X-on

Surgery Connect

X-on are providers of secure, flexible and cost effective telecommunications with particular focus on healthcare.

We design, host and deliver cloud services including clinical software integration and video consulting from our UK data centres, designed from the ground up with security of data and standards compliance at the forefront.

Features

• Automated Patient Callback improves patient experience when calling the practice
• Live view of staff availability and call traffic.
• Realtime update of messages heard by inbound callers.
• Use hardware telephones or on screen softphones
• Integration with healthcare clinical systems.
• Realtime data reporting and call recording, 3 year data retention.
• Video calling solution
• SMS and photo request features

Benefits

• Specialising in NHS Primary Care.
• High Availability Telecommunications with no capacity constraints.
• Complete telephony solution from a single supplier.
• Promotes working at a PCN level.
• Allows staff to work in practice, across site or remotely.
• Free unlimited calls to UK landlines and mobiles.
• Futureproof with a continual development process in place.
• UK based Support accessible 24/7.

£15 to £27 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@x-on.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

299704403170837

Contact

Sales Team
0333 332 0000
sales@x-on.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None.
• System requirements:
  • Integration runs on Windows 7, 10 or 11 Operating Systems
  • Integration must have a supported clinical system installed on PC
  • Web portals run on modern browsers (anything but Internet Explorer)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide phone support 24 hours a day, 7 days a week. ; ; Customers can also contact us via our online support portal available to all customers. Our SLAs are below - ; ; Minor Problem - 4 hours to respond, 8 hours to fix; Serious Problem - 1 hour to respond, 4 hours to fix; Critical Problem - 15 minutes to respond, 1 hour to fix
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a single level of support to all our customers, 24 hours a day, 7 days a week. This level of Support is all part of the standard package so there is no additional charge.; ; Customers can contact us via phone or via our online support portal.; ; As part of implementation we provide the necessary staff to deploy the solution. Once live, all customers are assigned a Customer Relationship Manager who are there to help with configuration or best practice questions as well as to aid resolving any technical issues with assistance from the Support team.; ; Additional on site support can be provided, but an additional fee may apply.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: X-On offers a full package of implementation support for Surgery Connect through our Service Delivery Team. We draw up and agree a suitable implementation plan (based on our experience, but weaving in individual customer requirements). ; ; We support the customer to deliver the necessary customisation and configuration of their solution required and full, remote training for all the staff in the GP practice/Organisation.; ; We support the customer through the transition from whatever services they are current using, and provide "go live" and post go live support to ensure they are getting the benefits of Surgery Connect from the outset.; ; We can then provide ongoing support to the customer, both through our regular support services, but also further optimisation and configuration support, as the customers seeks to improve how they use the telecommunications now at their disposal.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We can offer 2 approaches to an end of contract where the customer is moving to the service of a different supplier.; ; We can provide a straight forward download of the data, and then enable the customer and 3rd party supplier to carry out their own migration and configure their new service as they wish.; ; Or we can fully support the migration, mapping fields, working with the 3rd party provider and customer to ensure the smoothest transition. An additional fee for this may be charged.
• End-of-contract process: We can provide a full end of contract support process, where a customer is moving to another supplier for their telecommunications.; ; Included in our contract price is a full "cut" of the data, to enable the customer and new supplier to take that data into the new system and configure as they wish.; ; For a reasonable additional charge, we can fully support the migration, mapping fields, helping with the migration and supporting the customer and new 3rd party supplier to ensure a smooth migration.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The core telephony aspect of the product can route to mobile devices allowing staff to make and take calls on their personal mobile device. There are also SMS, video and photo aspects of the product that utilise the inbuilt technology of mobile devices.; ; The Management Portals associated with product can be accessed via a mobile device through the inbuilt browser however, the Portals have not been designed specifically to be viewed on a mobile device.; ; Integration with the clinical system requires the installation of a piece of Windows software and so this is not available on a mobile device.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface is accessed through any modern browser via a secure, single sign on authentication. Management staff have access to a range of portals allowing them to manage and monitor the service.; ; The User Console provides a live and archived view of telephone traffic as well as the availability of staff and managing call answering teams.; ; The Configuration and Service Delivery Consoles allow managers to configure many detailed elements of the service.; ; X-flow allows Managers to update the inbound callflow and the messages that callers hear.; ; The Reports Portal allows Managers to generate and export data from the system.
• Accessibility standards: None or don’t know
• Description of accessibility: Our customers have full access to our services, and our telecommunications platform - Surgery Connect - provides a range of accessibility features, enabling people to communicate via telephone, voice, SMS, messaging, video, etc.
• Accessibility testing: We have not as yet done any testing with users of assistive technologies.
• API: Yes
• What users can and can't do using the API: We do have an API that can be accessed by contracted customers on request. This does not relate to making service changes as all of that functionality is available through the standard Management Portals.; ; The API allows customers to perform actions such as making telephone calls or sending SMS messages or to extract telephone call data in bulk.; ; Access to the API is not there by default, customers need to use an API key when communicating with the API and there may be an additional charge to gain access to the API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Surgery Connect is a fully customisable platform offering a huge range of telecommunications features. By the very nature of the platform, everything needs to be configured to enable the right users, telephone numbers, SMS Messaging, call centre contacts, interactive voice, call groups, etc, etc to be set up.; ; This is initially configured at implementation, and then the Practice Manager or other nominated person on site, can customise and manage Surgery Connect locally moving forward.

Scaling

• Independence of resources: We have 3 separate and independent data centres with monitoring and load sharing capabilities across all allowing us to handle many thousand concurrent calls across our customer base. This means we never have capacity concerns.; ; The call traffic on the platform is continuously assessed and platform capacity is regularly increased as more customers come on board.

Analytics

• Service usage metrics: Yes
• Metrics types: Surgery Connect provides a full range of metrics across the service.; ; This includes, but is not limited to :; ; - Patient queue analysis; - All call activity including times and durations; - Answered/Missed/Abandoned rates.; - By practice/location/person/department.; - Metrics on other communication sent and received (SMS, Video, file exchange); ; We can report on all areas of the system through the self serve Reports Portal
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There are a number of different elements that can be exported. User lists, detailed communication logs either individually (CDR data) or accumulated over a period (Reports data) and call recordings.; ; The communication log data is downloaded in csv format, the call recordings are downloaded as mp3 files.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Mp3
• Data import formats:
  • CSV
  • Other
• Other data import formats: Mp3

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We contract for 99.99% availability. This is achieved with 3 site data centre resilience (soon to be 4 sites) meaning that customers can be routed to any of these data centres with the minimum of disruption if needed.; ; If the service falls below the service availability level commitment, a service credit of up to 100% of the monthly rental charge, subject to the terms stated in the pricing section of the contract, will be applied to the following month's charges.
• Approach to resilience: We have 3 separate data centres that have the service data replicated between them meaning that customer's services can run on any of the data centres ensuring the 99.99% availability is maintained. Work is underway to introduce a 4th site.; ; The data centres are constantly monitored, with automated alerts to network staff when potential issues occur and traffic can be rerouted quickly and easily.
• Outage reporting: When outages do occur to Surgery Connect, which is a very rare occurrence, this can communicated via email and SMS directly to customers. Registered customers will receive notifications of progress with any remedial action and also when the issue is fully resolved.; ; Information also appears on our support portal, this information is updated at the same time as the other notifications.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is controlled at a user level. Each user is configured with the required access rights at the time of service creation. This is specified by the customer lead. The permissions are granular so each user can be configured with whatever access rights they require for their role. Moving forward, we only accept permission change requests in writing from the nominated service lead.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Limited
• ISO/IEC 27001 accreditation date: 02/08/2023
• What the ISO/IEC 27001 doesn’t cover: Our ISO certification is provided by QMS International, certificate number 173042020, and is valid through to August 2023.; ; We have been assessed for the provision of hosted call management solutions, which covers all of our business.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have a full range of security policies and processes in place as you would expect for an ISO 27001 accredited company. ; ; Although a growing company, are we still small enough to have very flat and clear reporting lines, so any security issues arising are reported directly to the CEO, amongst other senior staff, to ensure the highest level of focus.; ; As well as the regular audits to retain ISO 27001, in addition and as part of this process, we have regular training days for staff, communication around security issues and continually update our documentation.; ; We are well aware that data is at the heart of what we do and this must be kept confidential.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our platform has many components that are integral to the services we offer. We are always tracking and improving these components as well as adding new elements when feature enhancements or additions are introduced. Our Development process includes full peer reviewed code steps, incorporating data security matters. We also have a staging environment for full QA testing. The change management process must include full roll back details.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We take vulnerability management extremely seriously and so are constantly monitoring our platform for potential threats. Key infrastructure staff are alerted to any suspicious activity and will apply measures as quickly as is feasibly possible. We use a number of tools to scan our platform for 3rd party dependencies, updating to the latest stable version is part of the ongoing platform maintenance processes.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We are constantly monitoring our platform for potential threats. Key infrastructure staff are alerted to any suspicious activity and will apply measures as quickly as is feasibly possible. We use a number of tools to scan our platform for 3rd party dependencies, updating to the latest stable version is part of the ongoing platform maintenance processes.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: All staff are encouraged to raise any incidents (or near misses). This is clearly outlined when they join the company and is reiterated through regular security training throughout their employment. The company has an Incident Management Form that staff complete each time. This raises an alert with key board members and can either be picked up immediately or taken to the monthly Incident Management Meetings where appropriate.; ; If warranted a report will be made to the ICO and any customers that were effected will be contacted.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  X-On understands that we need to play our part of tackling climate change. ; ; We are aware, working mainly in the NHS, that healthcare in the UK contributes something like 5-6% of all emissions.; ; Through our customers using our services, we enable them, their colleagues in other organisations and their patients, to have the need to travel less - fewer car journeys, less bus trips, etc, therefore helping to reduce emissions.; ; Through the use of telephone, video conferencing, messaging, we enable communications that do not require travel, and have a very limited impact of the climate, supporting the drive to reduce emissions and fight climate change.
• Covid-19 recovery:

  Covid-19 recovery

  With many customers in Primary Care, we have been proud to support GP practices throughout the pandemic, and still, as the UK recovers from Covid, whilst still living with it. ; ; Our solutions provide the ability for GP practices to work more intelligently, productively, efficiently. We enable general practice to communicate effectively, with patients, with each other and internally within each practice.; ; And we support one of the key NHS priorities to offer patients a better experience of the NHS by offering digital solutions and digital access to healthcare.
• Tackling economic inequality:

  Tackling economic inequality

  Through the revenue that X-On drives through it's growth in general practice and other markets, ourselves and our employees contribute to the tax take for the nation. ; ; We employ a wide range of people, in different roles and from diverse communities. In terms of our recruitment practices we prefer to fill our experienced roles internally and encourage professional growth to support this aim.; ; We do what we can to help tackle economic inequality.
• Equal opportunity:

  Equal opportunity

  X-On is an equal opportunities employer. As such, all applicants for our roles are considered for employment without attention to any protected charactistics. Moreover, we employ people from a wide range of backgrounds and communities, in all our roles across the company.
• Wellbeing:

  Wellbeing

  X-On takes the wellbeing of its staff very seriously. We know that these are the people that deliver for our customers.; ; We have a range of human resources policies in place to support our staff if they need assistance, have challenges or issues, and we are a very accommodating employer in terms of support for our staff when they need it, if they fall ill, if they wish to have flexible working or work from home, etc.

Pricing

• Price: £15 to £27 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@x-on.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.