TestCard

TestCard SaaS Toolkit

The SaaS Toolkit has everything you need to implement TestCard’s rapid diagnostic test reading technology into an existing application - it includes our SDK (software development kit) available for iOS and Android. As well as a stand alone digital reader solution.

Features

• Real time reporting
• Remote Access
• NHS DSPT certified
• Algorithmic analysis with suggested reading
• Test-specific data passed to customer's app for record-keeping and reporting
• Integration of results into Electronic Patient/Health Record if desired

Benefits

• Scan and read a test at POC
• Customers can retain their existing technology and user base
• Integrates TestCard's scanning technology into customer's own apps
• Tests are performed to a consistent and high standard
• Easily deployed to meet any legal or clinical reporting requirements
• Provides real-time data to be appraised during any audit/review
• Support for users to perform the test correctly

£240 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark@testcard.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

656270998560104

Contact

Mark Dunning
01723 447830
mark@testcard.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: An extention to any existing system, iOS or Android App looking to provide the ability to scan and read rapid diagnostic tests. Alternatively the solution can be provided as standalone.
• Cloud deployment model: Private cloud
• Service constraints: - SDK limited to iOS and Android devices; - Hosting device must be configured to consume the TestCard SDK product
• System requirements:
  • Android 8+ and iOS 15+
  • Hosting device must send and receive data to a cloud-system
  • Hosting device must have audio capability
  • Hosting device must have a working camera
  • Hosting device must have a working camera flash
  • Hosting device must be updated in-line with app store OS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday 9 - 5 ; Response within a couple of hours
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: TestCard charge a day rate charge in line with SFIA guidelines. Outlined within pricing section of this submission. A TestCard Account Manager is assigned during project implementation and video training is available as standard. This support would only be relevant for anything additional. Standards for professional services; ● Consultant’s working day: 7.5 hours exclusive of travel and lunch; ● Working week: Monday to Friday excluding national holidays; ● Office hours: 9:00am to 5:00pm Monday to Friday; ● Travel, mileage subsistence: Included in day rate within UK Mainland.; ● Mileage: As for travel, mileage subsistence; ● Professional indemnity insurance: included in day rate; ● Invoices issued at the end of the calendar month. Payment terms are 30 days from date of invoice.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: TestCard support users of our system from initial implementation through to full onboarding.; ; Kick Off Meeting- Establish who, what, where & when.; ; Consultancy Visit – Create full specification with figma boards; ; Development - Creation of SDK for TestCard app to launch within customer application; ; UAT- User Acceptance testing & usability testing support; ; Pilot- Go Live Support.; ; Full Rollout- On-going support.; 2 x Days Face to Face training included; Digital onboarding (training) toolkit provided; ; Project Closure- Full implementation review and support handover; ; Project Initiation Document:; Project Plan; Roles & Responsibilities; Change Management; Project Scope; Risk Register; Communication Log; Implementation Process; Implementation Stage requirements.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is being sent as part of the service, final large data request can be made at contract end.
• End-of-contract process: As will be outlined in the contract the customer will own their data and has full access to download data through reporting tools at the end of the contract. Any additional data migration would be chargeable.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A - There is no desktop service
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The TestCard SaaS toolkit includes an SDK to be placed into a hosting app, and a developer portal which is web-based. The application is also available as a stand alone solution.
• Accessibility standards: None or don’t know
• Description of accessibility: Users can integrate the SDK with existing systems and configure and read API documentation through the developer portal. Font size can be adjusted. Light and dark mode is available. Colours and fonts are tested with an accessibility checker to confirm appropriate contrast etc.
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: The SDK is a closed-box solution which is configured to the customers' requests and test types for scanning. ; Users can receive the scanned test data from the SDK through our API for future use/storage.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: - Test types can be configured; - Fonts can be imported from hosting app; - Brand colours can be configured; -Translations

Scaling

• Independence of resources: Through scale-by-design development. The services infrastructure increases resources on request demand.

Analytics

• Service usage metrics: Yes
• Metrics types: - Number of test scans per test type; - Successful vs failed scans; - Test results
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data is being sent as part of the service through the API.
• Data export formats: Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: In the event that our service does not meet the standard, service credits are calculated as a percentage of the total charges paid, refundable against future invoice. Service disruption credit is calculated less than 99.95% but greater than or equal to 99% - 10%/ Less than 99.0% but greater than or equal to 95% -25%/ Less than 95% - 100%
• Approach to resilience: Available on request
• Outage reporting: By E-mail

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: The hosting app of the TestCard SDK will authenticate users with an AuthToken prior to them entering the SDK
• Access restrictions in management interfaces and support channels: Username/password required for developer portal; optional MFA
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: NHS-DSPT

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Regularly conduct risk assesments and review information security configurations quarterly. We review policies and procedures annually. We follow a Secure Software Development Lifecycle process to developing and maintaining software.; Comply to NHS DSPT and Cyber Essentials
• Information security policies and processes: - Data Protection Policy; - Information Security Policy; - Data Protection Appropriate Policy Document (APD); ; - Software Control, Release and Maintenance Process; - Employee Information Security Process; - Identification, Authentication and Authorisation of Systems and Information Process; - Information Security and Data Protection Internal Periodical Assessment Process; - Information Security Audit Logs and Monitoring Management Process; - IT Infrastructure and Application Security and Vulnerability Management Process

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Maintain a register: Software Components, SOUPs, Technical Business Continuity and Cyber Threats Register, this includes:; ; - Component lifetime tracked in register; - Component Security Impact assesment in register; ; The quarterly information security review summarises the different security checks conducted during a specific time period. This can include references to the semi-annual Vulnerability Assessment and SOUPs checks.; ; - Process for application update and patch management. ; - Changes are peer reviewed and stored in version control software before being applied. Software dependencies are checked for vulnerabilities when changes are made
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Prevention; - Eliminate ; - Mitigate - Identifying, adding, and improving controls.; - Accept - To accept cyber security risks, outcomes will be tracked accordingly; product specific threats will be documented in Cyber Security Traceability Matrix .; - Transfer - where no controls can be implemented, the risk will be transferred. ; ; Mitigation ; - Protect - Applying security patches, creating network segmentation, locking down user permissions, or employing encryption. ; - Detect - Focus on identifying unwanted behaviour of the system. ; - Respond - The ability to work with degraded capabilities. ; - Recover - Focus on returning to a known good state.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: AWS Security Hub is utilised for protective monitoring of the applications. AWS inspector is used to continually assess resources for vulnerabilities and potential compromises. If no incident is found work is scheduled to rectify the vulnerability depending on its severity as per our threat review and prevention process.; ; When a security incident is detected and reported the incident response process is followed where all relevant departments conduct a review of the impact, affected area and data involved to decide on suitable mitigation or recovery measures. Scenario planning excercises will be conducted if needed to further improve business and application resilience.
• Incident management type: Supplier-defined controls
• Incident management approach: Incident management is accounted for within the Information Security Policy; this covers incident reporting, response and recovery. ; Reporting my be made to a senior team member as soon as possible, and must be logged, investigated and reviewed within the threat register. Incident reporting is also handled as per this policy. ; Users can report incidents using customer support.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Wellbeing

  Covid-19 recovery

  Our solutions allow for accurate, recorded, reportable testing for COVID-19 in clinical environments, encouraging clinicians to save money and time by using rapid diagnostics while not sacrificing traceability and governance,

  Tackling economic inequality

  Turning a mobile phone into a clinical grade scanner, TestCard makes testing fast, easy, and affordable for consumers and healthcare professionals.; ; Our solution can also be implemented into Primary Care and community testing and once in place it will help to alleviate a number of health inequalities. It will bring quick and easy testing to the individuals; with results integrated directly into the EPR or sent to a clinician to review. This will reduce accessibility issues as patients will not need to attend in person appointments for routine POC tests. ; ; Our solution offers full traceability by capturing test lot numbers and expiry dates to avoid the same test being used more than once.; ; Our solution supports the reduction in health inequalities as defined within the NHS England's Core20PLUS5 approach. For example, early detection of cancer diagnosis. ; ; We are involved in a study funded by Yorkshire Cancer Research. Coordinated by Cancer Research UK & King’s College London Cancer Prevention Trials Unit to determine if bladder cancer can be identified through at-home testing using a simple urine dip test; with > 60s men are the primary group This includes 6000 patients from 3 cohorts for the initial pilot with this increase to 100,000 when pilot is expanded nationwide ; ; This study enables access to care to those who are not able to travel to a clinical setting, and receive the same level of diagnostic testing as those that are able to attend appointments in person.

  Wellbeing

  Our solutions support healthcare testing in all environments as it can be performed on a mobile device - at home, in clinical environments, and in areas with less access to healthcare. More testing means faster treatment and greater wellbeing.; ; Faster access to diagnosis, allowing patients to quickly get the care they need. It also improves the patient pathway with a more effective patient triage, reducing delays with test results. ; The integration of the test result on the EPR, reduces the need for re-testing and the result is readily available to clinicians. ; ; Based on our partnership with Guys and St Thomas's NHS Trust - A significant improvement in the flow of patients with respiratory symptoms in A&E, and a reduction in the use of side-rooms for patients pending Covid PCR results.; Testing in A&E increased from 30% to over 95% of all patients attending A&E.

Pricing

• Price: £240 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Customer receives a Proof of Concept Pack (free) - this includes a mobile device (returnable) with our digital reader software and a number of user selected lateral flow tests to be used for evaluation and validation.; The customer is provided with the application already installed onto the device.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark@testcard.com. Tell them what format you need. It will help if you say what assistive technology you use.