Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 1: Cloud hosting
  3. HSCN / N3 Cloud Hosting for Electronic Health Record Systems (EHR)
ToukanEyes Ltd

HSCN / N3 Cloud Hosting for Electronic Health Record Systems (EHR)

ToukanLabs provide a fully managed Cloud Hosted platform for all your Electronic Health Record (EHR), Electronic Medical Record (EMR) for Ophthalmology, Social-Care & Research solutions. From large systems (multiple sites) to backend APIs for NHS hospital and patient mobile apps. Connectivity: hospital systems/devices, spine/internet services, and primary care organisations. ISO9001-compliant.


  • Secure for Patient and Hospital Data
  • Connectivity with Hospitals over N3 / HSCN
  • Robust, Scalable, Secure Technology
  • Connectivity with Primary Care Organisations
  • Connectivity with Secondary Care Organsations
  • Connectivity with NHS Spine services
  • Full DR Available


  • PID / IG Safe (Patient Identifiable Data / Information Governance)
  • Securely Cloud Host your NHS & Research Applications
  • Suitable for small or large applications
  • Secure, Safe, Reliable


£1,200 to £2,500 an instance a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 2 7 3 9 3 3 0 9 8 7 9 4 8 3


ToukanEyes Ltd Gulfam Yunus
Telephone: 02080578877

Service scope

Service constraints
We can support both Linux and Microsoft Hosted Solutions.
Other solution platforms subject to review.
System requirements
  • Software Licence costs are the responsibility of the supplier
  • Hospitals/Organisations required to configure their own infrastructure/systems

User support

Email or online ticketing support
Email or online ticketing
Support response times
Initial response within 1 hour.
Resolution times determined by assigned incident priority and agreed SLAs.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
ToukanLabs as standard will provide 2nd and 3rd line support with the 1st line support provided by the clients existing service desk.

Our support desk software can be linked to the clients, enabling support tickets to be passed to ToukanLabs without the need for re-keying, this then enables client tracking of all issues to resolution.

1st line support can be provided, however this is yet to be requested.
Standard support hours are 08:00 to 18:00 hours, however ToukanLabs is a global company and can offer a follow the sun support desk.

ToukanLabs adheres to ITIL Service management practices and providing expecting service reporting at periodic and scheduled client reviews. We also provide a dedicated account manager who will hold regular review with the client stakeholder and user group.

Support costs are typically between £1,000 and £2,500 depending on the size of the implementation and support level required.
Support available to third parties

Onboarding and offboarding

Getting started
Base service onboarding includes software installation, integration with active directory (LDAP), receiving patient and list update integration (HL7 ADT), system configuration guides, and user guides. Supporting video clips will also be provided. Additional onboarding services can be provided against our standard rate card, including: - Pathway mapping ("as is" and digital "to be") - Implementation - Configuration - Integration - User Training - Train-the-trainer Training - Online Training Documentation - Go-live Desk Notes - Go-live Floor Walkers - Ongoing Application Support and Maintenance see price book for more details.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Virtual training vidoes
  • Interactive training with scored questions
End-of-contract data extraction
ToukanLabs provides a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format. Other export formats or data migration services are available if required, upon request and charged against our standard rate card. There is also the option for the provision of Full access to mysql database export facilities.
End-of-contract process
Support & maintenance is removed. There are no other actions required as there is no need to remove software from client servers as all the OpenEyes application is OpenSource. ToukanLabs will provide open access to the underlying data and the option to provide a complete and open copy of the database to the customer at the end of the contract (via IG safe channels), in database export or SQL script format. Other export formats or data migration services are available if required, upon request. Where ToukanLabs consultancy services are requested, these charges are on our published rate card.

Using the service

Web browser interface
Using the web interface
OpenEyes is accessed via web interface, all functionality is currently available
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Web interface accessibility testing
Not applicable
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Role based access controls will be used to allow authorised users to perform functions on hosted environments, as agreed as part of service commissioning. Command line operations may include, running data loading, processing, or extraction routines, resetting test or training environments etc.


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
For cloud hosted environments, dynamic resource allocation is used where the provision of compute, memory and disk resources are assigned as and when required. ToukanLabs applies good architectural principles such as dedicated 'Live' instance, a separate reporting service and user resource caps.
Usage notifications
Usage reporting
  • Email
  • SMS


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
UKCloud Ltd

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Application databases
  • System installs
  • System configurations
  • Medical data files
  • Images, videos, and other media files
Backup controls
Backup scope and schedules are configurable and will be agreed as part of service commissioning.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
N3 / HSCN connection or encrypted connection with secure NHS cloud data centre.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network
Secure closed network with Trust's hospital infrastructure or in secure NHS cloud data centre.

Availability and resilience

Guaranteed availability
We offer several levels of availability: - Same day service. Recover from failure within same day - One hour service. Recover from failure within one hour - High business continuity. Failover within 60 seconds - Continuous availability through Synchronous replication which provides zero point recovery. (No Loss of data.)
Approach to resilience
Client Hosted Minimum recommended resilience is Asynchronous replication at 15 minute intervals to a secondary or DR data center. Hardware design is recommended to following N+1 redundancy where there must be at least two single component failures before a service incident occurs. E.g. Power suppliers, disks, memory dims. The design is recommended to provide controlled failover to enable the replacement of any failed parts without impact the OpenEyes service. Cloud Hosted Minimum recommended resilience is Synchronous replication with zero point recovery in the advent of failure. All cloud providers now provide a recognised level of the required resilience such UPS, Generators, multiply National Grid Feeds, SAN Disk replication, Fire protection etc.
Outage reporting
ToukanLabs is currently able to report outages using the following methods:
- Public and private dashboards with current outage status
- Alerting via email to pre-defined distribution lists
- Text messages to a distribution lists
- Answer phone service with recorded with incident updates
- Direct status update to client service board where API integration is available,
The level of reporting and audience is defined in agreement with the client.
All service reporting is included in monthly service reports.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
Integration with Trusts Active Directory/LDAP Authentication services
Access restrictions in management interfaces and support channels
Management interfaces are restricted via HSCN and authenticated access. The application has local Role Base Access Controls (RBAC) assign to authenticated users, to control access to application data and functions.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • DCB029
  • Cyber Essentials
  • Working toward ISO 27001
  • NHS DSP-Toolkit
  • ICO Data protection Certificate

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials
NHS DSP-Toolkit
Information security policies and processes
Information Security Management System (ISMS) documentation is managed in accordance with our ISO 9001 quality assurance process and procedures,

ToukanLabs are working towards ISO 27001 accreditation

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes are assessed and approved by an independent board and presented as a controlled release

The OpenSource Software is managed and stored within GitHub repository,
Feature development, bug fixes and development requests are managed with Atlassian JIRA whereby formal software release configuration management processes are used.
All Releases are tracked from development, through system test and user acceptance testing environments, where sign off is required by the customer before being released to live.

A mixture of automated testing tools, load and performance and manual testing scripts are used to ensure code integrity.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our software undergoes DCB029 clinical certification and risk assessment.

Server stack software is upgraded regularly as part of our standard support and maintenance service, e.g. Operating system, web server and data base security patches applied. A security review is performed annually, or sooner if required and any risks/issued mitigated with an action plan formulated.
Application fixes from service management and bug fix procedures are usually deployed in a quarterly maintenance release, unless a more urgent release or hot fix is required and deployed with agreement with the customer.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Automated monitoring tools look at system and application logs, server metrics, including CPU, Disk, Memory, and Network utilisation.
Triggered incident tickets are automatically created in our service management tool for action by support engineers.
Other checks are performed by service desk personnel on a daily basis.
Incident management type
Supplier-defined controls
Incident management approach
We have full ITIL service management processes including, but not limited to
Incident management procedures, problem management, route cause analysis, bug fix procedures, release management processes.

Users report incidents to our service desk, via our support portal, email, or telephone. Incidents are tracked through 1st, 2nd, and 3rd line support escalation as required.

A monthly service report is produced and this is reviewed in monthly service review meetings with our service manager and the Trust/customer.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
Different Virtual Machines and VLans are used to partition customers and their respective environments.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
Our approach to sustainability and environmental responsibility is directed by a clear strategy, which is embedded within our organisation. Most of our activities have been assessed as having a minimal effect upon the environment, however where they do, we are committed to act responsibly and fully address this impact.

Our hosting partner's services (UKCloud) are CarbonNeutral® cloud services. We achieved this certification by working with Natural Capital Partners to measure and reduce our CO2 emissions across all sources used to deliver our cloud services to our customers. These include direct emissions from all owned or leased stationary sources that use fossil fuels and/or emit fugitive emissions, and emissions from the generation of purchased electricity and steam (including transmission and distribution losses) to power our servers.

For our cloud services to achieve CarbonNeutral® status, an independent assessment of the CO2 emissions produced from direct and indirect sources required to deliver them was carried out, followed by an offset-inclusive emissions reduction programme.

Social Value

Covid-19 recovery

Covid-19 recovery

Helps reduce waiting lists through efficiencies in patient pathways and service. Enables remote diagnosis and local treatment


£1,200 to £2,500 an instance a month
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.