Medical Audits Limited

Provision of Healthcare Auditing, Surveillance and Quality Assurance Sofware

Bespoke mobile software platform, specifically designed for healthcare auditing and surveillance, delivering powerful relevant insights and detailed non-compliance follow up. Our suite of over 70 Audit & Quality Assurance (QA) systems are modular in design, allowing complete flexibility in system choice and seamless expansion when extra systems are added.


  • Clinical Audit software
  • Mobile Auditing and Reporting System
  • Real Time Digital Dashboards
  • Web Based Management and Reporting System
  • Data Analysis, patterns and trends
  • Inter-rater reliability testing features
  • Surveillance of HCAI
  • Compatible with smart phones, tablet computers etc.
  • Requires only intermittent Wi-Fi access
  • Integrated education and training system


  • Monitor and evidence compliance
  • Mobile auditing and surveillance functionality in one system
  • Immediate access to results on audit device
  • Support bedside learning and education
  • Tripled audit capacity - as reported by current users
  • Reduced HCAI and cost savings - reported by current users
  • Measure KPIs and Patient Outcomes
  • Huge time savings in data collection & report generation
  • Powerful education and training tool
  • Evidence compliance for CQC and NHS Improvement


£610 per unit per month

  • Free trial available

Service documents

G-Cloud 10


Medical Audits Limited

Ann Higgins

0121 2708865

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints Planned Maintenance;
Medical Audits will carry out planned maintenance without affecting service. Generally this will the carried out outside of office hours to ensure maintenance is during periods of anticipated low traffic and by carrying out planned maintenance on part, not all, of the network at any one time.
System requirements No System requirements other than access to intermittent WiFi

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We provide phone support Monday to Friday 9am to 6pm. We provide out of hours and weekend support by email.
We aim to respond to issues within 24 hours, although most issues are responded to on the same working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Hours of Support: Monday to Friday 9am to 6pm as part of a service level agreement.
Support facilities can include and is not limited to the following:

Helpdesk Support:
 Helpdesk support will be provided by telephone and email.
 When appropriate, we will endeavour to give an estimate of how long a problem may take to resolve.
 Medical Audits will keep the Customer informed of the progress of problem resolution.
 Our support staff will attempt to solve a problem immediately or as soon thereafter as possible.

Remote logged in support:
 Medical Audits, where necessary, can remotely login to provide support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started • Once a Medical Audit’s customer decides to implement Medical Audits TS+, we will immediately prepare their cloud environment, commence configuration and system set up and agree a training schedule to suit the customer.
• The new customer will supply basic hospital information to include in the system and agree set up and configuration requirements.
• The standard system set up and training approach is provided as per the pricing document.
• Our staff are highly experienced and have a wealth of expertise in change management and auditing processes. We therefore support a range of services which may be considered useful for end user engagement and process readjustment. These services are available based on specific customer requirements and are subject to the SFIA rate card.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction All our data is directly extractable into excel. Users can do this at any time during the contract or when the contract ends.
Our standard approach in line with our SLA is:
 To provide and offline the customer’s data.
 After 90 days (or earlier upon customer confirmation) the data in the data centre will be deleted.
 User accounts will also be deleted.
 Where applicable, decommissioned devices are formatted and physically destroyed to prevent any possibility of data being retrieved.
End-of-contract process All our data is directly exportable into excel and users can do this at any time.
Our standard approach in line with our SLA is:
 To provide and offline the customer’s data.
 After 90 days (or earlier upon customer confirmation) the data in the data centre will be deleted.
 User accounts will also be deleted.
 Where applicable, decommissioned devices are formatted and physically destroyed to prevent any possibility of data being retrieved.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile service has all the features of the desktop service. The user interface has been specifically designed and developed for mobile access on both phones and different sized tablet computers.
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Our software has been tested by users with visual impairment and mobile issues affecting the hand in real work settings with complete success.
Customisation available Yes
Description of customisation We set the system up with customers own wards, departments, layout etc. as part of implementation. The customer can then change the functionality and layout of rooms etc as the need arises. The customer can also change email recipients set up users and alter report features and outputs.


Independence of resources We utilise load balancing to manage traffic and distribute workloads across resources to ensure users aren't affected by the demand of other users. We have complete control over the maximum demand on our resources and can scale up as necessary base on the number of customers and their peak demands. For our customer this means a dynamically scaleable solution because users only consume the amount of online computing resources they actually want. We continue to monitor traffic on our servers and can increase the capacity as required thus guaranteeing users are unaffected by demands of other users.


Service usage metrics Yes
Metrics types We can provide data on storage usage. However we don;t charge customers based on the usage. We can provide data on users accessing the system dates, times and length of time accessing. We can also provide specific user data such as audit results by user and number of observations entered etc.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach All our data is directly exportable into excel by users at any time.
The process is very simple.
Service Migration:
Medical Audits commits to returning all customer data as requested. We are happy to support migration requests. Pricing for service is according to our SFIA rate card. ON request, data in our data centre can be deleted.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats Other

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Performance and Availability

The performance of the service is guaranteed 99.99% availability.

SaaS Updates

Licensed Customers will be entitled to receive Software updates when they are made generally available to Medical Audits TS+ customers.

Financial recompense is offered via Service Credits.
Approach to resilience Data centre set up is available on request.
Outage reporting Any outrages such as unplanned downtime are emailed directly to customers.
Urgent issues are phoned directly to the customer superuser.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Access to information is restricted to authorised users who have a bona-fide business need to access information and a formal policy controls access to management privileges which are on a need to know basis only. User accounts with special access privileges (e.g. administrative accounts) are not used for day to day basis and are used for the minimum time required to carry out the specified tasks.
Administrative access is reviewed on a regular basis. Passwords on admin accounts are changed every 60 days. A list of the people who have admin accounts is maintained and stored securely.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • Cyber Essentials Security Certified
  • ISO 9001 2015
  • IASME 2017

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards ISO 9001 2015 accredited company.
Cyber security certified; IASME certified. Medical Audits complies with relevant information security legislation including but not limited to Data Protection Act 1998, 2018, Computer misuse act 1990, the common law of confidence, the human rights act 1998 and the electronic communications act 2000.
Information security policies and processes Our Information security is managed and overseen by our technical director who has overall responsibility for security in the business. Our technical director is also our data protection officer. We have a standalone security policy that forms part of our ISO 9001 2015 accreditation document. This policy is reviewed as part of our ISO accreditation process and is also in the event of any security near miss or incident.
The policy is distributed to employees and directors at induction and is part of their contractual obligations. The policy refers to the following:
IPR and legal requirements- staff and personal security are included.
- Business continuity measures
- Security incident management
- Security from malware and intrusion
-Computer and network security
-Physical and environmental security
Asset management- staff have access on a needs only bases.
Access is controlled by strong user passwords and user access levels.
Access to premises is controlled by security locks, alarm, 24 hour CCTV etc.
Staff recruitment - reference checking, data protection, IPR, access codes passwords etc. are all included in personal security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach No new systems, new applications or system modifications are permitted without review and approval of our Director of Technology.
All Security requirements are checked and also managed and approved by our Director of Technology.
All changes to information systems applications or networks are approved by the Technical Director before implementation.
All non required standard software is removed from our devices as part of the device set up.
All auto-run programmes are disabled on configuration for use in the organisation.
All customer data is held on dedicated encrypted servers in Tier 2 server warehouse certified to ISO 27001
Vulnerability management type Supplier-defined controls
Vulnerability management approach A vulnerability scan is carried out biannually on our system. Potential new threats, vulnerabilities or exploitation techniques which could affect the service are assessed and corrective action is taken, All our computers are running windows 10 or windows 7 and are set to install updates automatically from Microsoft. Our Mobile tablets have our own operating system version in place and are supported and continually updated by our sub contracted IT provider. According to our strict change management process, known vulnerabilities are tracked by our Technical Director until mitigations have been deployed.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The web application uses Microsoft SQL database, protected from outside connections by the firewall, which is configured to only allow connections to the database from the web application. Event & log files are regularly checked for unusual activity. Anti-malware software installed on all computers & mobile devices an is set to auto update every hour. All the operating systems and hardware are supported by a supplier and have the appropriate licences. Malicious website protection is constantly enabled. Software is set to run anti-malware software daily against all stored data. Firewalls are used to protect the computer network and the devices.
Incident management type Supplier-defined controls
Incident management approach Users have access to a structured online incident reporting form. Process updates are fed back within publicised timescales.
Internally any events identified are recorded in an incident electronic log and reviewed weekly by the IT director to investigate any patterns or updates required or immediately for urgent events.
Predefined processes are in place for common events e.g.slowing of the web application ensuring incidents and near misses are reported to he director of IT and investigated. Records are kept of the outcome of all security incident investigations in accordance with our ISO 9001 2015 accreditation process.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £610 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial We are happy to provide a free trial of the software. The potential customer will be provided with the majority of the functionality of the system for an agree period of time. We provide onsite support for trials.


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑