individual logins

Access control is strictly monitored

User access is based on the least-privileges concept
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users cannot export their data. The service allows users to manually enter and review their data via web application or smartphone application.

Data export of users data can be requested by the nominated customer contact directly to support. We can then arrange for data to be exported and provided to the customer for delivery to the user.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Any manual transfer of sensitive information that may be required is achieved using password encrypted archives (zips etc..) using a secure transfer service provider (e.g.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Data is stored in AWS and is encrypted at rest

Availability and resilience

Guaranteed availability
Subject to contract. Typically 99.5% is guaranteed under our SLA
Approach to resilience
Our platform is hosted on AWS and is deployed in a minimum of 2 availability zones at any time. The service runs in a "n+1" redundant configuration such that if any component should fail, the service will remain operational and self "heal" by automatically replacing the impacted resource.
Outage reporting
We publish our status using a 3rd party availability monitor with global access checking.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
All access employs a role based security model that assigns appropriate priveleges to a user according to their role. Only specifc users are granted access to administrative and/or support interfaces.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
GDPR also working towards ISO/IEC 27001:2013 (ISO 27001)
Information security policies and processes
The Innerstrength Health Company Information Security Policy is followed by all staff members

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Innerstrength’s configuration management process for issue tracking, source code maintenance and documentation including changes relating to security patches and software components utilised in the product are detailed in our development process manual.

Our source code repository is linked directly to our issue management system. This guarantees each change to the codebase is recorded against a description containing the reasons for the change, code review process and any security considerations taken during implementation.

We have distinct development and production environments and Continuous integration procedures in place. Build tools are used to track build numbers and issue numbers within each build.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
In order to ensure vulnerabilities are tracked and monitored across all systems we maintain a vigilant approach that includes, external penetration and security testing, carrying out security reviews during our weekly planning sessions and our own internal security testing.

We also carry out code reviews so that code is critically viewed by other members of the team prior to commit.

We monitor security updates and advisories relating to our software components and deploy patches relating to these straight away.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
A full audit trail is kept of all application and user activity on Amazon AWS. All alarms and events are written to periodically rotated log files and persisted to secure S3 storage for retrospective analysis.

Automated alarms are used to notify us of any potential threats. Customers can also report any incidents directly to us.

Any notified threat is acted upon by the incident team and is remedied.
Incident management type
Supplier-defined controls
Incident management approach
An Incident Response Plan is detailed within the Innerstrength Health Information Security Policy. The Plan covers incidents of an electronic (e.g. an attacker accessing the network for unathorised/malicious purposes, or a virus outbreak) or physical (e.g. loss/theft of a laptop of mobile device). The Plan incorporates the following aspects:
- Incident Preparation (following guidelines and policies outlined in the Plan)
- Confidentiality of data
- Electronic Incident plan details
- Physical Incident plan details
- Notification of relevant parties, if applicable
- Managing risk

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£20 to £150 per licence
Discount for educational organisations
Free trial available
Description of free trial
We can provide a time-limited free version of our service in certain circumstances, for example for educational institutions and charities, where no development work is required.

Service documents

Return to top ↑