Cirdan

Cirdan Digital Pathology LIS

Cirdan’s Digital Pathology solution is designed to support the paperless streamlining of workflows, processes, and results for any cellular pathology laboratory and provides a seamless integration into the Cirdan Core LIS and can be easily integrated with other 3rd party LIS solutions.

Features

• End-to-end cellular pathology workflow (including digital and computational pathology)
• WSI viewing for many scanner vendors including Philips, Hamamatsu, Leica
• Intuitive pathologist web user interface supporting remote collaboration
• Industry leading standardised cellular pathology annotation toolbox
• Access to AI research models for tumour identification and quantification
• HL7 based interoperability with 3rd party IMS &LIMS
• Training available for clinicians, scientists, pathologists, administrators and IT staff
• Cybersecure with role-based access control and full audit facilities
• Native full integration with the Cirdan CORE LIS.
• Extensible architecture allowing for integration with 3rd party AI vendors

Benefits

• Easily scalable from small, single laboratories to large, multi-site laboratories.
• Secure for data at rest/in transit (confirms to ISO/IEC 27001).
• Rapid on-boarding process with training and configuration service available.
• Accessible readily from any device with an internet web browser.
• Manages low to very high throughput whole slide imaging requirements
• Management Intelligence and Data Analytics Reporting Tools as standard.
• Can support a laboratory with their ISO 15189 Regulatory compliance.
• Cloud hosting provides advanced fail-over, resilience and disaster recovery.
• Inclusive of managed services for system support, maintenance and updates.
• Proactive monitoring tools as standard to ensure peak performance.

£650 to £650 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

694503397323957

Contact

Presales Team
02892660880
presales@cirdan.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • HTML browser e.g. Chrome, Firefox, Safari 9+, MS Edge
  • ORACLE19, Postgres , VMware, RHEL7, Windows Server 2019

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customers can email a request for support 24/7/365 via support@cirdan.com. Support requests received via email will be entered into the Cirdan Support System with email replies to customers auto generated from the Cirdan Support System as the ticket is progressed.; ; Responses are categorised by priority, based on Urgency and Impact. Customers specify the type of ticket and initial category : ; Critical < 1hrs; High < 4 hrs; Medium < 24 hrs; Low < 5 working days; Change request < 3 working days; Service Request < 3 working days; ; Note: Tickets may be recategorised or escalated once triaged.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The Cirdan Managed Service Desk provides a technical and operational support service, which is included in the licence costs. This provides comprehensive ITIL aligned support provision 24/7, including access to experts who can diagnose and resolve issues, as well as give advice on the product’s diverse features. The Service Desk provides a single point of contact and can be contacted by phone, email or using the online Cirdan Incident Management system (CIM).; ; Cirdan Digital Pathology support is part of the Managed service and are priced on a per user basis (See pricing sheet). ; ; Cirdan provides 24-hour support service to all clients with current support maintenance contracts. The Support Desk Team provide the third level of client support. The objective of the Cirdan Support Team is to facilitate the resolution of issues related to Cirdan systems application software and hardware in line with the Service Level Agreement.; ; A Customer Success Manager (CSM) will be assigned to each client to represent their needs and requirements and act as project coordinator for software upgrades or additional module implementation. The CSM will assist the client with issues that are management and project related while the Support Desk Team will provide day-to-day technical support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Cirdan will engage in an initial Discovery exercise with the customer where our product specialists scope the product configuration requirements; configuration and roll-out of a Minimum Viable Product (MVP) is undertaken; testing and go-live follows with on-site support from specialists; further configuration of the live product follows as additional modules and/or labs are on-boarded. Training is provided on-site and supported by user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Microsoft Word
• End-of-contract data extraction: Cirdan can offer the following options as part of the transition out services.; 1. Provide the customer with a copy of the Oracle database, the appropriate data dictionary and all backups as required which can be retained post the transition out period for no charge.; 2. Offer a Data migration service to the replacement LIS. This can be offered with methodologies such as HL7 or flat files based on 3rd party requirements. Once all transition out services are completed, Cirdan’s copy of the database and all backups would be destroyed as per customer requirements. The costs for the migration would be costed in the customer Exit Plan.; 3. Offer a service to generate PDF versions of all lab reports with a lookup system. The costs for the migration would be costed in the customer Exit Plan; 4. Offer a service to provide access to a Read only version of the database which maintains the data in current state for report generation and release. This offering protects the availability of all results and reports and audit trails and can be used in conjunction with data migration services. The costs for the migration would be costed in the customer Exit Plan
• End-of-contract process: Cirdan commits to ensuring there is a smooth transfer with a minimum of disruption through clear and pre-costed disengagement services if the customer selects to transition out either for convenience or for the termination of the service agreement.; ; As a minimum Cirdan will provide the customer with a copy of the Oracle database, the appropriate data dictionary and all backups as required which can be retained post the transition out period for no charge.; ; Cirdan offers an array of transition-out services to minimise the impact to the lab and ensure all data is available for future use by the customer. Cirdan would work with the customer on the requirements and document the approach. Cirdan is happy to collaborate with other third-party vendors on achieving the outcome required for the customer. This is often done with a working group combining Cirdan staff, customer staff and Third-party vendor staff and run as a project. ; ; Costs are calculated based on a Time & Materials basis, (see rate card), in line with the requirements as outlined in the agreed Transition out plan.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service includes all those features provided in the desktop service, however, due to the complexity of some screens our recommendation is that mobile devices no smaller than a tablet device are used.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service is accessed through a web browser.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: WAVE testing is carried out internally at this time.
• API: Yes
• What users can and can't do using the API: To use the API, users must first sign up as a Development Partner, and then user training and documentation can be made available.; ; Through the API, users can interrogate data from the system and carry out standard processes, for example, a test request for a patient may be ordered.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Configuration menus are an integral part of the Cirdan products and are available to any trained user. Training is available for customisation of, for example: specimen labelling, patient reports, individual and departmental dashboards.

Scaling

• Independence of resources: Each customer is allocated a unique service that is independent of other customers.; ; Cirdan can automatically scale up of resources when needed. For example, additional storage once a certain quota of space is filled, spinning up additional servers to cope with demand via load balancing or using the likes of Azure AutoScale which can scale up an array of resources such as CPU, RAM, Storage, etc. based on custom metrics defined by the user.

Analytics

• Service usage metrics: Yes
• Metrics types: Real-time Resource Utilisation in terms of the Environment/Infrastructure is provided through Azure Monitor, making use of Microsoft Azure’s Resource Utilisation Monitoring Capabilities. Utilisation in terms of the application itself can be monitored via additional bespoke monitoring, also feeding into Azure Monitor.; ; Service availability; Incident/change management reports; Storage utilisation; Backup reporting; Support issues requiring escalation; Additional metrics can be reported on as required.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is stored on an Oracle/Postgres database and data can be transferred into transportable files. There are many data formats available for use with the application, including but not limited to, Word, PDF, .CSV, XLSX, HL7, etc..
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HTML5
  • PDF
  • XML
  • XLSX
  • Word
  • FHIR HL7

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Cirdan offer a standard 99.90% availability as part of our SLA. ; Cirdan’s standard KPIs measure:; • Uptime (system availability / system response times); • SLA response and restoration compliance; • Allowable incidents (the number of incidents exceeding a pre-agreed level for a given defined period); Additional KPIs for measurement and reporting can be agreed with clients on an individual basis.; Our standard KPIs are measured as follows:; System availability is measured using a standard formula, as a percentage of the total time in a service period.; ; Service Availability (%) = (MP-SD) x 100 / MP (See example SLA provided); ; Following agreement on the Key Performance Indicators to be measured, Cirdan monitors performance against each indicator and issues the client reports (quarterly, or on such time basis agreed with the client) detailing the level of service achieved. ; ; If the Cirdan Core LIS application does not meet the service commitment agreed, Cirdan can comply with the service credits set out in the SLA. Cirdan’s service credit arrangement in its standard SLA provides service credits based on service days. ; ; Service reviews are held on a quarterly basis between the customer and the Cirdan Customer Success Manager (CSM) assigned to the client account.
• Approach to resilience: The Cirdan product is deployed as a clustered solution with availability sets controlling individual node availability within the primary site.; All VMs, stateful and stateless alike, have daily snapshot backups enabled using managed storage on a separate site via Azure Recovery Services Vault to allow recovery, if required, at both a VM level and an individual file level. Backups are provisioned with a default policy which supports schedule and retention settings modification, as required, to comply with customer requirements. ; ; If required by the customer a DR, (disaster recovery), configuration expands on this again, using Azure Site Recovery to ensure business continuity in the event of a regional outage. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. When an outage occurs at the primary site, fail over to a secondary location can be instigated, and apps accessed from there. After the primary location is running again, fail back can be initiated. This is tested at a frequency agreed as part of a managed services agreement and can be scheduled annually.; ; DR is available at an extra cost as listed in the price sheet provided.
• Outage reporting: Dashboards and email alerts can be configured to alert any system outages. The system is also monitored by Cirdan directly as part of the managed service agreement to ensure a prompt and appropriate response.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: In a cloud deployment access is granted via RBAC using a least privilege model. RBAC defined within the application allows definition of access levels for an individual, or groups of individuals, that includes cross discipline as well as discipline specific functionality. No limits have been identified to date in this respect. Self-service password resets available. ; The system allows for individual, unique user accounts and passwords with RBAC applied. Local Client policy and procedure should ensure this facility is used - Active Directory integration is possible.; The software development lifecycle includes regular vulnerability scanning, including the OWASP 2017 Top 10 guidelines.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 22/11/2021
• What the ISO/IEC 27001 doesn’t cover: Nothing specified as not covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • QUALITY MANAGEMENT SYSTEM - ISO 13485:2016 - MDSAP 709271
  • ICO Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Microsoft Sentinel is integrated with the Cirdan solution and provides advanced multi-stage attack detection with dynamically updated threat and anomaly detection rules, etc.
• Information security policies and processes: Cirdan are ISO 27001 accredited and this drives the content of the following policies and processes we follow:; Information Security Policy; Office & Remote Working Policy; Information Communication Acceptable Use Policy; Access Control & Asset Management Policy; Secure Development Policy; Cryptographic Policy; GDPR Policy; These policies are audited and certified by NQA against the ISO27001:2013 standard. Audits take place bi-annually.; ; These policies are maintained and enforced by a Quality & Regulatory Manager who reports to the Chief Executive Officer.; ; Cirdan is registered and complies with the NHS Data Security and Protection Toolkit. ODS code is 8J717, ICO registration number: ZA018472

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Proposed changes are documented and risk assessed. Roll-back processes and procedures are documented and tested. Customer is notified of risks, rollbacks and timelines for approval.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability testing is carried out on a regular basis using commercial tools. Subscriptions from vendors and third parties also alert to vulnerabilities which the tools do not yet identify.; ; Patches and updates for critical vulnerabilities are applied within 24 hours of being available, or if no solution is available from a vendor, alternative action will be taken to mitigate or negate the risk.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Proactive monitoring of systems allows automated reporting of issues and unusual activity is via systems which automatically raise a ticket. ; ; All authentication logs and machine alerts are kept off-site. Engineers available 24x7triage the tickets and raise escalation procedures as required.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incident Management is controlled by a process which guides the team through the assessment of the incident, evaluation of risk, loss and services affected. ; ; Users can either phone, e-mail or report via the online service desk. All incidents are followed up with a report detailing the root cause, immediate resolution and the changes to be implemented to prevent re-occurrence.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cirdan encourages sustainable travel by providing bicycle racks and promoting the use of carpooling and the usage of local public transportation systems. Our head office has been located within easy walking distance of local rail and bus connections. We encourage the use of electric vehicles with 2 charge points located on-site at head office. Additionally, we also provide a hybrid working models for all employees. ; ; As most projects are located overseas, we will seek to reduce the number of on-site meetings required with the use of remote meetings technology which is made available to all employees. We continue to rationalise the number of flights taken to visit overseas customers and markets.

  Tackling economic inequality

  Cirdan has strong relationships with various local Universities and further education colleges such as Queens University Belfast and the Ulster University. We are committed to offering a minimum of 4 x 12-month placement opportunities across various skill sets with a minimum salary of £21,000 each or equivalent to the Real living wages at the time of the job offer.; ; The placements will be open to the following skillsets but not limited to:; • Computer Science ; • Artificial Intelligence ; • Data Analytics ; • Cyber Security ; • Interaction Design/ UX; • Biological Sciences ; • Microbiology ; • Biomedical Engineering; ; Each placement will have the benefit from dedicated mentorship including one to one support from specialist team members in their area of expertise which will allow them to gain valuable hands-on work experience.; ; Cirdan recognises that its people are its most valuable asset, and that organisational excellence is best attained through continuous training, development and educational activities, which build upon individual strengths.

  Equal opportunity

  At Cirdan, we recognise the importance of equality for all staff, and aim to provide an environment which supports diversity and inclusion, in line with our values. ; We want to ensure that our business recognises and delivers culturally sensitive, inclusive, accessible, and appropriate products and services, without discrimination. We are committed to ensuring that our approach to our staff is the same as our approach to our customers, being open and transparent, focused and based on our values.

  Wellbeing

  Cirdan is committed to Corporate social responsibility. “We care for each other, our community, and customers: together we can achieve great things!”. We demonstrate this in various way including the commitment to “give back to the community through involvement in social, charitable and educational initiatives.” ; Volunteering - we encourage our employees to participate in activities, supporting communities in which we operate through Corporate volunteering and individual activities. ; Through our policy, employees can use paid time off during their normal working hours for up to 3 working days each financial year. The policy is intended to help and support employees wishing to volunteer and provides a framework for good practice. ; This policy establishes a company-wide volunteering scheme which aims to: ; • Strengthen the company’s commitment to communities through the direct involvement of employees. ; • Increase employees’ commitment to the company and their pride in working here.; • Enhance internal relationships and teamwork. ; • Develop necessary abilities and skills within the company, such as collaboration, leadership and creativity.; To launch our volunteer policy earlier this year we worked in a community-based project with the National Trust where we volunteered over 240 hours to beach clean-up and preserving areas of natural heritage. In December 2023 we have committed over 100 hours of volunteering time to Cash for kids who support children and young people affected by poverty, abuse, neglect, life-limiting illness and those who have additional needs.; Cirdan also contributed to health-care related charities and community projects by sponsoring the Health and Wellbeing Award at the 2023 Aisling Awards in Belfast, celebrating the work of local charities in supporting health and well-being in the community, and is also a sponsor of the STEM category of the Blackboard Awards in Belfast which recognizes the contribution of local community teachers across the city.

Pricing

• Price: £650 to £650 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Customers can be given time limited access to a standard version of the software.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at presales@cirdan.com. Tell them what format you need. It will help if you say what assistive technology you use.