Healthroam Remote
Healthroam Remote is our Always-On remote access VPN service that provides reliable, encrypted connectivity to HSCN systems and services. Our industry leading cloud-based VPN service is trusted, connected and flexible with a seamless Single Sign-On user experience.
Features
- Fully managed cloud-based SaaS Remote Access VPN
- Resilient connectivity to clinical and other HSCN systems
- Seamless user experience with NHSMail authentication as standard
- Integrate with any existing cloud provider for Single Sign-On authentication
- Admin Dashboard for real-time visibility
- Historical reporting available on request
Benefits
- Rapidly deploy our simple, easy to use remote access service.
- Deliver HSCN connectivity to all staff quickly and efficiently.
- Reduce operational overheads with our fully managed SaaS-based VPN service.
- Add operational resilience to your existing remote access solution.
- Customise solution based on individual service requirements.
Pricing
£2.16 to £12.00 a licence a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 0 7 5 0 2 5 7 4 4 3 4 9 2 6
Contact
HEALTHROAM LTD
Simon Lane
Telephone: 0208 3740935
Email: connect@healthroam.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- Healthroam Remote is supported on Windows and MacOS operating systems as standard. Bespoke support arrangements can be offered for iOS and Android devices should this be required.
- System requirements
-
- Windows 10/11 and above operating system
- MacOS operating system
- Intel processors supported
- ARM processors supported e.g. Apple M1/M2
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response time for Informational requests is 48 hours (Mon - Fri Only) as per the SLA.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Standard Support Level
Healthroam Remote service operates throughout UK core business hours of 9am to 5pm Monday to Friday. Contactable by telephone or email Support@healthroam.co.uk
Outside of UK core business hours a Healthroam support ticket can be automatically raised via email Support@healthroam.co.uk providing full information in relation to the support required.
As per SLA our Standard Support Level provides the following:
Outage/Critical (P1) - Response time 1 hour
Urgent (P2) - Response time 2 hours
Monitor (P3) - Response time 8 hours
Informational (P4) - Response time 48 hours - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Full setup and user guides are provided to the user upon commencement of the service. The client software is simple to setup, the user can choose to install themselves or via their IT support provider. Guided setup and training can be provided upon request at no extra cost.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- At the written direction of the Client, Healthroam must delete or enable the return of Personal Data to the Client on termination of the Agreement unless Healthroam is required by Law to retain the Personal Data. The Client may retrieve its Personal Data at any time.
- End-of-contract process
-
On termination of the Contract:
(a) Healthroam shall cease provision of any services still being provided under the Contract;
(b) Each Party shall return and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other Party;
(c) Healthroam shall submit invoices for any services that it has supplied, but for which no invoice has been submitted, and the Client shall pay these invoices, if undisputed, within the Payment Term; and
(d) The Client shall pay any outstanding undisputed invoices within the Payment Term.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Healthroam Remote client software is supported on Windows and MacOS as standard. Bespoke support can be provided for iOS and Android devices requiring alternative client software, authentication and setup process.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- No
- Customisation available
- Yes
- Description of customisation
- Healthroam Remote authentication can be customised with any cloud-based Single Sign-On(SSO) service. Our Remote service is integrated with NHSMail as standard for authentication however any healthcare SSO directory can be used. This customisation is performed by us prior to commencing the service, certain directory settings are required to be configured by the customer's IT support.
Scaling
- Independence of resources
- Healthroam core infrastructure is continually monitored. Capacity demands placed on the Remote service are measured in real-time and any events that exceed applied thresholds are alerted and reported. Any additional capacity requirements are remediated prior to any service impact.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Number of user connections
Number of licenses used/unused
Usernames connected
Other customisable metrics are available on request
Available both real-time and historical. - Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
-
At the written direction of the Client, Healthroam must delete or enable the return of Personal Data to the Client on termination of the Agreement unless Healthroam is required by Law to retain the Personal Data. The Client may retrieve its Personal Data at any time.
Personal Data is returned where practicable in the format and method requested by the user. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- Txt format
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Healthroam shall in all cases use reasonable endeavours to achieve any SLA stated to apply to services provided in the Contract. If a Service Credit is stated to apply in the Contract then such Service Credits shall be the Client's full and exclusive right and remedy, and Healthroam's only obligation and liability, in respect of the performance and availability of the services set out in the Contract.
If Healthroam fails to meet the applicable SLAs where an associated Service Credit is stated to apply in the Contract in respect of any of the services, then the Client may be entitled to such Service Credits as stated in the SLA as a credit against subsequent Charges.
The maximum Service Credits payable in respect of any failure(s) to meet the applicable SLAs in any one month shall be capped at 100% of the total monthly Charges.
Healthroam shall not be responsible for any failure to meet any SLA, nor for the failure to deliver any services, where such failure is caused by any Planned Maintenance carried out. - Approach to resilience
- Information regarding Healthroam Remote service resilience is available on request.
- Outage reporting
-
Healthroam core infrastructure is continually monitored. Healthroam undertakes to report to its Client’s details of the following incidents using the correct details provided by each client.
Each notification will include the Healthroam ticket ID, which needs to be quoted by the client’s personnel or representatives when following up on the reported incident.
The client remains responsible for onward communication of any incident.
- Core Infrastructure
- Application security incidents, software updates or bug fixes
- Health & Social Care Network
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- All management interfaces to Healthroam core infrastructure are restricted out-of-band and secured behind firewalls. All admin accounts for accessing management are secured in accordance with Cyber Essentials best practices.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- DSPToolkit
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- Cyber Essentials
- Information security policies and processes
- Healthroam is required to process Personal Data only in accordance with the terms & conditions specified in the applicable Contract, unless legally obligated to do otherwise. Healthroam must have Protective Measures in place, ensure its personnel only process data in alignment with the agreement, protect the data against unauthorized disclosure or transfer, and delete or return Personal Data to the Client upon contract termination, unless retention is required by Law. Additionally, Healthroam is subject to notification requirements in case of Data Subject Access Requests, data rectification or erasure requests, complaints, and Data Loss Events, providing the Client with prompt assistance and required information. Audits of data processing activities are allowed, Healthroam must designate a Data Protection Officer if required, and follow specific procedures before engaging sub-processors.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Configuration Management Process:
- Baseline configuration and use version control.
- Submit formal change request and thoroughly test in non-production environment.
- Update configuration documentation whenever changes occur.
Change Management Process:
- Submit change request.
- Assess the security impact considering factors like confidentiality, integrity, and availability.
- Identify potential risks, security vulnerabilities, service disruptions, compatibility issues and assign a risk level (low, medium, high).
- If approved, implement following the established process inc. communication, monitoring and rollback plan.
- After implementation, validate the change in a controlled environment.
Update documentation and communicate the change to relevant teams and end-users. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Healthroam assesses threats to services regularly, conducting vulnerability scans on service components and monitoring threat intelligence feeds such as Cisco Talos. These provide information about emerging threats, zero-day vulnerabilities, and attack patterns.
Healthroam also undertakes regular penetration testing on core infrastructure as part of security best practices.
Healthroam maintains a centralized repository for patches prioritized based on severity (critical, high, medium, low). All patches are first deployed in a testing environment to ensure they don't cause service disruptions.
Several information sources are monitored for potential threats including CVE and NVD databases, vendor notifications and HSCN Data Security Centre. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Healthroam's processes for identifying potential compromises include log review and analysis of security components. Monitoring threat intelligence feeds such as Cisco Talos for emerging threats, zero-day vulnerabilities, and attack patterns.
Healthroam's response to any potential compromises is to isolate the affected system immediately to prevent further spread. Conduct a forensic investigation to determine the scope of the compromise. Collect evidence, identify the attack vector and notify relevant stakeholders about the incident.
Healthroam is able to quickly respond to an incident using pre-defined steps and automated alerts to trigger immediate action, contain the incident, eradicate the threat and restore affected services. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Healthroam's incident management process includes pre-defined steps and automated alerts to common events. Classifying incidents based on severity and escalating to appropriate level as per the recorded escalation matrix.
Users can report incidents via Healthroam support email or phone line triggering an automated support ticket providing full information.
Following investigation and closure of an incident a full summary report is provided detailing what happened, actions taken and preventive measures.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
Covid-19 recoveryCovid-19 recovery
The COVID-19 pandemic has significantly impacted communities and economies. Delivering Social Value initiatives can aid in the recovery process.
Healthroam actively creates employment opportunities for those left unemployed due to Covid-19. Also prioritising the physical and mental health of people affected implementing standards from the Mental Health at Work commitment to support the workforce.
Exploring innovative new ways of working and delivering services that align with the changing landscape post-COVID-19 inc. remote working solutions and sustainable travel options.
Healthroam Ltd’s efforts align with several Sustainable Development Goals, including:
Goal 1: No poverty
Goal 3: Good health and well-being
Goal 8: Decent work and economic growth
Goal 11: Sustainable cities and communities
Goal 17: Partnership for the goals
Pricing
- Price
- £2.16 to £12.00 a licence a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- The free 14 day trial includes a single license to access the Remote service. This trial is available for NHSMail accounts only. Customer to provide the NHSMail account for the trial.