Follow Us On Twitter

General Questions

What is the lead time for National Audit Dataset changes to be included in SCR?

As long as specifications from the audits are received 6 months before a release date, then these changes will be included in the following release. Where changes are received after this deadline we cannot guarantee inclusion. We continue to work with all audits providers to make sure they are aware of our timescales.

What procedures are there in place to safeguard against the unlikely event of the supplier ceasing to trade?

An escrow agreement is in place with the NCC Group.

Can I use the application on a mobile device?

The screens have recently been redesigned to allow ease of use on a mobile device. So yes, you can use SCR to read and edit records but it is not designed for printing on a mobile device.

Does your system meet the required ISN standards?

Our systems meets all the required standards including NHS No display, Patient Banner requirements, updates to OPCS or ICD, NHS Data Dictionary definitions.

Server-side Questions

Does the server side of the application have to run on a dedicated server(s)?

It is recommended that a dedicated server is used, though the system can run without problem on a shared server. Consideration will need to be given to possible downtime on systems running on a shared server.

Can the server side of the application run on a shared server resource (i.e. co-resident with other applications)?

The database can run without problem on a shared server, providing it meets our minimum specification.

What is the minimum specification required for an SCR server?

  • Processor - Dual Core Processor (2.0 GHz +)
  • Memory - 8GB
  • Storage capacity - 100GB

What software needs to be installed on the SCR server(s)?

Web server

  • Windows Server 2008 or later
  • IIS 7.0 or above
  • Microsoft .NET Framework 4.5.2

SQL server

  • SQL Server 2008 R2 or later

Can the server side of the application run in a virtual environment?

Our system is tested within a virtual environment and many organisations run SCR in a virtual environment without issue.

Is more than one server required for your application?

The system can be run on a single server without problems, although it is good practice to have the IIS and SQL Servers running on separate machines.

Do you have a resilient architecture design option for your application?

Currently no, but may be considered as part of the RFC process in the future.

Who is responsible for providing the server, operating system and SQL server licences?

These are all the responsibility of the procuring organisation.

Does your application run on other platforms? If yes, please define.

The web application is written in Microsoft ASP.NET; therefore only Microsoft platforms are supported.

Client-side Questions

Who provides the client platform?

This is the responsibility of the procuring organisation

Does the application have a client-run time component?

No runtime components are used.

Does any Person Identifiable Information get stored on the local Hard Disk Drive?

All information is stored securely in a SQL database on the organisation's server. The application will allow the user to export data to various formats such as Word documents and CSV. The user has control over where these files are stored. There is no requirement to save this data on the local hard disk drive and we would recommend that these files should be stored in a server folder.

Will the application co-reside with other applications on the client PC?

The application is not installed on the client PC, however a desktop shortcut can be created or a link added to the organisation's intranet. The application runs within IE and will have no effect on other applications installed on the client PC.

Will the application co-reside with a centrally managed Anti-Virus product on the client PC?


Will the application run with the user logged onto the PC with restricted user rights?

The system runs in the browser, providing this can be started and the address on your intranet accessed, then the system will run. The system makes no use of the registry, files or folders on the local machine.

Will the application work with a Web Proxy server - if applicable?

Providing the user has access to the proxy server.

Will the system run with Safeboot HDD encryption?

Some of the computers used for testing and training use Safeboot HDD encryption and we've encountered no issues when using SCR.

Will the system run with port control?

We have not tested the system with any form of port control.

Can the application print to Windows registered printers?

As the application is accessed via web browser, ability to print is dependent on the hardware and software being used.

Database/Reporting Questions

Does the application use Microsoft SQL Server? Which version is required?

Yes; SCR requires SQL Server 2008 R2 or later.

Does the application use any other database engine?

No other database engine is used.

How is the database licensed? Is it based on named users, PCs installed or connection concurrency?

The licence is for the whole system and includes an unlimited number of users.

Is the core data storage ODBC or OLEDB compliant?

The data can be accessed by either ODBC or

Is it possible to use third party reporting tools (such as Crystal Reports) directly on the data?

Reports can be developed locally using Crystal Reports, SQL Reporting Services or MS Access. However, the SCR system includes all relevant National reports. SCR has developed DataViews which allow the user to access the SCR database via an ODBC connection and use an Excel spreadsheet to define and manipulate data fields of their own choosing.

Will you publish the database schema to the organisation for users to create their own custom reports using external tools?

We will provide the schema upon request.

Are there other forms of assistance available if we need to develop custom reports or extract data from the system?

Normally access to the SQL views is sufficient. We can provide advice on reporting, though this would be counted against your support calls.

Does the offered solution provide a Hierarchical Storage Management solution to split current data from old data?

Due to the size of the database this was not felt to be necessary.

How does the application accommodate a 2TB addressing limit on storage?

Growth of the database files is small. It is unlikely to hit the 2TB limit for a very long time.

Security Questions

What are the User Access Security controls for passwords?

1) A required user name and password. 2) Valid password rules are set by the local .net password policy. 5) Forced password change after 60 days, but can be configured on the local server 6) Max. failed login attempts before lockout is incorporated in the system. An administrator will need to reset the password if a user is locked out.

Does Taunton & Somerset NHS Foundation Trust IT Services have a secured N3 connection for use when supporting remote sites?

Yes. This is detailed in the Pre-requisite document.

Does the product integrate with Active Directory?

The system does not integrate with Active Directory.

Does the user require admin rights to run the application?

Admin rights are not required to run the system, the PC requires Google Chrome or IE9+. Pop-up blockers must be disabled for SCR.

Will the product run on Windows XP or Citrix Metaframe?

IE9+ and Google Chrome are not supported on Windows XP. Windows XP is also no longer supported by Microsoft and should not be used.

Does the application make use of the Windows Registry or attempt to write to it?

The system makes no use of the Windows Registry.

Does the application attempt to write to the local machine?

The system can export data to various file formats including Word, Excel, XML and CSV files which can be saved to the local machine or other designated area, the user is in full control of the creation and saving. The application does not store temporary files on the local machine.

Does the system require users to enter multiple passwords and identifiers to gain access to different modules of the system?

Users are assigned a single username and password to access the system. User activity is restricted by cancer type and role. All cancer types can be viewed, but only where the user has been given permission can data be entered or modified. Access to reports, downloads and administrator functions are also limited by role.

Does the system hash user passwords?


Does the system provide the facility to set the elapsed time before passwords can be re-used?

No, however the system will not permit last password reuse.

Can passwords contain upper and lower case alpha characters, numerals and special characters (such as !@#$%^&*(){}[] )?

Passwords can contain upper and Lower case characters, numbers and special characters if defined in the local .net password policy.

Does the system have the option to allow regular provision for password change, and prompt for a change if it has not been made within a specified period?

The requirement can be configured in the local .net password policy - normally this would be set to 60 days or less. When logging into the system after the password has expired a user cannot proceed until their password has been changed.

Does the system allow access facilities of a user to be suspended for a time, or permanently for example, during sickness or holiday periods?

A user's access can be restricted to read only at any time. When a user is deleted the record is marked as deleted without actually deleting the record. It would be possible to terminate a record for a time, but at present would require a local Administrator with database access to reinstate the user.

Does the system allow the controlled addition and deletion of users on to the system?

User can be added at any time, where a record is deleted it is only marked as deleted and hidden. This is carried out to maintain database integrity. User tables are maintained locally.

Does the system have the option to allow users to change their own passwords in a secure manner?

Users have access to change their passwords at any time.

Does the system have the option automatically to log-off and clear the screen of workstations which have not been used for a specified period of time?

After a preset period of inactivity the user is given a 10 minute warning then timed out. If the user clicks a button after this or tries to move on they are automatically taken to the login screen.

Does the system allow access restrictions to be set up for each individual user of the system?

Yes, by cancer type and role.

Application Environment Questions

Is an independent training environment supplied?

The SCR is deployed with a Test and Live environment; the test environment can be used for training or testing.

Does the offered solution provide an independent Upgrade database environment for trialling new versions of code/schema?

A generic test environment is accessible from the SCR website and is upgraded prior to a version release. If required the organisation's test environment can be upgraded prior to the live environment at the request of the Main/IT lead.

Does any application specific software need to be loaded onto the server(s)?

Please refer to Infrastructure Requirements document

Can procuring organisations load anti-virus software onto the Server?

As per organisation IT policy

Can procuring organisations install Windows Updates onto the server(s)?

As per organisation IT policy

Does the application use a single domain username to authenticate and connect to the database?

The application uses a single SQL username and password to connect to the database from the application server. This is via an ADODB .net connection between IIS and SQL servers.

Does your application use user-specific domain usernames to authenticate and connect to the database?

There is just a single SQL username for connection between IIS and SQL servers.

Does the system warn of impending disk space issues or other problems with the database?

It is the purchasing organisation's responsibility to ensure there is a suitable database maintenance plan in place and to monitor disk space on the server.

Is there a need for email integration within the application?

At present there is no requirement for email integration.

What is the average frequency of application upgrade?

As a minimum two per year - however Taunton & Somerset NHS Foundation Trust IT Services commits to meeting ISN requirements.

How are upgrades performed?

Upgrades are carried out using remote access, at a time agreed with the organisation's nominated Main and IT leads. This is to ensure a database back up has been carried out by the organisation prior to the upgrade and users are notified of system downtime.

What is the typical time to perform an upgrade, from a user outage point of view?

We normally allocate a morning or afternoon time slot (with agreement of the organisation) but some organisation request to be upgraded outside of usual working ours (After 18:00 on weekdays or at weekends). An upgrade usually takes up to 1 hour and leads are notified via email once the upgrade is completed.

Is the application web based, if so, what technology is used, (i.e. ASP/XML/ASP.NET)?


If any components of the product are developed in Java what manufacturer and version of the JVM is required?

The system makes no use of Java.

Do any components of the product use 16 bit code?

The system is developed fully in 32bit code.

Are there any DOS components?

The system does not use DOS components.

Does the product respect the %TEMP% and %APPDATA% system environment variables?

The system runs in a web browser and makes no use of local system variables.

Does the product initialize all its per-user data when run by a user for the first time?

All user configurations are administered from the servers.

How well does the product cope with sudden and temporary loss of network service - will the clients reconnect transparently to the user or do they need to log in again? Will the system recover or is there administrative action required to (for example) release locked files?

Users will be required to re-connect following any loss of network service. There shouldn't be any administrator action required.

How well does the product cope with sudden and unexpected loss of power? Assuming that the server restarts on restoration of power will the application auto recover and be available for use without human intervention?

If the client PC loses power or network connectivity then any unsaved changes will be lost. The user will be logged out. The user can log back onto the system when it is available and continue working normally. There are no session locks or other impediments that would require administrator intervention to re-enable users following a system failure.

Are all continuously running components of the system (apart from the client UI) implemented as services?

There are no continually running components. The application starts when the first user connects and closes when the last user disconnects.

Are there any interactive applications (apart from the Client UI) that have to be left running unattended on the database server or any other system?

There are no interactive applications.

Does the proposed solution need to connect to any other system?

A demographic interface is required to 'pull' the patient demographic / GP details but other interfaces can be achieved and are the responsibility of the procuring organisation.

Backup and Restore Questions

Does the system need to have all users disconnected when being backed up?

It is good practice for users to be disconnected before taking a backup. We would normally suggest backups are carried out overnight to minimise the need to disconnect users.

What is your recommended backup procedure and schedule?

SCR has become a business critical system; therefore we would recommend a minimum of daily backups carried out overnight. However the backup of the system is the responsibility of the purchasing organisation.

What this system support differential and incremental backups? In the case of transaction logs can the log files be backed up separately to the main data files with an optional truncate?

The application does not interact with the backups at this level. It is the organisation's responsibility to back up the database; we do not have a specific requirement for how this will be performed.

What maintenance should be carried out on the application?

The purchasing organisation is responsible for setting up a maintenance plan on the database to maintain the integrity of the data. At a minimum we would suggest an integrity check is carried out weekly as well as the truncation of the transaction log on a weekly basis.

Does this technology support on-line backups from Veritas Backup Exec 12?

Taunton & Somerset NHS Foundation Trust IT Services has not tested the system with this form of backup.

What steps are necessary to get a backup of the data?

We recommend that a local maintenance plan is set up for the database that will truncate transaction logs and check the integrity of the database and backup the files to a network location. Database files can then be backed up to tape according to local organisation policy.

Is it possible for backup to be performed in a scripted fashion i.e.: from the command line?

This would depend on the backup technology used. However using the SQL maintenance tools these can simply be run as scheduled jobs on the server.

What are the steps necessary to perform a full system backup to facilitate a system snapshot for DR and testing?

This should be carried out by SQL Server Management Studio.

What are the anticipated uncompressed sizes of the backup sets after one month, six months and twelve months?

This is dependent on maintenance plan used.

Will the size of the backup sets grow in a linear fashion?

Yes, as data is entered into the system the file sizes will increase.

Does the product support archival and/or near line storage and if so, how is this typically implemented?

This is not currently supported.

List the steps required to perform a restore of the system assuming a complete disaster.

Restore is the responsibility or the purchasing organisation. The organisation's IT team needs to adhere to the local policy on restoring a database.

Can the system be integrated into site backup systems?

Backups are a responsibility of the purchasing organisation and there are no problems in backing up the database as part of normal local backup routines.

Are any special scripts required to backup the database?

There are no scripts required.

Please detail the files/folders that would need to be backed up with an appropriate backup schedule and type.

All backups are managed locally by the purchasing organisation's IT department. We suggest that a backup takes place prior to version release and for this we will contact the nominated Main and IT leads to arrange a suitable time for both parties to achieve the upgrade. The SQL database needs backup and the frequency of backups needs to be determined locally. It is also helpful to back up the IIS folder containing the front-end files; this will facilitate your disaster recovery and a copy can be taken following a version upgrade.

Is backup a managed service?

Backups are the responsibility of the purchasing organisation.

Please detail the restore procedure to restore the relevant data to bring the system back online in the event of a rebuild.

The procuring organisation's IT department is responsible for this procedure. Normally you would restore the latest copy of the database from your backup media. The application files would need to be restored from their latest copy on the backup media. Taunton & Somerset NHS Foundation Trust IT Services can issue additional copies of the database in an emergency should you have total failure, as an organisation you can then restore using your latest back up.

Interface Questions

What network protocols are required?

The system uses normal HTTP messaging over a TCP/IP network. The system can also run over an HTTPS connection.

Does the product come with an ADT HL7 interface?

Yes, this is now part of our contract and includes the following messages:

  • A05 – Create/Update patient referral
  • S12 – Add appointment date/time
  • S13 – Reschedule first appt date/time
  • S14 – Modify first appt date/time
  • S15 – Cancel first appointment
  • A31 – Patient Demographic updates

The Cancer Referral type is required from your PAS system to enable only cancer referrals to come into SCR. Further interface development will incur an additional charge to organisations.

Support Questions

What support is in place if we have incidents or queries?

Our customer support team are contactable on 0300 323 0066 or they can be emailed via The team are knowledgeable about the application, but if they are unable to answer your call, it will be passed to the relevant team to deal with. All calls are tracked and monitored to make sure we meet our response times and contract obligations. We are second line support and deal with named leads for your organisation.

Training Questions

What face to face training is available?

For new organisations implement the system, we run a core Train the Trainer session for a maximum of 12 people (2 sessions with a maximum of 6 delegates per session). The customer may forego the latter training session and replace this with a day of on-site live support and coaching once a go-live has been agreed.

Once a customer is live with our system, monthly open sessions for individuals to attend are held frequently for core and additional modules. Refresher training can be organised on a per customer basis for a maximum of six delegates. We also provide bespoke training at the request of our customers.

What other training support do you offer?

We have a comprehensive selection of 'How Do I? Guides', User Guides and Audit Mapping Guides. There is a Learning Management System which provides various eLearning modules with assessments and Certificates of completion available. There are also several 'How Do I? Videos' on various aspects of our system and a new video is produced in line with new features for every release to our product. Our Learning Management System is available 24 x 7 and does not require an N3 network to be accessed.

Information Governance / Data Protection

Can inaccurate data be edited and is there an audit trail?

All data can be edited provided the user has the appropriate access rights. Records added, updated and deleted are recorded in an audit table, along with username and date/time.

Audit Trail - Where is the audit trail held and what does it contain?

The audit trail is held in the database and it contains:

  • The user who performed the action
  • The date/time of the change
  • The type of change (Insert/Update/Deletion)
  • The record affected

The audit trail is record level; it does not include changes made to particular fields.

How long are the audit records maintained?

The audit records are maintained for the life of the system.