VDT: Clinic Booking Platform

VDT from Tango3 is a cloud based platform for appointment booking and clinic management. User focused, it enables self booking of appointments, as well as rescheduling, and cancellation. With simple management of:

Multi-stage vaccinations, eg. Coronavirus,
Booster vaccinations,
Staff vaccination,
Home visits,


  • Automated SMS/emails to invite and remind patients to book
  • Easy to use Admin system to support patients with booking.
  • Build complex vaccination programmes using simple, clear rules system.
  • Supports cohort based exceptions to rules to meet operational needs.
  • Real time performance reporting and analytics dashboards with email reports
  • Automated route planning tools for efficient management of home visits.
  • Supports multiple sites and clinic types within a single system.
  • Automated auto-scaling to meet patient demands.
  • Co-developed with NHS and Local Authorities for mass-testing and vaccination
  • Fully hosted with no software installation requirements - quick implementation


  • Allows users to easily manage and reschedule appointments reducing DNA's.
  • Reduces errors managing the complex tracking of high volume activities
  • Reduces admin costs by allowing patients to self book.
  • Allow admin teams to focus on hard to reach patients.
  • Data insights to monitor engagement, experience and operational performance.


£500 to £10,000 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@tango3.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 8 3 4 8 5 1 3 3 1 6 2 6 7 2


TANGO3 LTD Mike Trebilcock
Telephone: 07542819036
Email: hello@tango3.co.uk

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Modern Web Browser (Chrome / Edge / Firefox)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response within one working day, between 9am and 5pm, excluding weekends and UK bank holidays.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
In addition to standard support, a dedicated technical point of contact will be provided and available Monday to Friday 9am - 5pm.

Higher levels of support can be arranged at extra cost to support significant activity or vaccination programme changes as required.
Support available to third parties

Onboarding and offboarding

Getting started
Onboarding process is flexible to support users needs. Onsite training is subject to additional costs.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data extracts of all user records is provided free-of-charge at the end of the contract
End-of-contract process
Extraction of user appointment records
Deletion of user data

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Patient booking app is a responsive web app, focused on users accessing the system from a link in an email or sms.

Admin app targets a browser on a desktop.

In both cases, all features are built with responsive technologies in place meaning that the information will recognise the nature of the device it is being run on, its resolution and will scale automatically
Service interface
User support accessibility
None or don’t know
Description of service interface
Admin and Booking apps are accessed as a normal website via browser.
Accessibility standards
None or don’t know
Description of accessibility
Admin and Booking apps are accessed as a normal website via browser.
Accessibility testing
We have not performed any testing with users of assistive technology.
Customisation available
Description of customisation
All customer facing apps can be customised with logos, brand colours, questions and text. Additionally, Domain URL's and message from Email addresses can be customised.

Administration app configuration options include:
• Vaccination programmes
• Data retention period
• Email and SMS message content
• User access and permissions


Independence of resources
System is architected to auto-scale as needed.


Service usage metrics
Metrics types
Number of users at each stage of booking and attendance process.
Number of SMS and emails sent
Users with invalid contact details
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
CSV export of data available on request.
Data export formats
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XLSX

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
If service availability falls below 95% over a one month period then users will be refunded for this period. Availability excludes agreed deployment and maintenance.
Approach to resilience
Available on request.
Outage reporting
Email alerts are provided to users.

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
Email based authentication with single use links
Access restrictions in management interfaces and support channels
Access is restricted by integration with third party systems or username and password.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Internal Policy
Information security policies and processes
Staff receive regular training on security policies. Automated code analysis is performed as part of software build process. Policies include reporting to board level.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Requirements/defects and software development are tracked in a single unified system. Changes go through an approval and peer-review process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All changes are assessed against the OWASP Top Ten at the development stage.
High priority changes are deployed rapidly after the approval and review process.
Static code analysis for vulnerabilities.
Automated monitoring of open-source dependancies for updates and security issues.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
System administrators are notified automatically of potential security compromises. Incidents are triaged and resolved along standard support procedures.
Incident management type
Supplier-defined controls
Incident management approach
We have automated monitoring and alerting that alerts us to most incidents and allows us to react as quickly as possible.

Incidents can be reported by the customer through email or phone support.

The goal of incident management is to restore normal service as soon as possible. The following incident management process outlines the steps to restore operation to normal:
• Incident identification
• Incident logging
• Incident prioritisation & categorisation
• Investigation to identify issue or cause
• Fix and close identified issue
• Provide reports incident reports where required

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value



Make participation in vaccination and testing programmes easily accessible to staff groups and citizens.


£500 to £10,000 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
Full system use for 1 month. SMS charges will apply.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at hello@tango3.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.