GovBook | Phlebotomy Booking Service

We've worked with 50+ healthcare clinics to create an off-the-shelf phlebotomy booking service that is proven to help healthcare providers increase operational efficiency, cut costs & improve the patient experience. This system offers a quick & easy way to manage high booking volumes across multiple locations.


  • AI-optimised scheduling that spreads demand and reduces wait times
  • Criteria-based pathways and guidance messaging to increase first-time resolution
  • Allow bookings via preferred language
  • Configurable rules that maintain control and automate admin processes
  • Centralised admin portal for managing availability, resources (chairs), and staff
  • Custom KPI dashboards & CSV reports that improve reporting
  • Send automated reminders & essential information to patients
  • Secure: ISO27001, PCI, GDPR & Cyber Essentials Plus certified
  • Accessible: WCAG 2.2AA compliant and built for mobile
  • Multiple appointment/clinic types: in-person, virtual, and telephone


  • Save staff time by streamlining and automating admin processes
  • Reduce costs and your overreliance on costly service channels
  • Improve patient flow with AI-optimised service schedules
  • Improve the UX with 24/7 access and multi-lingual options
  • Connect your workflows and eliminate silos
  • Align resources with demand & reduce no-shows with data
  • Improve patient communication with automated comms
  • Increase first-time resolutions with criteria-based pathway limiters
  • Brings together online, mobile, and face-to-face appointments/events
  • Deliver a consistent UX with white-labelling and integrated workflows


£10,000 to £1,200,000 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 2 5 6 4 4 6 6 5 6 2 2 8 1 5


BookingLab Chad Duggan
Telephone: 03334440203

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
Any service constraints are handled and managed by bookinglab.
System requirements
  • Modern web browser
  • Internet connection to the online service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Please refer to our Service Level Agreement included with our Terms and Conditions.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Core support is provided between 9am – 5pm Monday to Friday.

Our supported customers receive access to our Support Desk; SLAs for response and resolution are included as standard and part of the annual license fee. 'How to' video guides, FAQ knowledge-base and a getting started training manuals available.

As well as proactively monitoring your performance and providing regular platform-wide improvements, our Support Team will answer general queries about the solution, resolve technical issues and manage any escalations.

24/7/365 support available on request only and must be included in an agreed Statement of Work.
Support available to third parties

Onboarding and offboarding

Getting started
Approved customers are on-boarded through the creation of JRNI Staging and Production Environments.

BookingLab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
The JRNI technology stack can export data in several different ways depending on the receiving platform. SFTP is commonly used for CSV data, but our API can also support secure JSON data streams over HTTPS in and out of the platform. If the existing data transfer options are insufficient, we also employ a tightly-bound micro-services architecture as a core part of our platform, which allows us to create very small and simple bespoke services to send or receive data from almost any 3rd party source.
End-of-contract process
Off-boarding follows the publication of automated emails and then the closure of their bookinglab account.

It is the customer’s responsibility to download all collected data prior to the project completion. This can be exported directly from the platform admin interface. All booking and customer data can be extracted in a number of formats to ensure a safe and secure migration to any new systems being used. This would be an agreed format between the supplier and buyer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The booking platform is built from the ground up as a mobile-based application. All features and functionality delivered by the product are compatible with both Mobile and Desktop supported browsers.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Yes, the user interface is accessible using a supported web browser.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The platform is designed and tested to meet WCAG AA standards.
What users can and can't do using the API
The JRNI REST API is a HAL based API that allows you to manage all aspects of the JRNI platform.

JRNI is separated into three different APIs:

Public - The public API does not require authentications and it enables you to get information about services, resources, events, add items to the basket, view basket and checkout.

Member - The member API enables you to log in as a member, make bookings and amend or cancel their previously made bookings.

Admin - The admin API enables you to administer the account, such us create or amend people, resources or clients and view bookings.
The request format of the three APIs are:

Full developer documentation can be found at:
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Examples of areas of the booking system that can be customised include - additional services, additional resources, additional staff members, user levels, hierarchical user structures, notification settings, interface, layout, branding, pre and post booking questions.

Users can customise the system via platform configuration, in-house custom development or bookinglab services.

bookinglab has a highly skilled configuration team who are able to assist with the initial setup and configuration of the system to meet the individual client needs. From this point the client will be able to alter those configurations themselves.


Independence of resources
Via a dedicated cloud service or auto scaling policies.


Service usage metrics
Metrics types
Bookinglab monitors availability from 3 locations; traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability monitoring packages. Other metrics are extracted from the system using report generation processes. We provide information on system uptime; Service Level Agreement metrics; security related metrics.
Reporting types
Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Each organisation has complete access to their database, extensive Web Services API’s and development tools. All data is completely exportable, transferable and secure.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats
  • CSV
  • Other
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Bookinglab guarantees that the Booking Service will be available, excluding Downtime caused by Scheduled Maintenance, Emergency Maintenance or a Force Majeure Event, 99.5% of the time in a given calendar month (1st day to last day) ("Service Level"). The Service Level will not apply (and therefore no Service Credits will be applicable) to the extent that any Service Level Failure is caused by a failure of the Customer to comply with any Customer dependency or obligation, detailed in a Statement of Work or Order Form or the Master Subscription Agreement.

If, as recorded at the end of a calendar month, the Booking Service fails to achieve the Service Level, Customer is eligible to receive a Service Credit as detailed in the table below. The Service Credit percentage will be calculated in relation to the Fees payable in the month in which the Service Level Failure occurred.

Uptime in a calendar month - (Service Credit)
Less than 99.5% but greater than or equal to 99.0% - (5%)
Less than 99.0% but greater than or equal to 95% - (15%)
Less than 95% but greater than or equal to 90% - (50%)
Less than 90% - (100%)
Approach to resilience
Available on request.
Outage reporting
Monthly report provided via the Customer Success team.

More information available on request.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Named representatives only by user role.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO Quality Services Limited
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Available on request.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
Security Metrics
PCI DSS accreditation date
What the PCI DSS doesn’t cover
This certification is held by the service vendor: JRNI Limited.
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Follow ISO27001.
Information security policies and processes
Bookinglab adopt:
Internal audits in line with ISO27001;
Any deviations logged as tickets and fully investigated;
Issues mitigated.
Managed by our Engineering team.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Service components continue to be tracked and reviewed monthly, with risk assessments on security impacts.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Servers are built and attached to configuration management systems before being tested and permitted to access data, or accessed by the internet. These systems apply security requirements, including remedial actions found during penetration tests. Monitoring and IDS systems monitor for vulnerable settings, and alert engineers.

Weekly reviews of CVE vulnerabilities are performed. Staff subscribe to updates from core news sources. Security incidents and vulnerabilities are investigated by the ISM and Operations. Issues are dealt with on the associated threat. Key contact points exist with customers.

Patches are deployed on a priority basis, critical patches being deployed as soon as possible.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Bookinglab monitors availability from 3 locations; traditional server performance monitoring tools, hypervisor and load-balancer control panel systems ( via Amazon ) and external third-party availability packages.

Real-time Intrusion Detection Systems are installed on all servers. Logs and activities are monitored at 3 levels - On-host, central in-environment, and bookinglab central log management locations. This allows for per-server IDS services. File integrity is ensured by the IDS system and server monitoring. Core files that are managed by central configuration management are monitored and reverted if changes are found. Alerts are directed to the Operations team, who operate an on-call 24/7/365 rota.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Bookinglab responds to incidents based on the terms of the Master Service Agreement that is in place between bookinglab and each customer. These terms are agreed as part of the contract process and defines the response process for 4 levels of incident, ranging from P1 (service inoperable) to P4. Incident reports are directed to the customer via an agreed process. This is usually passed between the bookinglab Account Manager and a nominated representative at the customer.

bookinglab incorporates automation of issue resolution actions, where possible. Other issues have defined steps stored in an incident management wiki.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
NHS Network (N3)

Social Value

Fighting climate change

Fighting climate change

We pride ourselves on our contribution towards net-zero. Our solutions are designed to reduce carbon emissions, influence behaviour change, and expedite the usage of electric vehicles. To elaborate, our solutions have helped Nottingham City Council, Dumfries & Galloway Council (and many more) to change their organisation's travel behaviour by making it quick and easy to plan, book, and manage green business travel. With this solution, they’ve been able to Improve route planning, compare and book different (greener) travel options, and easily manage travel requests — all in one place. It is also worth noting that all of the organisations who have implemented our travel booking solutions have noted a significant reduction in their carbon emissions.

Our booking solutions also enable our public sector partners to go paperless (an operational norm which we ourselves abide by). What’s more, we operate a hybrid working model, whereby our staff are only required to be in the office one or two days a week. We also incentivise our team to travel into the office using greener modes of transport. Not only have we introduced a cycle-to-work scheme, but we now also offer subsidised public transport to-and-from our office space.

Importantly, we also reside in a shared office that purchases electricity from a supplier committed to renewable energy and we only purchase energy-efficient office equipment. What’s more, we also encourage our employees to be mindful on a micro-level. This includes turning screens off when not in use, ensuring all plug sockets are switched off from the wall, disposing of rubbish/recycling correctly, and much more. While these actions are relatively small in the comparison to scale of the impending climate crisis, we believe that every action we take counts.
Covid-19 recovery

Covid-19 recovery

Our solutions are designed to help significantly reduce costs and improve operational efficiency. Importantly, this has resulted in huge savings, which have subsequently been passed down to other departments and the wider community. Essentially, this means that public services can keep critical frontline services open for residents, redistribute revenue for the benefit of the wider community, and ensure that residents can still access the services they need to support their mental (and physical) well-being. With the financial/social implications of COVID-19 becoming increasingly apparent, our solutions have never been more important.

What’s more, by digitally transforming public services, and subsequently, offering in-depth train-the-trainer style workshops/webinars — we’re playing our part in providing the opportunity for staff to train/re-train in a high growth sector and learn the skills they need to excel in the digital economy. In fact, our community is designed for this very reason — to allow public servants to share knowledge in order to improve the delivery of public services. In digitising their services, departments are also presented with their own opportunity to train and equip the younger workforce with digital skills that will allow them to excel in our digital-driven economy and offset the decline in more traditional job opportunities as a result of the pandemic.

Our booking solutions have helped to reduce demand on essential mental/physical health services by reducing no-shows, making it easy to balance in-person and virtual appointments, helping to better manage resourcing, reducing admin/wait times, and much more. In fact, in the midst of the COVID-19 pandemic, we were able to support our government community in rapidly rolling out a purpose-built test booking system to over 100 locations across the UK. In this instance, our speed to deliver value was cited as being essential in helping to curb the spread of the virus.
Tackling economic inequality

Tackling economic inequality

We offer an array of project management, commercial, and software-based graduate roles and apprenticeships to kick-start careers in our high-growth tech industry. Our graduate/apprentice employees work on real projects, with real clients, and get real responsibility from day one — all whilst being supported to gain as much knowledge as possible from their experience. We also support those who wish to transition from previous occupations into a career in tech and are happy to champion a work/learning balance to facilitate this.

As standard, we encourage and financially support all employees to undergo regular training and personal development to equip them with the skills they need to excel (both professionally and personally).

As mentioned previously, we offer in-depth train-the-trainer style workshops, webinars, and user forums for all of our partners — hence, we play our part in providing government staff with the skills they need to excel in the digital economy. We’ve also developed a government community where industry leaders from a range of professions (all within government) come together to share knowledge and learn from others in order to improve the delivery of public services and build upon their skillset.

Please refer to the equal opportunity section to see how we ensure a fair, equal and open approach to hiring/workforce management.
Equal opportunity

Equal opportunity

We pride ourselves on making digital work for everyone. All of our solutions are quick, easy-to-use, and fully WCAG 1.2AA compliant. That's why over the last three years, we've been able to help 50+ organisations improve the accessibility of their online services for residents (and make digital roles available and attainable to a wide range of applicants). We’ve also developed rules-based logic and in-built search functionality that allows people with special requirements to easily find and book a service that meets their needs. Whether that’s a council staff member with particular ergonomic requirements who needs to book a desk or access space in a council building, or a resident that needs to book travel with wheelchair access and a 1-2-1 appointment with a public servant that can use sign language.

What’s more, for residents that simply cannot access digital services due to a lack of skills, economic hardship, or other — we also offer booking modules for on-premises bookings and telephone bookings to ensure everyone has fair access to public services.

Importantly, we are also committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, disability, pregnancy and maternity, marital or civil partnership status, gender reassignment, religion or beliefs, age or sexual orientation. We have an in-depth diversity and inclusivity policy that seeks to remove unfair and discriminatory practices in their entirety. We, as a company, are wholeheartedly opposed to all forms of discrimination, and we evidence this in our day-to-day operations.


Gone are the days of one-way, announcement-style communication flows. Instead, residents now expect (and deserve) an open, two-way channel of communication that allows them to have their say on services that affect them. That's why all of our solutions are built to help public sector organisations improve how they communicate with constituents and adopt a more relational approach to government. With intuitive liquid templates and integrations to Gov.Notify, SMS, and email — we've helped 50+ government organisations build strong relationships with their residents. So, whether it's collecting feedback via automated follow-up surveys or sending personalised service updates, our booking solutions help you build services that your residents value and increase community cohesion.

We’re also proud to have cultivated a government user group/community that is committed to sharing knowledge on digital best practices with the aim of further advancing digital government services. In keeping with this, we routinely hold webinars whereby representatives from as many as 50 public sector organisations get together to share knowledge.

What’s more, our solutions play a vital part in the management of public-owned resources that foster community cohesion and promote physical and mental well-being. These services include but are not limited to sports pitches and leisure facilities, government-owned buildings, community centres/halls, and more. Hence, we like to think we play an active role in aiding community-focussed mental (and physical) health enhancement activities.


£10,000 to £1,200,000 a licence a year
Discount for educational organisations
Free trial available
Description of free trial
A 14 day free trial of one of three SME versions of the software available on request.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.