Skip to main content

Help us improve the Digital Marketplace - send your feedback

SRCL LIMITED

My Surgery Website

Provision of GP Practice Websites for communicating with and collecting data of patients, appointment making, medication ordering, online consultation, digital triage and signposting along with advertising the services of the practice.

Features

  • Responsive web design for all devices
  • Clinical system online services integration
  • Syndicated NHS health & wellbeing centre
  • Easy to update, anytime, anywhere
  • WCAG 2.1 (AA) compliance
  • Centralised group management
  • User Way technology built-in
  • Smart online forms
  • Designed to active signpost patients to relevant services
  • Patient digital triage

Benefits

  • Reduces the footfall at the practice
  • Increases access for patient
  • Patients are signposted to relevant services
  • Enables social prescribing model of care
  • Simple to use
  • Automatically updated to comply with latest legislation

Pricing

£525 to £1,375 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.twells@stericycle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 5 6 9 1 9 6 0 9 8 5 8 2 9 3

Contact

SRCL LIMITED Michael Twells
Telephone: 07595033735
Email: michael.twells@stericycle.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Private cloud
  • Hybrid cloud
Service constraints
There are no constraints on using the My Surgery Website. It fully supports all web browsers (incl. IE11 and above) and mobile devices. Maintenance windows are outside of core hours.
System requirements
  • Internet access
  • Up to date browser

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Support queries are monitored Monday to Thursday 9.00AM to 5.00PM and Friday 9:00AM to 4:30PM (excluding bank holidays).

Support tickets are instantly acknowledged and customers issues a unique reference ID. A support engineer will contact the customer within 24 hours if they need further information, with resolutions confirmed or resolution time agreed within 48 hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Support queries are monitored Monday to Thursday 9.00AM to 5.00PM and Friday 9:00AM to 4:30PM (excluding bank holidays).

Support tickets are instantly acknowledged and customers issued a unique reference ID. Tickets are allocated on a first come first served basis by a department of technical support engineers.

The service has two support levels;

Basic: Reporting and investigation of service level issues e.g. bugs in software, included in the annual price for the service.

Enhanced: Completely managed service e.g support engineers will make any change to the service a customer requires using the services editorial suite of tools (an additional annual fee of £100 per annum applies).
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Customers are fully supported in the set up and configuration of the service. During the sales process the customers are asked to pick a base template for their website or request a bespoke layout and for any additional requirements. The base template is populated with relevant customer specific information (as provided by the customer) and any additional configurations made to meet the customer requirements. Our support team liaise with the customer, refining the website until the customer is happy with the service and give approval to publish the website.

Online training can be arranged as required, however our system is designed with intuitiveness and user-friendliness in mind. Full documentation for system configuration and workflows is provided in online help guides.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Users have full access to their data when they are in contract with us and will work with them to retain access once the contract has ended.
End-of-contract process
The customer subscription, training, documentation, support (if applicable) and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew they are required to give 90 days notice. On the subscription end date or date requested their domain will be transferred to their new provider, all data is archived and then securely deleted after a predefined period.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
My Surgery Website comes with inbuilt responsive designs so it is optimised for mobile devices and desktops. The mobile version will include all the features of a desktop version but will re-size content including media like videos and fix them according to the size of mobile device.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service can be accessed via a web browser interface. Supported browsers are Internet Explorer 11, Microsoft Edge, Firefox, Chrome, Safari and Opera. The service has been designed to also be used on mobile devices.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Platform has been tested using multiple accessibility compliance tools such as aXe.
API
No
Customisation available
Yes
Description of customisation
The user can choose from multiple design templates as a starting point, and from there they have access to tools to customise their website as much as they like.

The user can customise their own website or ask our support team to do it for them if they have purchased the relevant level of support.

Scaling

Independence of resources
We have over a 50% resource buffer on our platform to cover anomalous spikes in use. We monitor the systems for average use, and have the capacity for growth if and when needed.

Analytics

Service usage metrics
Yes
Metrics types
The customer can add their own google analytics or google tag manager code to their website and track their website usage.

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Software Encryption
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Form and Survey results can be exported as PDF files
Data export formats
Other
Other data export formats
PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • DOC
  • DOCX
  • PDF
  • JPEG
  • JPG
  • PNG
  • TIFF

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.9% up time guarantee
Approach to resilience
Available on Request
Outage reporting
If there was an unplanned service outage we would contact affected customers via an email alert and help centre notifications. Affected customers would also see in application information alerts.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management portal is limited to internal access via our private network/VPN Tunnel, additionally requiring specific user group permissions, and still requiring a username and password.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Wordplay
PCI DSS accreditation date
07/10/2021
What the PCI DSS doesn’t cover
N/A
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
DSP Toolkit

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Our security governance is subject to best practice and leading industry standards but not officially accredited
Information security policies and processes
Our security policies are independent and in-house but ensure:

Authorised access is enforced,
All sensitive data is encrypted and verified,
All access is recorded and audited,
All data is transferred securely
All security incidence are reported and investigated, any remedial actions are taken.

All incidents are reported to the VP of Data Protection, who reports in to the VP Regional General Counsel Compliance Officer, who then reports in to the company board.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Software changes are subject to a standard requirements definition process and reviewed by senior functional and security design resource before being approved for development. Once developed, changes are assigned to a specific release, with this release passing through a defined 'path to live' - escalating from development to test environment before being placed in a stage environment for final checks. New changes, once developed are reviewed by a security test specialist and also subject to ongoing vulnerability scanning and penetration testing.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We subscribe to several security information outlets to help remain agile in response to emerging threats. Our third party host also keeps all clients informed of identified threats and remediation. We do standard patching on a monthly basis and have procedure in place for "emergency patching" if necessary.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Have third party threat solution that does regular scanning of the system and we receive alerts if a threat is found. We would respond immediately to any realised threat.
Incident management type
Supplier-defined controls
Incident management approach
User are able to report any incidents through normal customer service channels, and we will follow our triage process - escalating to relevant mangers etc where necessary. Any reports will be distributed to relevant parties.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Internally, we have continued efforts to minimise the environmental
footprint of our operations and conserve resources. We have numerous programs in place or under evaluation to minimise our use of natural resources and reduce the impact of climate change.

We are working with our hosting partner Rackspace to reduce our environmental impact and encourage them to reduce their to fight climate change. Through the delivery of cloud services to our customers, Rackspace Technology is contributing to an overall reduction of energy consumption. In addition, by moving companies to shared resources and facilities, cloud adoption helps to reduce the number of duplicate, energy-hungry data centres across an enterprise. Customers who decide to move their data to the cloud with Rackspace Technology have a variety of options to help them further reduce their carbon footprint. The sustainability and financial benefits from cloud migration vary, depending on which cloud a customer selects, the level of cloud optimisation, and whether the customer uses any sustainability innovations powered by the cloud.

Pricing

Price
£525 to £1,375 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.twells@stericycle.com. Tell them what format you need. It will help if you say what assistive technology you use.