Skip to main content

Help us improve the Digital Marketplace - send your feedback

STREAMLINED FORENSIC REPORTING LIMITED

Streamlined Forensic Reports

Our service quickly produces medical reports of an excellent quality as a more cost-effective solution for UK police forces. We ensure justice to victims of violent crimes by reforming the complex and inefficient processes of obtaining medical evidence.

Features

  • Use of the medical SFR template to deliver medical evidence
  • Monthly key performance metrics
  • Integration with all potential sources of medical evidence
  • Information governance: GDPR, Data Protection Act, ICO registration, Cyber Essentials
  • Onboarding process for relevant hospitals
  • A single, monthly invoice only charging for completed medical SFRs
  • Real-time data management
  • Provision of expert reports
  • Delivery of Force education and training materials and sessions
  • Single monthly invoicing with full MI data

Benefits

  • Single point of contact for police officers’ medical evidence requests
  • Reduction in average waiting times for reports
  • Increase in charging decisions as a direct result
  • Urgent service for out-of-hours charging decisions, available 24/7
  • Secure on-line request portal accessible via website
  • National standardised consent form
  • Integrated images, body maps and 3D reconstructed images of wounds
  • Management of a single supplier, improving operational efficiency
  • Reduced secondary harm to victims of violent crimes
  • Provision of disclosure statements, minimising challenges

Pricing

£56.25 to £253 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at johann.g@sfrmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

8 3 6 1 9 2 8 7 6 5 5 2 7 6 2

Contact

STREAMLINED FORENSIC REPORTING LIMITED Johann Grundlingh
Telephone: 07746646603
Email: johann.g@sfrmedical.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No such service constraints are identified. Planned maintenance activities will be conducted outside of working hours to have limited impact on the service. This will be communicated to the SPOCs.
System requirements
None, other than compatible browsers (Microsoft Edge or Google Chrome).

User support

Email or online ticketing support
Email or online ticketing
Support response times
Yes, we do provide email and on-call support (for both standard and urgent cases). The turnaround time is less than 24 hrs, and we have a specialist hotline to provide support for urgent cases which is available 24 hours a day, 7 days a week, 365 days a year.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
N/A
Onsite support
No
Support levels
Streamlined Forensic Reporting Ltd provide ongoing support through a dedicated Client Relationship Manager who will work alongside Police Officers throughout the provision of our service. They will assist with technical support and process direct requests for streamlined forensic reports using the Microsoft Dynamics customer management system. We do not have differing, tiered support levels – all customers are provided the same high level of support.
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide PDF and video guides for different roles before onboarding a new customer. These guides are also available to the users of the service at any time and can be accessed directly through the SFR Medical portal. Moreover, we also offer and conduct training webinars for our services, which will be delivered live via video conferencing software by one of our Client Relationship Managers. Ongoing support is provided after go-live for any technical or operational issues.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All data is stored in line with Forensic Capability Network, NPCC and current legislative data retention standards. Upon contract expiry, the SFR Medical team will download and provide the data to the Police Force single point of contact (SPOC). Client SPOCs also have access to all the case related data through their login, meaning they can also download it manually prior to termination of their account, if they decide to bring their contract to an end.
End-of-contract process
The contract will expire on the natural end date of any specific contract called off against the framework. If no renewal is agreed and the Customer continues to access the Contractor’s services, the terms of this agreement shall apply on a rolling basis until the overarching contract expiry date.

Persistent failure by the Contractor/Subcontractor to meet agreed service levels as specified within the SLAs and KPIs may lead to the contract being terminated or alternative Contractor(s) being appointed to maintain levels of service.

Prior to early termination the complaints and escalation procedure should be followed to attempt to resolve any issue. Should suitable resolution not be achieved, the Customer will be allowed to terminate the SLA immediately.

Existing requests for SFRs issued prior to notice of termination shall be completed as if the Agreement were still in force. No new request for SFRs will be issued after service of notice of termination unless specifically agreed between the parties.

Upon termination, data will be deleted if requested by the Police Force, and SPOCs will be able to download all force specific data into their systems. They can request for further granular data to be provided by SFR Medical upon termination.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Chrome
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The SFR Medical portal has been developed using responsive design, ensuring no loss of functionality as a mobile site. The portal can be accessed through mobile devices in the same way as the desktop version, ensuring it provides same services as the web portal.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The SFR Medical portal utilises a web-based visual interface, allowing easy navigation of service features and areas. Reports are visualised using the SFR template, now nationally approved following collaboration with the Forensic Capability Network (FCN). Medical evidence is a combination of medical records and medical statements. The medical statements produced are in the format of either an SFR1 (MG22B) and SFR2 (MG22C or MG22D) and in some circumstances an MG11. They are typed, jargon free, structured in an easy-to-read format and comprise all information from the multiple medical institutions and medical specialties a victim was assessed and treated by.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Our web-based interfaced was developed in line with WCAG 2.1 AA standards, with a pilot program conducted during development alongside selected Police Forces to ensure compliance before the service was launched.
API
No
Customisation available
Yes
Description of customisation
Upon request, SFR Medical can customise some portal features for each Police Force. This includes changes to the logo, nomenclature, specialist documents required, and approver details. These changes and customisation options can be requested though the force’s Client Relationship Manager, who can be contacted directly through email or telephone.

Scaling

Independence of resources
Usage is based on licences. 5000 users can use the system based on one licence. The SFR Medical portal is designed to be scalable and, our IT team ensures that we are able to maintain the capacity to serve all SFR Medical customers without downtime or reliability issues.

Analytics

Service usage metrics
Yes
Metrics types
User metrics available through the SFR Medical portal include analytics reports (aggregated), user logs (If requested through the Client Relationship Manager), and access logs with IP addresses if requested (real time accessible to SPOCs via the portal).
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Each Police Force’s single point of contact can export data based on a range of parameters, including date range, requesting officer, request progress and multiple other parameters.
Data export formats
  • CSV
  • Other
Other data export formats
XLS
Data import formats
  • CSV
  • Other
Other data import formats
  • JPEG
  • PDF
  • DOCX
  • TIFF
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our service is available 100% of the time (day and night) specially to cover urgent requests. In case of any downtime, the services still continue with all necessary business continuity processes in place to shift from Portal to emails and phone calls in the meantime. We have reduced the average waiting time for medical statements from over 3 months to less than 10 working days. If there is a suspect in custody or if there is a trial in the next 7 days however, our urgent service endeavours to complete requests within 24 hours (and if relevant before the PACE clock ends). Our current turnaround time for our standard service is between 2 and 8 working days, and for our urgent service between 2 hours 48 minutes and 5 hours 30 minutes.
Approach to resilience
Microsoft ensures that the data at its data centres (data at rest) and data in transit are encrypted to minimise security risks. Microsoft Dynamics follows industry standard encryption protocols and provides strong access management through multifactor authentication and Azure security centre. Microsoft Cyber Defence Operations Centre (CDOC) protects Microsoft’s Cloud infrastructure and customers from evolving threats.

We have business continuity and disaster recovery plans (tested regularly) in place to continue providing services in the event of disaster/ breach/ impact to regular processes.

All sensitive data is stored on an NHS One Drive/ Microsoft Dynamics UK data centres and accessed by authorised SFR Medical staff only via Azure virtual machines (VMs). The Azure VMs ensures that:
• Users cannot copy or store any information outside of the virtual machines
• Access to emails and virtual machines is granted to only those who need it, and who have been approved by the CMO and CTO
• Multifactor authentication (per NHS digital guidelines) is enabled for emails, One Drive, VM access and applications to ensure additional security against potential cyber-attacks
Outage reporting
Any outages are communicated to a Police Force’s SPOC. We have not had a scenario yet but in the event of an outage, we have procedure to publish it on the Portal.

Identity and authentication

User authentication needed
Yes
User authentication
Limited access network (for example PSN)
Access restrictions in management interfaces and support channels
There are various roles defined within the SFR Medical Portal for the Police Officers, SPOCs, Supervisor etc. By default, a user, upon registration, has the Officer role which can be upgraded:
1. To a supervisor through a checkbox on the Portal and
2. To a SPOC by an email to SFR Medical team from the Police Force existing point of contact
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Approachable certification https://approachable.uk.com
ISO/IEC 27001 accreditation date
20/12/2021
What the ISO/IEC 27001 doesn’t cover
The information security system covers the provision of medical evidence from the NHS to enable UK police forces to charge and detain criminal suspects, as stated on Statement of Applicability version 3.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
Penetration Testing

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Pen Test and Cyber Essentials accreditation. All personnel are vetted to NPPV2 or NPPV3 standard. Our service has been approved as a permitted method of emailing personal identifiable data (PID) or confidential data in the UK (NHS Digital).
Information security policies and processes
The following are applicable to our Data Protection policies, operating in line with the Data Protection Act 2018 and GDPR; ISO/IEC 27001 standard clauses 5.2 and 5.3, ISMS Scope Document Risk Assessment, and Risk Treatment Methodology Statement of Applicability Register of legal, contractual, and other requirements. We have defined information classification, incident management processes and relevance access control, monitoring processes in place to ensure information security. We are certified with ISO 27001.

Responsibilities for the ISMS are undertaken by the following:
The Chief Technology Officer (CTO) ensures that the ISMS is implemented and maintained and for ensuring that all necessary resources are available.

The compliance officer must review the ISMS at least semi-annually, or each time a significant change occurs. The purpose of the management review is to establish the suitability, adequacy, and effectiveness of the ISMS.

The compliance officer will implement information security training and awareness programs for employees.

The protection of integrity, availability, and confidentiality of assets is the responsibility of the owner of each asset.

All security incidents must be reported to the CEO. CTO will define which information related to information security will be communicated to interested parties (both internal and external), by whom, and when.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Changes are tracked using Microsoft Planner (priority based) and are communicated and approved with all stakeholders via a call to the Change Approval Board. We also have update release communication sent over both email and Microsoft Teams channels to communicate any planned change and the migration status of the update. Changes are tested prior to release using unit and UAT testing. Changes migrate over non-working days unless urgent (Priority 1).
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threats are identified in advance during our regular risk assessment process. Risk planning involves conducting a risk assessment, developing risk treatment methodology, and determining a risk mitigation plan. This is conducted by calculating the impact and likelihood of a risk and thus defining the severity to create a mitigation plan. The Microsoft Security Centre is also used for monitoring and addressing any potential risks in advance.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
SFR Medical has an Incident Tracking Register which is used to track any registered incidents requiring action. Incidents and issues can be reported through our Security email or through our Teams channel for internal report. Additionally, the Microsoft Security Centre will also flag up potential threats. We also have multiple communication lines for users to report an incident through the ‘Contact Us’ option, which has an SLA of 1 day or quicker based on severity.
Incident management type
Supplier-defined controls
Incident management approach
SFR Medical has an Incident Tracking Register which is used to track any registered incidents requiring action. Incidents and issues can be reported through our Security email or through our Teams channel for internal report. We also have multiple communication lines for users to report an incident through the ‘Contact Us’ option, which has an SLA of 1 day or quicker based on severity.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

As an ever more pressing issue, combatting climate change is a major priority for SFR Medical. Consequently, we act in accordance with ISO:14001:2015, and the Environment Act 2021. We provide staff with training which encourages behavioural environmentalism within the workplace. Further information regarding this can be found within our Corporate Social Responsibility Policy.

SFR Medical’s remote friendly working environment has reduced our carbon footprint significantly though:
Reduction of emissions as all staff choose to work remotely and thus do not drive into work. This results in a reduction of greenhouse gases, which contributes to the fight against climate change.

Reduction of energy output for SFR Medical due to staff working off premises.

The amount of waste SFR Medical produce is minimised as our systems are now remote to facilitate online working, making us mostly paperless. No staff in-house means less waste.

We will also employ the DMAIC (Define, Measure, Analyse, Improve, Control) method to monitor and improve our sustainable processes when needed throughout this project.
Covid-19 recovery

Covid-19 recovery

To aid economic recovery during and following the Covid-19 pandemic, SFR Medical will utilise our flexible working policy to ensure the continuation of our services during the event of lockdowns and social distancing measures. This allows us to continue working, either from home or alternative locations if necessary, ensuring business continuity for ourselves and the Police Forces we provide an important service for. We can also avoid having to reduce our operations in any way through the flexible/agile procedures outlined in our Business Continuity Plan.
Tackling economic inequality

Tackling economic inequality

SFR Medical co-founder, Dr Lucy Gründlingh is an advocate for mentoring schemes, enabling young people to plan and progress their careers in the medical industry. She has previously mentored students who had an interest in becoming doctors, helping them to understand both the positive and negative aspect of a medical profession. Ultimately, this gave them the tools and knowledge to make the correct early career decisions for them. We are also now registered on the Modern Slavery registry, showing our commitment to ending such illegal and unethical practices.
Equal opportunity

Equal opportunity

SFR Medical are committed in encouraging equality, diversity and inclusion across the workplace and aim to demonstrate excellence in these areas. We provide equality, fairness and respect to every member of staff regardless of their role and aim for our workforce to be a representative of all members of society. SFR Medical recognises and accepts its statutory obligations under the Equality Act 2010 and the Human Rights Act 1998. Our Equal Opportunities Policy in respect of these aims to achieve equality by removing potential discrimination and gives staff confidence that employment decisions relating to recruitment, dismissal, redundancy, absence etc. will be fair decisions without discrimination by reason of a protected characteristic.

SFR Medical co-founder, Dr Lucy Gründlingh, was recently awarded the Women in Innovation 2020/2021 grant award by the Knowledge Transfer Network and Innovate UK, which provides funding and mentorship to inspirational female entrepreneurs leading projects that will make a positive social impact on the world.

Our commitment to flexible working also enables a more equal distribution of childcare between parents, enabling more mothers to work. SFR Medical are very proud that all our employees work from home, over 75% of SFR Medical’s employees are female and just under 50% of SFR Medical’s female employees are working mums.
Wellbeing

Wellbeing

SFR Medical Ltd hold the provision where if a standard SFR1 request has a member of a UK Police Force, an NHS worker or an employee of the UK Criminal Justice System as the patient, that SFR1 is provided free-of-cost. Additionally, this applies whether the individual was on-duty or off-duty at the time that the injuries were sustained.

Pricing

Price
£56.25 to £253 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
There is an option which Police Forces can chose to take a free trial for a certain number of cases with us. We have also run some pilot programs with Police Forces as a test run for our finalised services. These pilots are highly feedback oriented.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at johann.g@sfrmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.