Skills for Health

Doctors Rostering System (DRS)

DRS offers an integrated approach to staff rostering that can roster all medical staff across all specialties and departments in your organisation, including anaesthetics. The easy to use system ensures compliance with all current medical contract rules and guidelines and includes an integrated exception reporting functionality.


  • Design 'Working Time Regulations compliant' patterns for junior doctors
  • Check compliance against 2016 junior doctor contract
  • Calculate pay elements associated with work patterns
  • Allow junior doctors to submit exception reports
  • Allow supervisors to take action on exception reports
  • Guardian of Safe Working Hours dashboard
  • Exception report data export for payroll
  • Web-based access from any location
  • Mobile-friendly interface for exception reporting
  • Roles and permissions to restrict access


  • Prevent fines for breaches of 2016 junior doctor contract
  • Ensure compliance with Working Time Regulations (WTR)
  • Ensure accurate salary calculation for doctors
  • Quickly resolve hours and education issues raised in exception reports
  • Central dashboard for Guardian of Safe Working Hours
  • Reduced administration for payroll through export of additional payments due
  • Easily track time off in lieu accrued
  • Full installation, training and support available


£6500 to £8750 per licence per year

  • Education pricing available

Service documents


G-Cloud 11

Service ID

8 1 0 9 1 5 6 5 5 6 2 9 8 5 5


Skills for Health

Ella Talbot

020 3074 1253

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Our system is designed for ease of use across all sectors and there are very few constraints to our system.
Buyers should access the service through modern browsers (IE9+, Edge, Firefox or Chrome).
Our helpdesk operates Monday to Friday 9-5pm UK time.
Planned maintenance takes place out of hours and the dates and times are communicated well in advance.
System requirements
  • Supports all modern browsers IE 9 and above
  • Latest versions of Firefox, Safari and Chrome
  • Accessible by PC, tablet and Smartphone
  • Internet connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have 4 incident response levels:

Level 1 (Urgent): Respond within 1 hour
Level 2 (High): Respond within 1 hour
Level 3 (Medium):Respond within 4 hours
Level 4 (Low): Respond within 8 hours

This service desk is manned from 9am to 5pm, Monday to Friday.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
At implementation of the system Skills for Health provides two levels of implementation support. We operate a Train the Trainer policy that aims to enable organisations to be advanced users of the system following installation, who then support the roll out and use of the system for new staff in the future.

Level One includes a basic level of support and on site days but assumes the project management of the system introduction will be managed by the organisation.

Level Two includes a full package of support and on-site days that includes project management support and communication of the system across the organisation.

There are a standard number of support days included in the licence for each organisation, in addition to the implementation. These can be used for refresher training and training in the development of more complex rotas.

All licences benefit from unlimited access to our helpdesk and support team.

All customers have access to a User Group with quarterly meetings. In addition Skills for Health provides a minimum of two free regional training workshops each year.
Support available to third parties

Onboarding and offboarding

Getting started
Skills for Health operates a Train the Trainer approach that aims to train a small number of staff to be advanced users of the system and be able to support the roll out of the system across the organisation. This reduces the cost of future training for the organisation.

At the initial implementation phase all training is done face to face on site. Group training sessions are organised so staff learn from each other and support each others training. Training is done within the system with 'real' data so staff leave with rotas already created for their department.
Initial training is followed up by further on site training over a period of weeks to ensure all staff are confident in the system.

The system includes contextual help for staff so no paper based work books are required. Staff will be invited to the regular User Group meetings and free regional workshops to meet other users and share ideas.

Staff have access to the Helpdesk and second line staff if they encounter any problems after installation. Our standard contract includes further support days to be used by the organisation over the coming year.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the end of contract the system's in-built reporting can be used to extract all relevant data prior to access being terminated. Clients retain ownership of all their data within the system.
End-of-contract process
Prior to the end of the contract the organisation will be contacted regarding their options. The organisation can opt to re-sign or end the contract.

If the organisation opts to end the contract they will be supported to extract the data from the system and following the end of the contract all data held within the system by Skills for Health will be wiped. No data is held within the system following the end of a contract.

If the organisation wish to hold historical data within the system for a period of time after the end of the contract this will be subject to an additional charge.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
DRS includes responsive screens that scale down presentation of data to the relevant screen size. Doctors and supervisors can easily access the system on smartphone/tablet to submit and review exceptions, ensuring quick submission and resolution of issues raised by doctors relating to their working hours or education.
More complex tasks such as work pattern design can be undertaken but we recommend using a device with a larger screen so more data can be displayed without the need to scroll.
Service interface
Description of service interface
Doctors Rostering System (DRS) provides a Service Administrator User Interface that is intuitive and easy to use. Both DRS and Realtime Rostering were built in consultation with key NHS users.

DRS does not differentiate between system administrators and service administrators.
The role of service and system administrators are combined in the system under the role of organisation administrator.

DRS allows individual organisations to make cosmetic changes, add and amend branding unique to their organisation. NHS Trusts and Boards can (and frequently do) add their own branding to interfaces.
Accessibility standards
WCAG 2.1 A
Accessibility testing
DRS is tested with a range of assistive technologies, including screen reader, sticky keys, high contrast colour schemes and scrollable zoom.

DRS has been tested and is fully compliant with;

• BS EN ISO 9241-7:1998 (requirements for display with reflections)
• BS EN ISO 9241-8:1998 (requirements for displayed colours)
• BS EN ISO 9241-9 (‘Click and drag’, pointing, direct pointing and selecting)
• BS EN ISO 9241-4:1998
• ISO IEC 9995:1994

Skills for Health's product development team is responsible for system design. The team uses different techniques to ensure a good ergonomic and person-friendly offer.

We involve super users, roster managers and customers to refine, test and improve our designs. Our design process is iterative and agile to ensure refinement and feedback.

DRS is designed to be specific and unambiguous so that users can develop knowledge of the system quickly and put that knowledge to practical use.
Customisation available
Description of customisation
Although the system is largely based around the national junior doctors contract and as such is standardised, certain elements of the system can be customised. These include being able to define locations for multi-site organisations and customising the approval permissions for exception reporting.


Independence of resources
Our systems use a load balanced virtual environment where capacity is continually monitored on a pro-active basis, and additional capacity can be instantly provisioned if needed during spikes in usage.

Network connectivity to the data centre is provided through several redundant backbone providers to ensure sufficient network capacity to the environment.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Work patterns designed in DRS can easily be exported to PDF to be attached to doctors work schedules. CSV exports of exception report data can be produced to allow further analysis of data and to help reduce the administration needed to produce monthly payroll information for additional hours worked by doctors.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% availability with agreed periods of downtime scheduled in advance during out of hours periods for essential maintenance where required.
Approach to resilience
Skills for Health use a private vmware environment in an industry leading provider's ISO27001 UK based data centres. Our virtualised environment provides n+1 resilience to ensure that hardware failures have no impact on the application or data integrity, and our vmware environment uses Distributed Resource Scheduler (DRS) / High Availability (HA) to ensure resilience against failures. The environment includes a disaster recovery environment at a second geographically separated data centre to allow for failover in the event of an incident affecting the primary data centre.
Outage reporting
Email alerts would be provided to designated contacts in client organisations in the event of unplanned downtime.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
User roles and permission sets are used within the system to ensure that organisations can maintain control of the scope and nature of actions that users are able to perform within the system.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
This certification covers our hosting provider's data centre, where all client data is held.

Separately, we are also ISO 27001 certified across our business.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
  • NHS Information Governance Toolkit Level 2
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
HSCIC Level 2 IG Framework
Information security policies and processes
We are compliant with the Health IG Framework (HSCIC) and are ISO 27001 certified.

We have a comprehensive IG policy and a suite of polices supporting it:

- Information Governance Policy
- Data Protection and Confidentiality Guidance
- Data Protection and Confidentiality Policy
- Information Risk Management Policy
- Information Security and Incident Reporting Procedure
- Information Security Policy
- IT Acceptable Use Policy
- Risk Management Policy

Our ISMS board , established by our CEO and Executive Team and approved by the Governance and Audit Committee on behalf of the Board, leads the SIRO by overseeing and advising on IG compliance, development and performance.

The key areas of responsibility are:
- coordinating, publicising and monitoring standards of information handling within the organisation, developing and implementing the IG improvement plan
- ensuring that IG Toolkit Assessments are completed
- defining and documenting requirements for system and user access controls
- monitoring ICT networks and for reviewing information flows to identify any overseas transfers and ensure.
- arranging appropriate IG training for all staff
- maintaining up to date IG information and guidance on the staff intranet.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All changes to our environment go through a formal change control process with full rollback plans and risk assessment. The components of the environment are regularly reviewed to assess their continued suitability and upgraded as part of a planned replacement program.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our hosting environment's support services include threat monitoring, as well as operating system and other component patching to ensure quick response to any emerging threats. At an application level regular vulnerability assessments are used to identify any potential application-level weaknesses.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Our hosting partner is an ISO27001 certified market leading provider, and their services include proactive monitoring and response to threats 24/7/365.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We proactively monitor the whole environment to detect potential incidents and respond to these before they impact on end users. Where users do encounter incidents their is a dedicated telephone line to report incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
NHS Network (N3)


£6500 to £8750 per licence per year
Discount for educational organisations
Free trial available

Service documents

Return to top ↑