Refer-all Ltd

ReferAll

ReferAll is a data management platform for the secure and efficient provisioning of health and wellbeing services.

Features

• Multiple Referral Sources from self-referral to clinical upload
• Comprehensive Data Collection including patient details and questionnaires
• Enhanced Workflow Management to achieve service delivery objectives
• Local Service Directory of referrers and activity providers
• Built-in Communicator including SMS, email, and letter templates
• Online Calendar to manage bookings with activity providers and instructors
• Attendance Tracking capturing sessions, venues and 3rd party tracking data
• Trackable Client Journey to pinpoint progress on referral journey
• MemberApp allows users to enter data and make bookings
• Reporting provides realtime view of progress, take-up and health outcomes

Benefits

• Cloud-based security allows safe administration of confidential patient detail
• Improve efficiency of referral programmes through CRM system automation
• Frictionless referral process to minimise referrer's time and effort
• Improve operational capacity by aligning health needs with programme availability
• Enhance client communications and effectiveness through inbuilt messaging functionality
• Minimise end-user administration through personal control of bookings and details
• Real-time reporting capabilities for administrators and commissioners

£495.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at partnerships@refer-all.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

481980983618975

Contact

Stuart Stokes
08454651052
partnerships@refer-all.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Requires a modern browser with Java script enabled
  • Requires a secure internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday:; Live Chat/Knowledgebase Help Articles, Telephone can be immediate, email initial response 1 hour; ; Weekends:; Support diverted to Knowledgebase Help Articles
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Accessible through the Application pages.
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: ReferAll support is provided as part of the licence agreement. First line support is provided through ReferAll’s online Live Widget / Knowledgebase Help Articles which are available 24/7, where support articles can be searched for and viewed, and where support tickets can also be raised. If self-service support cannot be provided, customers can use email support which creates a support ticket. Finally telephone contact can be made with ReferAll support. ReferAll support hours are 09:00 hrs to 17:00 hrs (Monday – Friday | excluding bank holidays).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Organisational level: every customer is allocated an account manager during the sales cycle. The initial onboarding process ensures the smooth transition onto the software. The account manager collects standard data requirements as well as custom configurations from an identified Super User. Our team works with the customer Super User/s who is then introduced to the knowledge base during the initial engagement session, consisting of written articles/screenshots and videos, accessible at any time through the user interface. ; User level: New customers are encouraged to include their team members in the initial training session. As new people join their team, the user receives a set of onboarding training emails alongside the Super User/s cascade training.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Upon acknowledgement of contract termination, the customers are supported to extract their data to local storage for retention purposes.; A request can be made to the ReferAll Account Manager for assistance in extracting all of the data if unable to action this locally.
• End-of-contract process: ReferAll upon notification of termination of contractual agreement between ReferAll and the said Customer, begin their customer exit programme operational process documented and held under company SOP's folder on SharePoint.; ; SOP-CLI-10001 Customer Exit Programme v1.5

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: ReferAll have a separate application, called MyReferAll, that is specifically built for use on mobile devices, however it should be noted that MyReferAll does not provide the full functionality as experienced on the desktop service, as it's targeted more for end-user data gathering than for scheme administration.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: HTTPS secure connection (port 443); DigiCert SSL AES 256 bit Encryption
• Accessibility standards: None or don’t know
• Description of accessibility: The ReferAll platform isn’t currently measured against any specific accessibility standards, but if customers come across any specific accessibility issues, ReferAll would explore the accessibility of its application.
• Accessibility testing: None
• API: No
• Customisation available: Yes
• Description of customisation: There are elements of the system that are self-service and can be customised such as increasing or decreasing geographical boundaries. Further customisations can be requested via ReferAll Change Request process.

Scaling

• Independence of resources: All of our technology is distributed to separate virtual machines to allow us to grant each machine its own dedicated resource. We use load-balancers to distribute application traffic across multiple web-servers. And we record application metrics to give us an understanding of under-performing areas of our applications, which we use to drive our development focus for future iterations.

Analytics

• Service usage metrics: Yes
• Metrics types: The team at ReferAll monitor various metrics that help manage their support function and their customer relationships, some of which are internal measures such as support requests, ticket types, and feedback surveys. Other customer related metrics will be posted via our Alerts page, which details any incidents, affected components and scheduled downtime.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: From within the application there is an area dedicated to the process of Importing & Exporting data. The options for exporting are as follows:; o Referral Data; o Referral & Questionnaire Data; o Referral, Questionnaire & Activity Data; o Referral & Activity Data; o Referral Activity Data; o Referral Biometric Data; o Referral & History Data; And the data is presented in a csv file.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: HTTPS secure connection (port 443); SSL AES 256 bit Encryption
• Data protection within supplier network:
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Network Firewall; HTTPS secure connection (port 443); SSL AES 256 bit Encryption

Availability and resilience

• Guaranteed availability: The ReferAll platform has been designed to ensure continuous availability for all customers. With that said there are times when the system will require downtime. When the need for downtime occurs, ReferAll will notify customers with sufficient lead time in order that their businesses understand what needs to be changed and when. Any planned downtime will be outside normal business hours of 08:00 to 18:00. By way of indication, ReferAll availability is at least 99.9%, allowing for scheduled downtime.
• Approach to resilience: ReferAll incorporate the following patterns to build resilient services for their clients: they favour automation for continuous integration & deployment of digital assets, load-balancers to distribute load between web servers, cloud-hosted services (where possible) of which are able to scale with customer demand, caching of hot queries to decrease load on the storage layer, and database mirroring to ensure continuous data availability.
• Outage reporting: Service outages are reported via our Alerts page within the Application to all system users.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: ReferAll have three ways of restricting access in their applications: the first is to revoke a users permission(s) at a granular level which gives ReferAll more fine-grain control of what actions a user can perform within our systems. The second is via role based licencing, where the user has restricted permissions relevant to their role within their organisation. The third way is to de-activate a users account, which will mean the end user will not be able to log into ReferAll applications.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: NHS Digital Security Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Security; and; NHS-DSPT (NHS-Data Security & Protection Toolkit)
• Information security policies and processes: ReferAll align to ISO/IEC 27001: 2022 and the ICO guidance for UK GDPR

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Aligned to ISO27001:2022, and working towards accreditation of same standard
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Microsoft perform a VA every week and sends a report. ReferAll Ltd Head of IT and Head of Development review and perform corrective actions as per report level of issues.; ReferAll's DataCentre partner manages VA on their behalf as part of their managed services contract. Any major issues they immediately make Contact with ReferAll Head of IT.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes are modelled on the NCSC (National Cyber Security Centre) advice and guidelines.
• Incident management type: Supplier-defined controls
• Incident management approach: Aligned to ISO27001:2022, and working towards accreditation of same standard

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  ReferAll help organisations involved in the commissioning and provisioning of lifestyle services such as physical activity referral, weight management, mental health and specialist referral services for chronic conditions such as Cancer by providing access to our digital platform that enables quick and easy yet secure online referrals from individuals and Healthcare Professionals, reduce the administrative burden on scheme administrators which frees up their capacity for improved delivery, while at the same time allowing for real-time monitoring and evidence-based evaluation of outcomes by healthcare commissioners.

Pricing

• Price: £495.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at partnerships@refer-all.net. Tell them what format you need. It will help if you say what assistive technology you use.