As long as specifications from the audits are received 6 months before a release date, then these changes will be included in the following release. Where changes are received after this deadline we cannot guarantee inclusion. We continue to work with all audits providers to make sure they are aware of our timescales.
An escrow agreement is in place with the NCC Group.
The screens have recently been redesigned to allow ease of use on a mobile device. So yes, you can use SCR to read and edit records but it is not designed for printing on a mobile device.
Our systems meets all the required standards including NHS No display, Patient Banner requirements, updates to OPCS or ICD, NHS Data Dictionary definitions.
It is recommended that a dedicated server is used, though the system can run without problem on a shared server. Consideration will need to be given to possible downtime on systems running on a shared server.
The database can run without problem on a shared server, providing it meets our minimum specification.
Our system is tested within a virtual environment and many organisations run SCR in a virtual environment without issue.
The system can be run on a single server without problems, although it is good practice to have the IIS and SQL Servers running on separate machines.
Currently no, but may be considered as part of the RFC process in the future.
These are all the responsibility of the procuring organisation.
The web application is written in Microsoft ASP.NET; therefore only Microsoft platforms are supported.
This is the responsibility of the procuring organisation
No runtime components are used.
All information is stored securely in a SQL database on the organisation's server. The application will allow the user to export data to various formats such as Word documents and CSV. The user has control over where these files are stored. There is no requirement to save this data on the local hard disk drive and we would recommend that these files should be stored in a server folder.
The application is not installed on the client PC, however a desktop shortcut can be created or a link added to the organisation's intranet. The application runs within IE and will have no effect on other applications installed on the client PC.
The system runs in the browser, providing this can be started and the address on your intranet accessed, then the system will run. The system makes no use of the registry, files or folders on the local machine.
Providing the user has access to the proxy server.
Some of the computers used for testing and training use Safeboot HDD encryption and we've encountered no issues when using SCR.
We have not tested the system with any form of port control.
As the application is accessed via web browser, ability to print is dependent on the hardware and software being used.
Yes; SCR requires SQL Server 2008 R2 or later.
No other database engine is used.
The licence is for the whole system and includes an unlimited number of users.
The data can be accessed by either ODBC or ADODB.net
Reports can be developed locally using Crystal Reports, SQL Reporting Services or MS Access. However, the SCR system includes all relevant National reports. SCR has developed DataViews which allow the user to access the SCR database via an ODBC connection and use an Excel spreadsheet to define and manipulate data fields of their own choosing.
We will provide the schema upon request.
Normally access to the SQL views is sufficient. We can provide advice on reporting, though this would be counted against your support calls.
Due to the size of the database this was not felt to be necessary.
Growth of the database files is small. It is unlikely to hit the 2TB limit for a very long time.
1) A required user name and password. 2) Valid password rules are set by the local .net password policy. 5) Forced password change after 60 days, but can be configured on the local server 6) Max. failed login attempts before lockout is incorporated in the system. An administrator will need to reset the password if a user is locked out.
Yes. This is detailed in the Pre-requisite document.
The system does not integrate with Active Directory.
Admin rights are not required to run the system, the PC requires Google Chrome or IE9+. Pop-up blockers must be disabled for SCR.
IE9+ and Google Chrome are not supported on Windows XP. Windows XP is also no longer supported by Microsoft and should not be used.
The system makes no use of the Windows Registry.
The system can export data to various file formats including Word, Excel, XML and CSV files which can be saved to the local machine or other designated area, the user is in full control of the creation and saving. The application does not store temporary files on the local machine.
Users are assigned a single username and password to access the system. User activity is restricted by cancer type and role. All cancer types can be viewed, but only where the user has been given permission can data be entered or modified. Access to reports, downloads and administrator functions are also limited by role.
No, however the system will not permit last password reuse.
Passwords can contain upper and Lower case characters, numbers and special characters if defined in the local .net password policy.
The requirement can be configured in the local .net password policy - normally this would be set to 60 days or less. When logging into the system after the password has expired a user cannot proceed until their password has been changed.
A user's access can be restricted to read only at any time. When a user is deleted the record is marked as deleted without actually deleting the record. It would be possible to terminate a record for a time, but at present would require a local Administrator with database access to reinstate the user.
User can be added at any time, where a record is deleted it is only marked as deleted and hidden. This is carried out to maintain database integrity. User tables are maintained locally.
Users have access to change their passwords at any time.
After a preset period of inactivity the user is given a 10 minute warning then timed out. If the user clicks a button after this or tries to move on they are automatically taken to the login screen.
Yes, by cancer type and role.
The SCR is deployed with a Test and Live environment; the test environment can be used for training or testing.
A generic test environment is accessible from the SCR website and is upgraded prior to a version release. If required the organisation's test environment can be upgraded prior to the live environment at the request of the Main/IT lead.
Please refer to Infrastructure Requirements document
As per organisation IT policy
As per organisation IT policy
The application uses a single SQL username and password to connect to the database from the application server. This is via an ADODB .net connection between IIS and SQL servers.
There is just a single SQL username for connection between IIS and SQL servers.
It is the purchasing organisation's responsibility to ensure there is a suitable database maintenance plan in place and to monitor disk space on the server.
At present there is no requirement for email integration.
As a minimum two per year - however Taunton & Somerset NHS Foundation Trust IT Services commits to meeting ISN requirements.
Upgrades are carried out using remote access, at a time agreed with the organisation's nominated Main and IT leads. This is to ensure a database back up has been carried out by the organisation prior to the upgrade and users are notified of system downtime.
We normally allocate a morning or afternoon time slot (with agreement of the organisation) but some organisation request to be upgraded outside of usual working ours (After 18:00 on weekdays or at weekends). An upgrade usually takes up to 1 hour and leads are notified via email once the upgrade is completed.
The system makes no use of Java.
The system is developed fully in 32bit code.
The system does not use DOS components.
The system runs in a web browser and makes no use of local system variables.
All user configurations are administered from the servers.
Users will be required to re-connect following any loss of network service. There shouldn't be any administrator action required.
If the client PC loses power or network connectivity then any unsaved changes will be lost. The user will be logged out. The user can log back onto the system when it is available and continue working normally. There are no session locks or other impediments that would require administrator intervention to re-enable users following a system failure.
There are no continually running components. The application starts when the first user connects and closes when the last user disconnects.
There are no interactive applications.
A demographic interface is required to 'pull' the patient demographic / GP details but other interfaces can be achieved and are the responsibility of the procuring organisation.
It is good practice for users to be disconnected before taking a backup. We would normally suggest backups are carried out overnight to minimise the need to disconnect users.
SCR has become a business critical system; therefore we would recommend a minimum of daily backups carried out overnight. However the backup of the system is the responsibility of the purchasing organisation.
The application does not interact with the backups at this level. It is the organisation's responsibility to back up the database; we do not have a specific requirement for how this will be performed.
The purchasing organisation is responsible for setting up a maintenance plan on the database to maintain the integrity of the data. At a minimum we would suggest an integrity check is carried out weekly as well as the truncation of the transaction log on a weekly basis.
Taunton & Somerset NHS Foundation Trust IT Services has not tested the system with this form of backup.
We recommend that a local maintenance plan is set up for the database that will truncate transaction logs and check the integrity of the database and backup the files to a network location. Database files can then be backed up to tape according to local organisation policy.
This would depend on the backup technology used. However using the SQL maintenance tools these can simply be run as scheduled jobs on the server.
This should be carried out by SQL Server Management Studio.
This is dependent on maintenance plan used.
Yes, as data is entered into the system the file sizes will increase.
This is not currently supported.
Restore is the responsibility or the purchasing organisation. The organisation's IT team needs to adhere to the local policy on restoring a database.
Backups are a responsibility of the purchasing organisation and there are no problems in backing up the database as part of normal local backup routines.
There are no scripts required.
All backups are managed locally by the purchasing organisation's IT department. We suggest that a backup takes place prior to version release and for this we will contact the nominated Main and IT leads to arrange a suitable time for both parties to achieve the upgrade. The SQL database needs backup and the frequency of backups needs to be determined locally. It is also helpful to back up the IIS folder containing the front-end files; this will facilitate your disaster recovery and a copy can be taken following a version upgrade.
Backups are the responsibility of the purchasing organisation.
The procuring organisation's IT department is responsible for this procedure. Normally you would restore the latest copy of the database from your backup media. The application files would need to be restored from their latest copy on the backup media. Taunton & Somerset NHS Foundation Trust IT Services can issue additional copies of the database in an emergency should you have total failure, as an organisation you can then restore using your latest back up.
The system uses normal HTTP messaging over a TCP/IP network. The system can also run over an HTTPS connection.
Yes, this is now part of our contract and includes the following messages:
The Cancer Referral type is required from your PAS system to enable only cancer referrals to come into SCR. Further interface development will incur an additional charge to organisations.
Our customer support team are contactable on 0300 323 0066 or they can be emailed via CancerReg@tst.nhs.uk. The team are knowledgeable about the application, but if they are unable to answer your call, it will be passed to the relevant team to deal with. All calls are tracked and monitored to make sure we meet our response times and contract obligations. We are second line support and deal with named leads for your organisation.
For new organisations implement the system, we run a core Train the Trainer session for a maximum of 12 people (2 sessions with a maximum of 6 delegates per session). The customer may forego the latter training session and replace this with a day of on-site live support and coaching once a go-live has been agreed.
Once a customer is live with our system, monthly open sessions for individuals to attend are held frequently for core and additional modules. Refresher training can be organised on a per customer basis for a maximum of six delegates. We also provide bespoke training at the request of our customers.
We have a comprehensive selection of 'How Do I? Guides', User Guides and Audit Mapping Guides. There is a Learning Management System which provides various eLearning modules with assessments and Certificates of completion available. There are also several 'How Do I? Videos' on various aspects of our system and a new video is produced in line with new features for every release to our product. Our Learning Management System is available 24 x 7 and does not require an N3 network to be accessed.
All data can be edited provided the user has the appropriate access rights. Records added, updated and deleted are recorded in an audit table, along with username and date/time.
The audit trail is held in the database and it contains:
The audit trail is record level; it does not include changes made to particular fields.
The audit records are maintained for the life of the system.