Refernet: a safe and secure online referral management system
Refernet is a referral management solution that helps build partnerships and enables referrals to be made securely between agencies and their partners. Clients include Citizens Advice, councils, charities, legal and money advice, healthcare and social prescribing services across the UK. Refernet is GDPR compliant and reports on activity and outcomes.
Features
- User friendly Referral management with mobile friendly interface.
- Refer patient/clients between approved partner agencies, with full referral history.
- System Administrator controls which agencies to include in their network.
- Search and filter capabilities to find agencies.
- Enhanced agency profiles including service scope and open hours.
- Secure document and sensitive data sharing between service providers.
- Option to include self-referral button on your own website.
- Report on referral activities and client/patient outcomes.
- White label product: allows for customer branding and user avatars.
- Comprehensive field sets for the referral form.
Benefits
- Create and leverage national, regional and sub-regional partnerships.
- Evidence your referral activity to help secure funding.
- Record and monitor outcomes to enhance/support funding opportunities.
- Record activity and report per agency and entire network.
- Refer customers securely across the network.
- Join up different case management systems through referral.
- Secure, GDPR compliant system for sensitive data handling.
- Supports remote working of agency staff.
- Avoids 'signposting' so clients don't have to repeat their story.
Pricing
£8,350.00 a unit a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 3 9 9 9 9 7 6 3 7 0 0 0 4 3
Contact
Viccari Wheele Limited
Steve Wheele
Telephone: 01273 244099
Email: info@refernet.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Hybrid cloud
- Service constraints
- Quarterly deployments of updates/features and planned periodic maintenance, outside office hours 9-5, typically at midnight or over the weekend. Customers are informed via a bulletin a couple of weeks in advance.
- System requirements
- Device that can run a modern web browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Telephone and email support during business hours Monday to Friday excluding bank holidays (9am-5pm) is provided for system administrators and we aim to respond within 4 business hours.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Email and telephone support during business hours (9-5) is provided for functionality issues and usage. Support is provided by dedicated senior technical/training/commercial staff. Initial training is included in the license cost and any refresher training is at extra cost (as per pricing document).
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
Refernet has an intuitive design that prompts users as they navigate the system and video tutorials are available.
Initial training is via Zoom/Teams and free of charge for 2 hours, delivered by Technical Director. There is no limit on attendees and can be recorded at no extra cost.
Customer Administrators typically then train new customer users, however additional training can be delivered by the Refernet Technical Director (on site or remote) at extra cost. - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
-
A data export function within the system allows the Administrator to export all data, while other users can only export token information. Includes anonymised referral data.
Categories of advice and outcomes cannot be exported.
System and all data deleted 1 month after contract ends. - End-of-contract process
-
System access can be maintained for up to 1 month for customers to add and remove data (within constraints of contract). Any additional needs can be discussed with client..
System and all data deleted 1 month after contract ends.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- There are only visual differences where the service has been optimised for different platforms, the functions all remain the same.
- Service interface
- Yes
- User support accessibility
- None or don’t know
- Description of service interface
- Web interface via secure login where users find and select an Agency to refer to, fill in a referral form, and send the referral to the chosen agency. Agencies are notified of activity via email and requested to login and respond. No data is included with emails.
- Accessibility standards
- None or don’t know
- Description of accessibility
- The service does not override any of the user's browser-based accessibility customisation.
- Accessibility testing
-
First phase pilots are being carried out in small client groups.
Each system that is commissioned includes a discussion with the client about their customers, user requirements, possible support services (such as assistive technology needs) any specific needs are discovered and agreed with at this point. We complete this on a case by case basis, dependent on requirement. - API
- No
- Customisation available
- Yes
- Description of customisation
-
Refernet is a whitelabel product, the customer area can be branded.
Via the admin portal, Administrators can disable and mandate referral form fields, categories of advice, outcomes fields, and micromanage which agencies can see or refer to other agencies.
Administrator's data inputs leads to customisation of homepage.
Scaling
- Independence of resources
- The system uses scalable, virtualised infrastructure. Ongoing performance monitoring is conducted by the cloud hosting provider, and we can easily implement system upgrades/increase resources as demand increases.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide data visualisation and a list view of:
- Number of referrals
- Open, accepted, updated referrals - as Agency
- Open, accepted, updated referrals - as User
Data can be viewed on dashboard or as a report, granularity and date range can be set.
Administrators can view number of Agency users. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- A data export function within the system, which includes option to export all data.
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
- Other
- Other data import formats
-
- .doc
- .docx
- .jpeg
- .png
- .gif
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- 99%
- Approach to resilience
-
Located in London EC1 datacenter, ISO27001 and PCI-DSS compliant.
Fully managed by a team of IT professionals, with dedicated account handling and SecOps teams on a 365/24/7 basis.
Full server snapshots daily and incremental backups every 4 hours.
Outage monitoring alerting the CTO, SecOps and Dev Team in the event of connection failure. Historic versions for Refernet (taken before any changes or features are deployed) are stored onsite at our alternative studio location. Access to this location is via a secure VPN and locked to our dedicated IP. Our onsite studio is monitored 365/24/7. - Outage reporting
-
Administrators are alerted as soon as issue is detected, via email or phone call. The system will also show an error landing page.
A report is generated, available to customers if requested.
Refernet maintain a Disaster Recovery policy with procedures for any outage event.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- 2-factor authentication
- Access restrictions in management interfaces and support channels
- The Administrator interface is restricted to user accounts with relevant privileges, and accessed via a username and password.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- The CTO is responsible for the security and integrity of data held on Refernet systems by specifying, installing and maintaining adequate ICT equipment and security systems. However, all users have responsibility for the security and safety of Refernet and the information held on those systems.
- Information security policies and processes
-
Refernet are a small team with a simple reporting structure. We maintain the following information security policies, procedures and standards:
ICT Security Policy
Change Process Policy
Cyber Essentials
All staff have taken the certified NCSC training provided by Hiscox CyberClear Academy.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Any change requests are handled in line with our Change Process Policy and ICT Security Policy.
- Vulnerability management type
- Undisclosed
- Vulnerability management approach
-
We assess potential threats by conducting an annual manual pen test and ad hoc automated pen testing. Threats are minimised by using software firewalls.
Patches to the operating system are deployed by the cloud hosting provider.
Patches to the Refernet system are deployed quarterly for low-level risks and immediately for high-risk bugs including outside of normal business hours.
Our Disaster Recovery Policy sets out our response times. - Protective monitoring type
- Undisclosed
- Protective monitoring approach
-
Malware, virus and performance monitoring software is conducted by the cloud hosting provider. Any malware or virus detected would be instantly quarantined on the server.
Failed log-in attempts are logged and monitored. Any data breach within the Refernet system will have an immediate response.
Response times are detailed within our Update Control Process. - Incident management type
- Undisclosed
- Incident management approach
-
Any incident will be flagged to Refernet via automated error emails. All incidents are managed in line with our Incident Policy which includes processes for common events. Our Disaster Recovery Policy refers to our process for informing customers about disasters and data breaches.
After any incident, an Incident Report is produced.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Wellbeing
-
Wellbeing
Viccari Wheele understand that mental ill health and stress are associated with many of the leading causes of disease and disability in our society. Understanding factors in the workplace can influence the health and wellbeing of individual employees, particular departments, or organisations as a whole. Promoting and protecting mental wellbeing is important for individuals’ physical health, social wellbeing and productivity.
Many factors in the workplace influence the mental wellbeing of individual employees. We promote awareness, and support the physical and mental health and wellbeing of staff. Understanding and addressing factors which affect people’s mental wellbeing at work can have a wide range of benefits, both for individuals and the organisation as a whole.
Mental wellbeing in the workplace helps promote the employment of people who have experienced/are experiencing mental health problems, and support them once they are at work.
Viccari Wheele’s Mental Wellbeing Policy covers the following aspects of mental health and wellbeing:
Mental wellbeing:
Promoting the mental wellbeing of all staff through:
• Providing information and raising awareness about mental wellbeing
• Providing opportunities for employees to look after their mental wellbeing
• Promoting policies and practices that promote wellbeing.
Management skills:
Developing skills for managers and supervisors to:
• Promote the mental wellbeing of employees
• Deal with issues around mental health and stress effectively.
Support
Providing support to employees through:
• Providing a work environment that promotes and supports mental wellbeing for all employees
• Offering assistance, advice and support to people who experience a mental health problem while in employment.
• Support for staff returning to work after a period of absence due to mental health problems.
Employment:
Helping people get back to work after a period of absence through:
• Recruitment practices
• Making reasonable adjustments
• Retaining staff who develop a mental health problem
Pricing
- Price
- £8,350.00 a unit a year
- Discount for educational organisations
- No
- Free trial available
- No