SurgiQ Ltd

SurgiQ service improvement platform

SurgiQ is a real-time platform for tracking and planning health and social care services in the NHS. Providing visual management of processes (including surgical and non-surgical pathways and waiting list) with a unique prioritisation method. Bringing fully audited data, tracked changes and automatic planning of resources (including theatres, beds, staff).


  • Demand management, forecasting and capacity planning
  • Real-time waiting list management, auditing and scheduling
  • Data-driven automatic planning of resources (theatres, beds, staff...)
  • Comprehensive data audit trail (who did what, when, why)
  • Unique prioritisation method which implements the NHS Constitution urgency classes
  • Web-based access and configuration for improved flexibility
  • Quick on-boarding and deployment, in-app training
  • Extensive use of standards and coding (ASA, ICD, OPCS)
  • Highly skilled information governance professionals, ISO 27001 certification in progress
  • Open to integration, uses industry standards (HL7) and APIs


  • Protection against waiting time breaches, patient stratification and easier reporting
  • Reduced LOS Length of stay, postponements and cancellations
  • Streamline the pre-op workup and the access to elective care
  • Improved team communication, roles and responsibility separation
  • Improved bed planning and theatre productivity
  • Improved access to data, forecasting and prediction of capacity needs
  • Improved transparency and equity, better information to patients, reduces out-of-area
  • Monitors pathways in integrated care settings and across organisations
  • Support implementation of ERAS GIRFT SWORD
  • Helps reduce unwanted variations and implement organisational changes


£25,000 an instance a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

9 4 1 3 3 7 3 2 6 7 2 6 6 5 0


SurgiQ Ltd Ivan Porro
Telephone: 020 7859 4632

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Patient Administration System, Electronic Health Record
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Typical deployment scheme is to embrace a public cloud first policy maintaining a clear separation between customers by means of adopting a Virtual Private Cloud architecture.
SurgiQ works with a range of selected partners.
Other deployments are allowed but must agreed during project scoping / assessment.
More information available on request.
System requirements
  • Any modern web-standard compliant browser
  • Web access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard SLA: Mon to Fri (excluding bank holidays), between 9:00am and 5:30pm. Time to first response: within 4 working hours. Time to resolution (critical): within 6 working hours. Time to resolution (non critical): within 32 working hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Assistive technologies are not implemented. The chat will link the user with a SurgiQ agent.
Onsite support
Yes, at extra cost
Support levels
Standard support levels ("critical" and "non-critical") are described in the Terms and Conditions document.
Support provided via email, telephone and online facilities. "Support tickets" will be allocated to a team of technical support engineers, with escalation to the Support Manager.
Cost of Standard SLA Support is included in cost of software use.
Support available to third parties

Onboarding and offboarding

Getting started
Online user guides and tutorials are provided. The product includes a Tour and a contextual help to facilitate first time use.
Up to 2 general audience Kick-off / launch meetings and up to 16 hours of class (max 10 students) training are included in the price.
Additional on-site training can be arranged at an extra cost.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Key data on processes is always downloadable via the web interface before the contract ends. Specific export can be arranged.
End-of-contract process
Service is terminated and all user access are disabled accordingly with a shared shut-off plan.
At an additional cost, data can be kept for a grace period after service shut-down. Otherwise data is automatically destroyed on service termination.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Tablet is the only mobile device supported.
Service interface
Description of service interface
A complete, real-time web platform to view and manage the fully audited data of the patient pathways.
Accessibility standards
None or don’t know
Description of accessibility
Increase/decrease font sizes using browser controls. Color is not used as a visual means of conveying information, except in charting for line colors, and in the patient scheduling simulator or in the waiting list order where however it is not the sole means. Audio is not used as a means for prompting the user to take any action, or for conveying information except in optional support videos. Clear labels and controls are provided when content requires user input. Any items in error are identified and the error is clearly explained. Errors and alerts do not rely only on color.
Accessibility testing
None done.
What users can and can't do using the API
HL7 v2.x standard messages API is enabled by default.
A FHIR interface can be enabled on request.
Custom integrations (REST API, SQL) can be enabled on request.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The onboarding process includes customisation of the pathways to client's needs. The platform also provides an administrator interface (web-based, integrated into the application) to customise several aspects and configurations (including user roles) provided the users have enough privileges (as defined during onboarding). Example: end user can configure when a theatre is available during the week, to which surgical services and for which specialties and admission types (or even procedure) it is made available, PAC opening hours, association between wards and hospital sites, etc.


Independence of resources
The service has been designed to scale to meet demand.


Service usage metrics
Metrics types
Access per users (unique users, unique work sessions); browser and device type statistics; number of patients managed. Others can be configured as part of the setup phase.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The web interface allows all processed data to be downloaded as Excel tables, the printing functions shows reports in PDF format.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Detailed SLAs are agreed with the customer at point of contract negotiation.
As a standard, service availability is guaranteed at 99% over a period of one year.
Approach to resilience
Available on request.
Outage reporting
Server or network outages are reported via the Service Desk Portal, as published on the SurgiQ support pages.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Access restrictions in management interfaces and support channels
Different modules of the platform may provide different access and authentication methods.
Role Based Access Control is employed.
The system presents information where necessary to users with granted permissions. All accesses are auditable.
Access restriction testing frequency
At least once a year
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Internal security policies, procedures and training. ISO 27001 in progress.
Information security policies and processes
Internal policy and procedures are followed. These are available on request.
The policy dictates Account and Password management requirements; Data handling procedures and Responsibilities; and Employee responsibility and issue escalation.
The security policies are disseminated to staff via internal training and any Information Security concerns are raised via the internal service desk software and escalated to the Chief Information Security Officer for immediate review. SurgiQ management reserves the right to conduct an internal audit on projects to ensure that best practice is being followed and policy is being adhered to.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Software versioning tools are employed. Change management is tracked via an internal change ticketing system. There is a Change Control policy for software versioning (available on request). Recent versions of system documentation are archived.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Non urgent software patches are released as scheduled upgrade. Any urgent software updates are applied as soon as regression testing is completed.
Potential threats are identified via the service support help desk.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
When potential risks are identified by us or notified by users, we escalate immediately to the relevant third-party supplier to respond. They would typically respond to a significant incident within 4 hour
Incident management type
Supplier-defined controls
Incident management approach
Incidents are reported by email or via online support desk system. The status and updates on the progress of incidents (or linked groups of incidents) can be accessed online with updates provided as per the SLA.
Issue resolution is supported by internal documentation and Knowledge Base for resolution of common problems. This documentation is reviewed by the delivery department.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
Health and Social Care Network (HSCN)


£25,000 an instance a year
Discount for educational organisations
Free trial available
Description of free trial
A free trial of the system is accessible online, on a shared demo environment, which shows a set-up configured for a surgical department, with waiting list, pre-admission clinic and overall pathway management to show process modeling capabilities.
A non-disclosure agreement is required to access the free demo.
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.