STREAMLINED FORENSIC REPORTING LIMITED

Streamlined Forensic Reports

Our service quickly produces medical reports of an excellent quality as a more cost-effective solution for UK police forces. We ensure justice to victims of violent crimes by reforming the complex and inefficient processes of obtaining medical evidence.

Features

• Use of the medical SFR template to deliver medical evidence
• Monthly key performance metrics
• Integration with all potential sources of medical evidence
• Information governance: GDPR, Data Protection Act, ICO registration, Cyber Essentials
• Onboarding process for relevant hospitals
• A single, monthly invoice only charging for completed medical SFRs
• Real-time data management
• Provision of expert reports
• Delivery of Force education and training materials and sessions
• Single monthly invoicing with full MI data

Benefits

• Single point of contact for police officers’ medical evidence requests
• Reduction in average waiting times for reports
• Increase in charging decisions as a direct result
• Urgent service for out-of-hours charging decisions, available 24/7
• Secure on-line request portal accessible via website
• National standardised consent form
• Integrated images, body maps and 3D reconstructed images of wounds
• Management of a single supplier, improving operational efficiency
• Reduced secondary harm to victims of violent crimes
• Provision of disclosure statements, minimising challenges

£56.25 to £253 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at johann.g@sfrmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

836192876552762

Contact

Johann Grundlingh
07746646603
johann.g@sfrmedical.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No such service constraints are identified. Planned maintenance activities will be conducted outside of working hours to have limited impact on the service. This will be communicated to the SPOCs.
• System requirements: None, other than compatible browsers (Microsoft Edge or Google Chrome).

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Yes, we do provide email and on-call support (for both standard and urgent cases). The turnaround time is less than 24 hrs, and we have a specialist hotline to provide support for urgent cases which is available 24 hours a day, 7 days a week, 365 days a year.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: N/A
• Onsite support: No
• Support levels: Streamlined Forensic Reporting Ltd provide ongoing support through a dedicated Client Relationship Manager who will work alongside Police Officers throughout the provision of our service. They will assist with technical support and process direct requests for streamlined forensic reports using the Microsoft Dynamics customer management system. We do not have differing, tiered support levels – all customers are provided the same high level of support.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide PDF and video guides for different roles before onboarding a new customer. These guides are also available to the users of the service at any time and can be accessed directly through the SFR Medical portal. Moreover, we also offer and conduct training webinars for our services, which will be delivered live via video conferencing software by one of our Client Relationship Managers. Ongoing support is provided after go-live for any technical or operational issues.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data is stored in line with Forensic Capability Network, NPCC and current legislative data retention standards. Upon contract expiry, the SFR Medical team will download and provide the data to the Police Force single point of contact (SPOC). Client SPOCs also have access to all the case related data through their login, meaning they can also download it manually prior to termination of their account, if they decide to bring their contract to an end.
• End-of-contract process: The contract will expire on the natural end date of any specific contract called off against the framework. If no renewal is agreed and the Customer continues to access the Contractor’s services, the terms of this agreement shall apply on a rolling basis until the overarching contract expiry date.; ; Persistent failure by the Contractor/Subcontractor to meet agreed service levels as specified within the SLAs and KPIs may lead to the contract being terminated or alternative Contractor(s) being appointed to maintain levels of service. ; ; Prior to early termination the complaints and escalation procedure should be followed to attempt to resolve any issue. Should suitable resolution not be achieved, the Customer will be allowed to terminate the SLA immediately.; ; Existing requests for SFRs issued prior to notice of termination shall be completed as if the Agreement were still in force. No new request for SFRs will be issued after service of notice of termination unless specifically agreed between the parties. ; ; Upon termination, data will be deleted if requested by the Police Force, and SPOCs will be able to download all force specific data into their systems. They can request for further granular data to be provided by SFR Medical upon termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The SFR Medical portal has been developed using responsive design, ensuring no loss of functionality as a mobile site. The portal can be accessed through mobile devices in the same way as the desktop version, ensuring it provides same services as the web portal.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The SFR Medical portal utilises a web-based visual interface, allowing easy navigation of service features and areas. Reports are visualised using the SFR template, now nationally approved following collaboration with the Forensic Capability Network (FCN). Medical evidence is a combination of medical records and medical statements. The medical statements produced are in the format of either an SFR1 (MG22B) and SFR2 (MG22C or MG22D) and in some circumstances an MG11. They are typed, jargon free, structured in an easy-to-read format and comprise all information from the multiple medical institutions and medical specialties a victim was assessed and treated by.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our web-based interfaced was developed in line with WCAG 2.1 AA standards, with a pilot program conducted during development alongside selected Police Forces to ensure compliance before the service was launched.
• API: No
• Customisation available: Yes
• Description of customisation: Upon request, SFR Medical can customise some portal features for each Police Force. This includes changes to the logo, nomenclature, specialist documents required, and approver details. These changes and customisation options can be requested though the force’s Client Relationship Manager, who can be contacted directly through email or telephone.

Scaling

• Independence of resources: Usage is based on licences. 5000 users can use the system based on one licence. The SFR Medical portal is designed to be scalable and, our IT team ensures that we are able to maintain the capacity to serve all SFR Medical customers without downtime or reliability issues.

Analytics

• Service usage metrics: Yes
• Metrics types: User metrics available through the SFR Medical portal include analytics reports (aggregated), user logs (If requested through the Client Relationship Manager), and access logs with IP addresses if requested (real time accessible to SPOCs via the portal).
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Each Police Force’s single point of contact can export data based on a range of parameters, including date range, requesting officer, request progress and multiple other parameters.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JPEG
  • PDF
  • DOCX
  • TIFF
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service is available 100% of the time (day and night) specially to cover urgent requests. In case of any downtime, the services still continue with all necessary business continuity processes in place to shift from Portal to emails and phone calls in the meantime. We have reduced the average waiting time for medical statements from over 3 months to less than 10 working days. If there is a suspect in custody or if there is a trial in the next 7 days however, our urgent service endeavours to complete requests within 24 hours (and if relevant before the PACE clock ends). Our current turnaround time for our standard service is between 2 and 8 working days, and for our urgent service between 2 hours 48 minutes and 5 hours 30 minutes.
• Approach to resilience: Microsoft ensures that the data at its data centres (data at rest) and data in transit are encrypted to minimise security risks. Microsoft Dynamics follows industry standard encryption protocols and provides strong access management through multifactor authentication and Azure security centre. Microsoft Cyber Defence Operations Centre (CDOC) protects Microsoft’s Cloud infrastructure and customers from evolving threats.; ; We have business continuity and disaster recovery plans (tested regularly) in place to continue providing services in the event of disaster/ breach/ impact to regular processes.; ; All sensitive data is stored on an NHS One Drive/ Microsoft Dynamics UK data centres and accessed by authorised SFR Medical staff only via Azure virtual machines (VMs). The Azure VMs ensures that:; • Users cannot copy or store any information outside of the virtual machines; • Access to emails and virtual machines is granted to only those who need it, and who have been approved by the CMO and CTO; • Multifactor authentication (per NHS digital guidelines) is enabled for emails, One Drive, VM access and applications to ensure additional security against potential cyber-attacks
• Outage reporting: Any outages are communicated to a Police Force’s SPOC. We have not had a scenario yet but in the event of an outage, we have procedure to publish it on the Portal.

Identity and authentication

• User authentication needed: Yes
• User authentication: Limited access network (for example PSN)
• Access restrictions in management interfaces and support channels: There are various roles defined within the SFR Medical Portal for the Police Officers, SPOCs, Supervisor etc. By default, a user, upon registration, has the Officer role which can be upgraded:; 1. To a supervisor through a checkbox on the Portal and ; 2. To a SPOC by an email to SFR Medical team from the Police Force existing point of contact
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable certification https://approachable.uk.com
• ISO/IEC 27001 accreditation date: 20/12/2021
• What the ISO/IEC 27001 doesn’t cover: The information security system covers the provision of medical evidence from the NHS to enable UK police forces to charge and detain criminal suspects, as stated on Statement of Applicability version 3.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Penetration Testing

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Pen Test and Cyber Essentials accreditation. All personnel are vetted to NPPV2 or NPPV3 standard. Our service has been approved as a permitted method of emailing personal identifiable data (PID) or confidential data in the UK (NHS Digital).
• Information security policies and processes: The following are applicable to our Data Protection policies, operating in line with the Data Protection Act 2018 and GDPR; ISO/IEC 27001 standard clauses 5.2 and 5.3, ISMS Scope Document Risk Assessment, and Risk Treatment Methodology Statement of Applicability Register of legal, contractual, and other requirements. We have defined information classification, incident management processes and relevance access control, monitoring processes in place to ensure information security. We are certified with ISO 27001.; ; Responsibilities for the ISMS are undertaken by the following: ; The Chief Technology Officer (CTO) ensures that the ISMS is implemented and maintained and for ensuring that all necessary resources are available. ; ; The compliance officer must review the ISMS at least semi-annually, or each time a significant change occurs. The purpose of the management review is to establish the suitability, adequacy, and effectiveness of the ISMS. ; ; The compliance officer will implement information security training and awareness programs for employees. ; ; The protection of integrity, availability, and confidentiality of assets is the responsibility of the owner of each asset.; ; All security incidents must be reported to the CEO. CTO will define which information related to information security will be communicated to interested parties (both internal and external), by whom, and when.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are tracked using Microsoft Planner (priority based) and are communicated and approved with all stakeholders via a call to the Change Approval Board. We also have update release communication sent over both email and Microsoft Teams channels to communicate any planned change and the migration status of the update. Changes are tested prior to release using unit and UAT testing. Changes migrate over non-working days unless urgent (Priority 1).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats are identified in advance during our regular risk assessment process. Risk planning involves conducting a risk assessment, developing risk treatment methodology, and determining a risk mitigation plan. This is conducted by calculating the impact and likelihood of a risk and thus defining the severity to create a mitigation plan. The Microsoft Security Centre is also used for monitoring and addressing any potential risks in advance.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: SFR Medical has an Incident Tracking Register which is used to track any registered incidents requiring action. Incidents and issues can be reported through our Security email or through our Teams channel for internal report. Additionally, the Microsoft Security Centre will also flag up potential threats. We also have multiple communication lines for users to report an incident through the ‘Contact Us’ option, which has an SLA of 1 day or quicker based on severity.
• Incident management type: Supplier-defined controls
• Incident management approach: SFR Medical has an Incident Tracking Register which is used to track any registered incidents requiring action. Incidents and issues can be reported through our Security email or through our Teams channel for internal report. We also have multiple communication lines for users to report an incident through the ‘Contact Us’ option, which has an SLA of 1 day or quicker based on severity.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  As an ever more pressing issue, combatting climate change is a major priority for SFR Medical. Consequently, we act in accordance with ISO:14001:2015, and the Environment Act 2021. We provide staff with training which encourages behavioural environmentalism within the workplace. Further information regarding this can be found within our Corporate Social Responsibility Policy.; ; SFR Medical’s remote friendly working environment has reduced our carbon footprint significantly though:; Reduction of emissions as all staff choose to work remotely and thus do not drive into work. This results in a reduction of greenhouse gases, which contributes to the fight against climate change.; ; Reduction of energy output for SFR Medical due to staff working off premises.; ; The amount of waste SFR Medical produce is minimised as our systems are now remote to facilitate online working, making us mostly paperless. No staff in-house means less waste.; ; We will also employ the DMAIC (Define, Measure, Analyse, Improve, Control) method to monitor and improve our sustainable processes when needed throughout this project.
• Covid-19 recovery:

  Covid-19 recovery

  To aid economic recovery during and following the Covid-19 pandemic, SFR Medical will utilise our flexible working policy to ensure the continuation of our services during the event of lockdowns and social distancing measures. This allows us to continue working, either from home or alternative locations if necessary, ensuring business continuity for ourselves and the Police Forces we provide an important service for. We can also avoid having to reduce our operations in any way through the flexible/agile procedures outlined in our Business Continuity Plan.
• Tackling economic inequality:

  Tackling economic inequality

  SFR Medical co-founder, Dr Lucy Gründlingh is an advocate for mentoring schemes, enabling young people to plan and progress their careers in the medical industry. She has previously mentored students who had an interest in becoming doctors, helping them to understand both the positive and negative aspect of a medical profession. Ultimately, this gave them the tools and knowledge to make the correct early career decisions for them. We are also now registered on the Modern Slavery registry, showing our commitment to ending such illegal and unethical practices.
• Equal opportunity:

  Equal opportunity

  SFR Medical are committed in encouraging equality, diversity and inclusion across the workplace and aim to demonstrate excellence in these areas. We provide equality, fairness and respect to every member of staff regardless of their role and aim for our workforce to be a representative of all members of society. SFR Medical recognises and accepts its statutory obligations under the Equality Act 2010 and the Human Rights Act 1998. Our Equal Opportunities Policy in respect of these aims to achieve equality by removing potential discrimination and gives staff confidence that employment decisions relating to recruitment, dismissal, redundancy, absence etc. will be fair decisions without discrimination by reason of a protected characteristic.; ; SFR Medical co-founder, Dr Lucy Gründlingh, was recently awarded the Women in Innovation 2020/2021 grant award by the Knowledge Transfer Network and Innovate UK, which provides funding and mentorship to inspirational female entrepreneurs leading projects that will make a positive social impact on the world.; ; Our commitment to flexible working also enables a more equal distribution of childcare between parents, enabling more mothers to work. SFR Medical are very proud that all our employees work from home, over 75% of SFR Medical’s employees are female and just under 50% of SFR Medical’s female employees are working mums.
• Wellbeing:

  Wellbeing

  SFR Medical Ltd hold the provision where if a standard SFR1 request has a member of a UK Police Force, an NHS worker or an employee of the UK Criminal Justice System as the patient, that SFR1 is provided free-of-cost. Additionally, this applies whether the individual was on-duty or off-duty at the time that the injuries were sustained.

Pricing

• Price: £56.25 to £253 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: There is an option which Police Forces can chose to take a free trial for a certain number of cases with us. We have also run some pilot programs with Police Forces as a test run for our finalised services. These pilots are highly feedback oriented.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at johann.g@sfrmedical.com. Tell them what format you need. It will help if you say what assistive technology you use.