Viccari Wheele Limited

Refernet: a safe and secure online referral management system

Refernet is a referral management solution that helps build partnerships and enables referrals to be made securely between agencies and their partners. Clients include Citizens Advice, councils, charities, legal and money advice, healthcare and social prescribing services across the UK. Refernet is GDPR compliant and reports on activity and outcomes.


  • User friendly Referral management with mobile friendly interface.
  • Refer patient/clients between approved partner agencies, with full referral history.
  • System Administrator controls which agencies to include in their network.
  • Search and filter capabilities to find agencies.
  • Enhanced agency profiles including service scope and open hours.
  • Secure document and sensitive data sharing between service providers.
  • Option to include self-referral button on your own website.
  • Report on referral activities and client/patient outcomes.
  • White label product: allows for customer branding and user avatars.
  • Comprehensive field sets for the referral form.


  • Create and leverage national, regional and sub-regional partnerships.
  • Evidence your referral activity to help secure funding.
  • Record and monitor outcomes to enhance/support funding opportunities.
  • Record activity and report per agency and entire network.
  • Refer customers securely across the network.
  • Join up different case management systems through referral.
  • Secure, GDPR compliant system for sensitive data handling.
  • Supports remote working of agency staff.
  • Avoids 'signposting' so clients don't have to repeat their story.


£8,350.00 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 3 9 9 9 9 7 6 3 7 0 0 0 4 3


Viccari Wheele Limited Steve Wheele
Telephone: 01273 244099

Service scope

Software add-on or extension
Cloud deployment model
Hybrid cloud
Service constraints
Quarterly deployments of updates/features and planned periodic maintenance, outside office hours 9-5, typically at midnight or over the weekend. Customers are informed via a bulletin a couple of weeks in advance.
System requirements
Device that can run a modern web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Telephone and email support during business hours Monday to Friday excluding bank holidays (9am-5pm) is provided for system administrators and we aim to respond within 4 business hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Email and telephone support during business hours (9-5) is provided for functionality issues and usage. Support is provided by dedicated senior technical/training/commercial staff. Initial training is included in the license cost and any refresher training is at extra cost (as per pricing document).
Support available to third parties

Onboarding and offboarding

Getting started
Refernet has an intuitive design that prompts users as they navigate the system and video tutorials are available.

Initial training is via Zoom/Teams and free of charge for 2 hours, delivered by Technical Director. There is no limit on attendees and can be recorded at no extra cost.

Customer Administrators typically then train new customer users, however additional training can be delivered by the Refernet Technical Director (on site or remote) at extra cost.
Service documentation
Documentation formats
End-of-contract data extraction
A data export function within the system allows the Administrator to export all data, while other users can only export token information. Includes anonymised referral data.

Categories of advice and outcomes cannot be exported.

System and all data deleted 1 month after contract ends.
End-of-contract process
System access can be maintained for up to 1 month for customers to add and remove data (within constraints of contract). Any additional needs can be discussed with client..

System and all data deleted 1 month after contract ends.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
There are only visual differences where the service has been optimised for different platforms, the functions all remain the same.
Service interface
User support accessibility
None or don’t know
Description of service interface
Web interface via secure login where users find and select an Agency to refer to, fill in a referral form, and send the referral to the chosen agency. Agencies are notified of activity via email and requested to login and respond. No data is included with emails.
Accessibility standards
None or don’t know
Description of accessibility
The service does not override any of the user's browser-based accessibility customisation.
Accessibility testing
First phase pilots are being carried out in small client groups.

Each system that is commissioned includes a discussion with the client about their customers, user requirements, possible support services (such as assistive technology needs) any specific needs are discovered and agreed with at this point. We complete this on a case by case basis, dependent on requirement.
Customisation available
Description of customisation
Refernet is a whitelabel product, the customer area can be branded.

Via the admin portal, Administrators can disable and mandate referral form fields, categories of advice, outcomes fields, and micromanage which agencies can see or refer to other agencies.

Administrator's data inputs leads to customisation of homepage.


Independence of resources
The system uses scalable, virtualised infrastructure. Ongoing performance monitoring is conducted by the cloud hosting provider, and we can easily implement system upgrades/increase resources as demand increases.


Service usage metrics
Metrics types
We provide data visualisation and a list view of:
- Number of referrals
- Open, accepted, updated referrals - as Agency
- Open, accepted, updated referrals - as User

Data can be viewed on dashboard or as a report, granularity and date range can be set.

Administrators can view number of Agency users.
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
A data export function within the system, which includes option to export all data.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
Other data import formats
  • .pdf
  • .doc
  • .docx
  • .jpeg
  • .png
  • .gif

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Approach to resilience
Located in London EC1 datacenter, ISO27001 and PCI-DSS compliant.

Fully managed by a team of IT professionals, with dedicated account handling and SecOps teams on a 365/24/7 basis.

Full server snapshots daily and incremental backups every 4 hours.

Outage monitoring alerting the CTO, SecOps and Dev Team in the event of connection failure. Historic versions for Refernet (taken before any changes or features are deployed) are stored onsite at our alternative studio location. Access to this location is via a secure VPN and locked to our dedicated IP. Our onsite studio is monitored 365/24/7.
Outage reporting
Administrators are alerted as soon as issue is detected, via email or phone call. The system will also show an error landing page.

A report is generated, available to customers if requested.

Refernet maintain a Disaster Recovery policy with procedures for any outage event.

Identity and authentication

User authentication needed
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
The Administrator interface is restricted to user accounts with relevant privileges, and accessed via a username and password.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
No audit information available
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
The CTO is responsible for the security and integrity of data held on Refernet systems by specifying, installing and maintaining adequate ICT equipment and security systems. However, all users have responsibility for the security and safety of Refernet and the information held on those systems.
Information security policies and processes
Refernet are a small team with a simple reporting structure. We maintain the following information security policies, procedures and standards:

ICT Security Policy
Change Process Policy
Cyber Essentials

All staff have taken the certified NCSC training provided by Hiscox CyberClear Academy.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any change requests are handled in line with our Change Process Policy and ICT Security Policy.
Vulnerability management type
Vulnerability management approach
We assess potential threats by conducting an annual manual pen test and ad hoc automated pen testing. Threats are minimised by using software firewalls.

Patches to the operating system are deployed by the cloud hosting provider.

Patches to the Refernet system are deployed quarterly for low-level risks and immediately for high-risk bugs including outside of normal business hours.

Our Disaster Recovery Policy sets out our response times.
Protective monitoring type
Protective monitoring approach
Malware, virus and performance monitoring software is conducted by the cloud hosting provider. Any malware or virus detected would be instantly quarantined on the server.

Failed log-in attempts are logged and monitored. Any data breach within the Refernet system will have an immediate response.

Response times are detailed within our Update Control Process.
Incident management type
Incident management approach
Any incident will be flagged to Refernet via automated error emails. All incidents are managed in line with our Incident Policy which includes processes for common events. Our Disaster Recovery Policy refers to our process for informing customers about disasters and data breaches.
After any incident, an Incident Report is produced.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value



Viccari Wheele understand that mental ill health and stress are associated with many of the leading causes of disease and disability in our society. Understanding factors in the workplace can influence the health and wellbeing of individual employees, particular departments, or organisations as a whole. Promoting and protecting mental wellbeing is important for individuals’ physical health, social wellbeing and productivity.
Many factors in the workplace influence the mental wellbeing of individual employees. We promote awareness, and support the physical and mental health and wellbeing of staff. Understanding and addressing factors which affect people’s mental wellbeing at work can have a wide range of benefits, both for individuals and the organisation as a whole.
Mental wellbeing in the workplace helps promote the employment of people who have experienced/are experiencing mental health problems, and support them once they are at work.
Viccari Wheele’s Mental Wellbeing Policy covers the following aspects of mental health and wellbeing:

Mental wellbeing:
Promoting the mental wellbeing of all staff through:
• Providing information and raising awareness about mental wellbeing
• Providing opportunities for employees to look after their mental wellbeing
• Promoting policies and practices that promote wellbeing.

Management skills:
Developing skills for managers and supervisors to:
• Promote the mental wellbeing of employees
• Deal with issues around mental health and stress effectively.
Providing support to employees through:
• Providing a work environment that promotes and supports mental wellbeing for all employees
• Offering assistance, advice and support to people who experience a mental health problem while in employment.
• Support for staff returning to work after a period of absence due to mental health problems.
Helping people get back to work after a period of absence through:
• Recruitment practices
• Making reasonable adjustments
• Retaining staff who develop a mental health problem


£8,350.00 a unit a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.