TEFOGO LTD

Compassly

Compassly is an app for defining, assessing and reporting the clinical competencies of healthcare professionals quickly and easily in an app, helping ensure the highest levels of patient care.
It acts as a clinical competency passport for individuals, and allows collaborative competency libraries shared between multiple healthcare providers or systems.

Features

• Quick and easy app, consistent across iOS, Android, web
• Configurable competency libraries, sharable across organisations
• Rule-based job descriptions to map skills to roles
• Upload documentary and photo evidence, with manager reviews
• Fully secure, including biometric login on mobile devices
• Document reference library for learning and policy material
• Configurable reporting dashboard plus live in-app reports
• Work across multiple organisations with a single login
• Powerful self-service management for administrators
• Re-usable components for consistency and clarity

Benefits

• Save staff time and effort on competency assessments
• Motivate and retain staff with the right competency portfolios
• Ensure full workforce competence for patient safety and experience
• Provide leadership assurance of compliance across the organisation
• Empower managers with simple team oversight and management
• Flexibility for competency assessments to match each workforce’s needs
• Secure, consistent and reliable evidence of competencies for regulators
• Simple to use - deploy the solution easily and quickly
• Eliminate time wasted repeating competency assessments when staff move
• Develop and share skills across different, collaborating organisations

£1.50 to £3.50 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@compassly.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

110655381093440

Contact

Compassly team
07928287535
info@compassly.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Support may be limited on non-UK Android hardware / software, or UK devices with non-standard screen implementations (resolution, aspect ratio, size etc).
• System requirements:
  • Internet access, including whitelisting compassly.com domain
  • IOS supports two most recent OS versions
  • Android OS supports four most recent OS versions
  • Modern Web Browser running recent version
  • Mobile devices can’t be rooted or jailbroken
  • Some app functionality requires camera & granted permissions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday-Friday 9am - 5pm UK time. ; Our response times are 1 hour to 1 day depending on the severity of the query.; Weekend and public holiday queries are responded to on the next business day.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Basic ongoing support is included in the service subscription and not charged as a separate item. ; Premium support may be applied depending on the agreed financial terms in the commercial contract.; Implementation support levels and costs are agreed separately as part of commercial terms.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our implementation approach is built around the needs of the customer and their users, and this will be scoped and agreed pre-contract as an implementation package.; ; An implementation package can consist of any combination of on-site training, remote live training, access to pre-recorded training videos and published materials. Support information is also available within the Compassly application itself.; ; The implementation package will also cover configuration of Compassly ahead of implementation with users, and different levels of support for this phase are available too.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Available within the Compassly application
  • Directly available on the Compassly website
• End-of-contract data extraction: End-of-contract data extraction can be agreed at the start of the contract upon request.; Our standard extraction provision is through flat file CSV extracts - as organisations can access this through the BI dashboard, they are able to download this data whenever they choose.; Individuals will be able to retain access to their competency passports and underlying competencies through their own personal login beyond the end of the contract.; We can also arrange for bespoke JSON extracts of the data for organisations.
• End-of-contract process: Contract includes de-provisioning of active users, job descriptions and competencies, and confirmation of service close; Note that as users will retain their personal competency passports, the records that relate to them as individuals will be retained by them.; Any bespoke data migration activities would be subject to additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are minor differences between the mobile and desktop service - for example iOS/Android biometric login is not available on desktop services, and Business Intelligence dashboard functionality is limited on mobile applications.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our mobile app and web portal is GUI driven. It’s intuitive and easy to use both for beginners as well as advanced users.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We have worked extensively with a specialist IAAP assessor to test the accessibility standards of Compassly
• API: No
• Customisation available: Yes
• Description of customisation: Compassly allows for extensive customisation including job descriptions and rules, competency libraries, reference material and ; some specific corporate terms. Reports can be customised through the business intelligence platform.; Much of this customisation can be done by local administrators, although some is reserved for support by system administrators.; Users are also able to customise elements of Compassly, either directly through the app (e.g. dark mode) or through its response to OS customisation (e.g. text size)

Scaling

• Independence of resources: We host our server application on AWS cloud, which supports auto-scaling functionality depending on the load of the system. We can run multiple same type applications in parallel to process all the incoming requests and satisfy the demand.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide service metrics on the key measures for Compassly, including new users joining, job descriptions assigned, competencies and stages of competencies completed, supervisory workload by supervisor.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users are able to export their data in CSV format, subject to organisation access permissions. This is through the BI dashboard.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Users can upload evidence of competency documentation (PDF, Image)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We offer 99.5% availability for each month excluding scheduled maintenance periods which is completed outside of UK business hours. ; Any refund policy will be subject to specifying in the commercial contract.
• Approach to resilience: Our service is built on top of AWS cloud infrastructure that provides tools to build resilience applications, which includes (but is not limited to) multi availability zones within a region, load balancer to re-route traffic, auto-scaling to quickly add more instances to meet the traffic demand, database snapshot backups.; Further details on the AWS risk & compliance framework are available on request.
• Outage reporting: In case of unplanned outages, we notify primary contacts within the customer organisation by email. Users will also be informed by a status screen within the app.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Our system implements Role Based Access Control. We restrict access based on user’s roles and permissions. We have a granular way of granting access to different areas of the system based on permissions. We also restrict access to some features based on role seniority.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have aligned our internal governance processes to both the NHS DSP Toolkit and ISO27001 best practices, with ownership of security governance at the executive level.
• Information security policies and processes: We have based our information security policies on the template standards used by NHS Digital as part of the DSP Toolkit.; All policy compliance is monitored within our internal knowledge system as part of standard business processes and reporting.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a backlog of all planned changes including features, bug fixes and improvements. It all then goes through project planning, product development and delivery to market. This way we can have a full history of all changes of the product and system.; ; Continuous Integration, Continuous Delivery and Test automation is in place to ensure repeatable, consistent and robust deployment. Changes are tested in staging environment before pushing to production and production deploy requires approval of authorised staff. ; ; As part of the release pipeline changes are assessed for potential security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We constantly monitor and assess potential threads as part of our release lifecycle. We keep all the software and third party libraries up to date in order to prevent any potential security threads.; ; Our cloud provider AWS handles all the infrastructure related management, security patching, and updates. ; ; We deploy a patch as part of our 2 week sprint release cycle but if there is anything serious we can deploy a backend patch in minutes and mobile app update up to 48 hours (subject to Apple Store and Google Play approval time).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified based on multiple sources including logging and various monitoring tools. Our main goal is to prevent potential compromises before they becomes real, but in the case of a compromise we would start a thorough investigation to understand the scope and severity of the incident. All the serious incidents are escalated to CTO and reported to customers if needed. ; ; Target resolution time for high severity incidents is up to 24 hours, although this is dependent on the nature of the incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents by email, but in case of emergency users can also call us directly. All incidents are recorded and assigned severity levels. Our response then depends on the severity level, for the lower level incidents we will then handle in the following development cycle, and for higher level we prioritise the issue and fix it immediately. All affected parties are notified upon resolution.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Although Compassly is not a solution directly designed to reduce the impact of climate change, we believe it can offer a small contribution by reducing the level of paper processes involved in competency assessments. This is not insignificant, with each hospital printing tens of thousands of competency assessment pages every year. The lifetime impact of producing, printing and then securely disposing of this paperwork adds up.; Tefogo ourselves look to manage our company in a way that supports the drive towards net zero, with tangible steps like hosting with AWS (who are targeting reaching carbon neutral operations in the next few years), mandating public transport unless there is a specific exception, and supporting staff in using carbon neutral electricity when working from home.

  Covid-19 recovery

  Compassly was born out of the impact of COVID-19, and supported by an InnovateUK as part of the COVID recovery plan. In supporting the workforce to develop skills that can be recognised across healthcare, Compassly supports new ways of working and helps build resilience in the healthcare sector.

  Tackling economic inequality

  Compassly helps support the training and development of staff who have not traditionally found it easy to have vocational skills recognised and built in a way that can help develop their ongoing professional development and careers. For example, Healthcare Support Workers / Healthcare Assistants develop many of skills vocationally on the wards, and can become highly skilled at those tasks, but do not hold the formal qualifications of nurses or other registered healthcare professionals. Compassly supports these skills being formally assessed and recognised across organisations.

  Equal opportunity

  One of the advantages of using Compassly for skills assessment, is that it both allows clear performance criteria to be set for specific skills and provides detailed data on the assessment of those performance criteria. This is important in ensuring equal assessment of all relevant staff, including those from disadvantages groups, who may previously have been discriminated against through intentional and unintentional bias where no clear records were kept or analysis carried out of assessor performance and bias.

Pricing

• Price: £1.50 to £3.50 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We have two free trial options available:; - Access to a generic demo setup; - Setting up a specific pilot, with a small number of locations, users and competencies; Both are time-limited (typically 1-3 months)

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@compassly.com. Tell them what format you need. It will help if you say what assistive technology you use.