Streamlined Forensic Reports
Our service quickly produces medical reports of an excellent quality as a more cost-effective solution for UK police forces. We ensure justice to victims of violent crimes by reforming the complex and inefficient processes of obtaining medical evidence.
Features
- Use of the medical SFR template to deliver medical evidence
- Monthly key performance metrics
- Integration with all potential sources of medical evidence
- Information governance: GDPR, Data Protection Act, ICO registration, Cyber Essentials
- Onboarding process for relevant hospitals
- A single, monthly invoice only charging for completed medical SFRs
- Real-time data management
- Provision of expert reports
- Delivery of Force education and training materials and sessions
- Single monthly invoicing with full MI data
Benefits
- Single point of contact for police officers’ medical evidence requests
- Reduction in average waiting times for reports
- Increase in charging decisions as a direct result
- Urgent service for out-of-hours charging decisions, available 24/7
- Secure on-line request portal accessible via website
- National standardised consent form
- Integrated images, body maps and 3D reconstructed images of wounds
- Management of a single supplier, improving operational efficiency
- Reduced secondary harm to victims of violent crimes
- Provision of disclosure statements, minimising challenges
Pricing
£65.25 to £290 a unit
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 6 2 2 2 9 4 9 4 0 4 6 2 8 2
Contact
STREAMLINED FORENSIC REPORTING LIMITED
Johann Grundlingh
Telephone: 07746646603
Email: johann.g@sfrmedical.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No such service constraints are identified. Planned maintenance activities will be conducted outside of working hours to have limited impact on the service. This will be communicated to the SPOCs.
- System requirements
- None, other than compatible browsers (Microsoft Edge or Google Chrome).
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Yes, we do provide email and on-call support (for both standard and urgent cases). The turnaround time is less than 24 hrs, and we have a specialist hotline to provide support for urgent cases which is available 24 hours a day, 7 days a week, 365 days a year.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- N/A
- Onsite support
- No
- Support levels
- Streamlined Forensic Reporting Ltd provide ongoing support through a dedicated Client Relationship Manager who will work alongside Police Officers throughout the provision of our service. They will assist with technical support and process direct requests for streamlined forensic reports using the Microsoft Dynamics customer management system. We do not have differing, tiered support levels – all customers are provided the same high level of support.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We provide PDF and video guides for different roles before onboarding a new customer. These guides are also available to the users of the service at any time and can be accessed directly through the SFR Medical portal. Moreover, we also offer and conduct training webinars for our services, which will be delivered live via video conferencing software by one of our Client Relationship Managers. Ongoing support is provided after go-live for any technical or operational issues.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- All data is stored in line with Forensic Capability Network, NPCC and current legislative data retention standards. Upon contract expiry, the SFR Medical team will download and provide the data to the Police Force single point of contact (SPOC). Client SPOCs also have access to all the case related data through their login, meaning they can also download it manually prior to termination of their account, if they decide to bring their contract to an end.
- End-of-contract process
-
The contract will expire on the natural end date of any specific contract called off against the framework. If no renewal is agreed and the Customer continues to access the Contractor’s services, the terms of this agreement shall apply on a rolling basis until the overarching contract expiry date.
Persistent failure by the Contractor/Subcontractor to meet agreed service levels as specified within the SLAs and KPIs may lead to the contract being terminated or alternative Contractor(s) being appointed to maintain levels of service.
Prior to early termination the complaints and escalation procedure should be followed to attempt to resolve any issue. Should suitable resolution not be achieved, the Customer will be allowed to terminate the SLA immediately.
Existing requests for SFRs issued prior to notice of termination shall be completed as if the Agreement were still in force. No new request for SFRs will be issued after service of notice of termination unless specifically agreed between the parties.
Upon termination, data will be deleted if requested by the Police Force, and SPOCs will be able to download all force specific data into their systems. They can request for further granular data to be provided by SFR Medical upon termination.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The SFR Medical portal has been developed using responsive design, ensuring no loss of functionality as a mobile site. The portal can be accessed through mobile devices in the same way as the desktop version, ensuring it provides same services as the web portal.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- The SFR Medical portal utilises a web-based visual interface, allowing easy navigation of service features and areas. Reports are visualised using the SFR template, now nationally approved following collaboration with the Forensic Capability Network (FCN). Medical evidence is a combination of medical records and medical statements. The medical statements produced are in the format of either an SFR1 (MG22B) and SFR2 (MG22C or MG22D) and in some circumstances an MG11. They are typed, jargon free, structured in an easy-to-read format and comprise all information from the multiple medical institutions and medical specialties a victim was assessed and treated by.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Our web-based interfaced was developed in line with WCAG 2.1 AA standards, with a pilot program conducted during development alongside selected Police Forces to ensure compliance before the service was launched.
- API
- No
- Customisation available
- Yes
- Description of customisation
- Upon request, SFR Medical can customise some portal features for each Police Force. This includes changes to the logo, nomenclature, specialist documents required, and approver details. These changes and customisation options can be requested though the force’s Client Relationship Manager, who can be contacted directly through email or telephone.
Scaling
- Independence of resources
- Usage is based on licences. 5000 users can use the system based on one licence. The SFR Medical portal is designed to be scalable and, our IT team ensures that we are able to maintain the capacity to serve all SFR Medical customers without downtime or reliability issues.
Analytics
- Service usage metrics
- Yes
- Metrics types
- User metrics available through the SFR Medical portal include analytics reports (aggregated), user logs (If requested through the Client Relationship Manager), and access logs with IP addresses if requested (real time accessible to SPOCs via the portal).
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Each Police Force’s single point of contact can export data based on a range of parameters, including date range, requesting officer, request progress and multiple other parameters.
- Data export formats
-
- CSV
- Other
- Other data export formats
- XLS
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- JPEG
- DOCX
- TIFF
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Our service is available 100% of the time (day and night) specially to cover urgent requests. In case of any downtime, the services still continue with all necessary business continuity processes in place to shift from Portal to emails and phone calls in the meantime. We have reduced the average waiting time for medical statements from over 3 months to less than 10 working days. If there is a suspect in custody or if there is a trial in the next 7 days however, our urgent service endeavours to complete requests within 24 hours (and if relevant before the PACE clock ends). Our current turnaround time for our standard service is between 2 and 8 working days, and for our urgent service between 2 hours 48 minutes and 5 hours 30 minutes.
- Approach to resilience
-
Microsoft ensures that the data at its data centres (data at rest) and data in transit are encrypted to minimise security risks. Microsoft Dynamics follows industry standard encryption protocols and provides strong access management through multifactor authentication and Azure security centre. Microsoft Cyber Defence Operations Centre (CDOC) protects Microsoft’s Cloud infrastructure and customers from evolving threats.
We have business continuity and disaster recovery plans (tested regularly) in place to continue providing services in the event of disaster/ breach/ impact to regular processes.
All sensitive data is stored on an NHS One Drive/ Microsoft Dynamics UK data centres and accessed by authorised SFR Medical staff only via company provided security enabled laptops or Azure virtual machines (VMs). This ensures that:
• Users cannot copy or store any information outside of the Organisational network
• Access to emails and virtual machines is granted to only those who need it, and who have been approved by the CMO and CTO
• Multifactor authentication (per NHS digital guidelines) is enabled for emails, One Drive, VM access and applications to ensure additional security against potential cyber-attacks - Outage reporting
- Any outages are communicated to a Police Force’s SPOC. We have not had a scenario yet but in the event of an outage, we have procedure to publish it on the Portal.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Limited access network (for example PSN)
- Access restrictions in management interfaces and support channels
-
There are various roles defined within the SFR Medical Portal for the Police Officers, SPOCs, Supervisor etc. By default, a user, upon registration, has the Officer role which can be upgraded:
1. To a supervisor through a checkbox on the Portal and
2. To a SPOC by an email to SFR Medical team from the Police Force existing point of contact - Access restriction testing frequency
- At least once a year
- Management access authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Approachable certification https://approachable.uk.com
- ISO/IEC 27001 accreditation date
- 20/12/2021
- What the ISO/IEC 27001 doesn’t cover
- The information security system covers the provision of medical evidence from the NHS to enable UK police forces to charge and detain criminal suspects, as stated on Statement of Applicability version 3.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- Penetration Testing
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Pen Test, NHS Data Security & Protection (DSP) Toolkit and Cyber Essentials accreditation. All personnel are vetted to NPPV2 or NPPV3 standard. Our service has been approved as a permitted method of emailing personal identifiable data (PID) or confidential data in the UK (NHS Digital).
- Information security policies and processes
-
The following are applicable to our Data Protection policies, operating in line with the Data Protection Act 2018 and GDPR; ISO/IEC 27001 standard clauses 5.2 and 5.3, ISMS Scope Document Risk Assessment, and Risk Treatment Methodology Statement of Applicability Register of legal, contractual, and other requirements. We have defined information classification, incident management processes and relevance access control, monitoring processes in place to ensure information security. We are certified with ISO 27001.
Responsibilities for the ISMS are undertaken by the following:
The Chief Technology Officer (CTO) ensures that the ISMS is implemented and maintained and for ensuring that all necessary resources are available.
The compliance officer must review the ISMS at least semi-annually, or each time a significant change occurs. The purpose of the management review is to establish the suitability, adequacy, and effectiveness of the ISMS.
The compliance officer will implement information security training and awareness programs for employees.
The protection of integrity, availability, and confidentiality of assets is the responsibility of the owner of each asset.
All security incidents must be reported to the CEO. CTO will define which information related to information security will be communicated to interested parties (both internal and external), by whom, and when.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Changes are tracked using Microsoft Planner (priority based) and are communicated and approved with all stakeholders via a call to the Change Approval Board. We also have update release communication sent over both email and Microsoft Teams channels to communicate any planned change and the migration status of the update. Changes are tested prior to release using unit and UAT testing. Changes migrate over non-working days unless urgent (Priority 1).
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Threats are identified in advance during our regular risk assessment process. Risk planning involves conducting a risk assessment, developing risk treatment methodology, and determining a risk mitigation plan. This is conducted by calculating the impact and likelihood of a risk and thus defining the severity to create a mitigation plan. The Microsoft Security Centre is also used for monitoring and addressing any potential risks in advance.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- SFR Medical has an Incident Tracking Register which is used to track any registered incidents requiring action. Incidents and issues can be reported through our Security email or through our Teams channel for internal report. Additionally, the Microsoft Security Centre will also flag up potential threats. We also have multiple communication lines for users to report an incident through the ‘Contact Us’ option, which has an SLA of 1 day or quicker based on severity.
- Incident management type
- Supplier-defined controls
- Incident management approach
- SFR Medical has an Incident Tracking Register which is used to track any registered incidents requiring action. Incidents and issues can be reported through our Security email or through our Teams channel for internal report. We also have multiple communication lines for users to report an incident through the ‘Contact Us’ option, which has an SLA of 1 day or quicker based on severity.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
SFR Medical is a med tech organisation providing medical evidence to police forces, assisting them in their investigations and prosecution of violent crimes. It is commissioned by police forces, facilitating the transfer of medical reports relating to injuries sustained by a victim, which are undertaken by healthcare professionals.
Research undertaken by SFR Medical has found that, on average, it takes 67 days to obtain a medical evidence report. In some cases, this waiting time has led to secondary patient harm. The service provided by SFR medical aims to reduce waiting times by >90% against the average for medical evidence reports, thus improving the chance of justice for victims of violent crimes.
In the course of the delivery of services it reduces and eliminates the usage of paper based reports while also reducing the physical need for the police forces to drive to the hospitals to obtain the medical evidence report in person.
Being a remote work from home only business it also eliminates the need for employees to travel to a place of work spending time, fuel and energy in form of various modes of transport.
These efforts greatly reduce the carbon footprint of our clients and SFR Medical. Based on the above benefits, our service is considered to be carbon neutral and when combined with the effects on our clients it can considered to be carbon negative.Covid-19 recovery
SFR Medical has been a premier in the conception of a digitised medical evidence delivery to the police forces.
The business ensured that the very need of physical collection of evidence from the hospitals is eliminated and it has been instrumental in helping the police forces and the NHS in deliver services remotely. This leads to less physical contact, reducing the transmission of new Covid 19 cases as well as adopting new ways of working. We provide a unique work from home setup, whilst maintain employee economic contribution. This includes support for people who may suffer from long Covid as well as supporting groups of people who may have been disproportionately affected by Covid.
The business not only has helped recovery from Covid 19 by ensuring the reduction in physical contact within the workforce and external stakeholders but is also very well prepared for any similar pandemic that may happen in the future. Our company is resilient in preparing for similar future situations.Tackling economic inequality
Services of SFR medical have been carefully planned and designed to help the police forces deliver a speedy justice to the victims of crime, regardless of economic standing.
Having a purely digital, cloud-based solution, SFR medical enables the police forces to provide a standardised solution, agnostic of cultural or economic background, within the purview of the justice system.
Products and services make no distinction between the economic status of the victim thereby enabling a fairer society in the process of delivering its services, ensuring justice for all.Equal opportunity
The work ethic at SFR medical starts with HR and all departments ensure a fair treatment of all stakeholders (internal and external). Employees, being the key stakeholders in the work delivery, are ensured to have been selected via a fair and an equitable process enabled by a strong HR system in place. Going a step further, all aspects around the management of employees is governed by a transparent process with adherence to best practices, feedback, appraisals, review meetings and regular audit. All workers have the same access to opportunities and our EDI (Equality, Diversity and Inclusion) champion ensures adherence to our policies.
When it comes to external stakeholder, the services that SFR medical provides does not discriminate in any way w.r.t the size of the customers or any other parameter whatsoever.
The above are some of the few endeavours taken to ensure that SFR medical is an equal opportunity provider and follower w.r.t its stakeholders.Wellbeing
Wellbeing has been the heart of the business at SFR medical. CEO and COO of the organisation having been accomplished medical practitioners themselves have ensured that both the strategic and operational processes consider wellbeing as core to the success of the organisation. Our focus on well-being has a crucial part of the organisation, with access to mental health support, health insurance, flexible working and various other opportunities. There is regular teaching on medical conditions, challenging subjects such as data protection and opportunities for employees to voice their opinion in safe environments.
Regular training and surveys are conducted to ensure people’s well-being is monitored and acted upon quickly if any concerns arise.
Pricing
- Price
- £65.25 to £290 a unit
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- There is an option which Police Forces can chose to take a free trial for a certain number of cases with us. We have also run some pilot programs with Police Forces as a test run for our finalised services. These pilots are highly feedback oriented.