Synanetics

INTERWEAVE Shared Care Record Platform

INTERWEAVE is a cloud-first, web-first, HL7 FHIR based, massively scalable, secure by design, micro-services based shared care record platform with a federated architecture, designed by clinicians and care workers, for use by health and care professionals. It is uniquely owned and developed as an NHS asset.

Features

• Shared Care Record Architecture consultancy
• Project management
• Support for organisational onboarding
• Platform configuration services
• Deployment of local data adapters
• Integration services
• Shared care record training
• Security monitoring and response
• Performance optimisation
• Incident management

Benefits

• Minimises time to deploy a regional shared care record
• Ensures data is shared in a clinically safe manner
• Minimises time to assemble a regional shared care record
• Ensures cost effective operational model consistent with business requirements
• Ensures platform scalability
• Aligns operational costs with usage
• Expands scope of regional interoperability ambitions
• Compresses cycles from idea to delivery encourages innovation

£3.85 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.cook@synanetics.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

116453350876815

Contact

Paul Cook
07570576534
paul.cook@synanetics.com

Service scope

• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times depend on the priority of the request: Emergency: 1 hr anytime High: 1hr 9am-6pm weekdays Normal: 1 working day Low: 1 working day. Support is offered as a 24x7x365 service
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We offer a fully managed service desk and ITIL service management package. All customers are assigned a technical account manager who is accountable for the delivery of the service. We offer a single standard level of support. This provides access to 24x7 using a variety of contact mechanisms. The priority of support issues is determined by our customers and we measure our response and resolution times of requests and incidents. Performance indicators are reported back to our customers through monthly service review meetings. Our standard service package can be tailored to individual requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Offer full onboarding service
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: INTERWEAVE does not store any active Patient Identifiable Data. Audit logs can be extracted and maintained
• End-of-contract process: The service is offered under a partnership model; should a partner wish to exit the partnership, terms would be agreed with the INTERWEAVE board , which consists of NHS organisations only.

Using the service

• Web browser interface: Yes
• Using the web interface: Access to the INTERWEAVE platform. Onboarding and admin/configuration also available through a dedicated admin portal
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: We aim to be at least AA compliant following Web Content Accessibility Guidelines (WCAG) 2.1 and test to these guidelines
• API: Yes
• What users can and can't do using the API: The APIs are used to connect 3rd party systems
• API automation tools:
  • Terraform
  • Other
• Other API automation tools: Terragrunt
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: INTERWEAVE is deployed as tenancies and scaling is fully automated
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Google Cloud Platform core service offering
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Data bases
  • Audit Logs
  • Application containers
• Backup controls: INTERWEAVE is offered as SaaS solution, so all back ups are included with the service.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: INTERWEAVE is hosted in GCP - 99.5% availability is guaranteed
• Approach to resilience: The INTERWEAVE platform follows a high availability model, additional services can be supplied on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Based Access Control
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow and apply GDPR, ISO, CIS & NIST standards
• Information security policies and processes: ISO, NIST, GDPR

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All changes are subject to board approval and tracked using robust change management and audit process
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Active scanning on all infrastructure and application components; findings are prioritised according to levels of severity. Patches can be deployed within hours.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Active monitoring on the infrastructure, alerts are dealt with upon receipt. Response is according to documented security governance processes. Response will be handled within published severity guidelines.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report and classify severity of incidents, either via the web-based ticketing system, by email or by phone. Incident reports are provided to meet customer requirements (both in format and cadence).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Google Cloud Platform (GCP)
• How shared infrastructure is kept separate: We use a tenancy model for each customer

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: All of our projects utilise public cloud infrastructure, with Google Cloud Platform (GCP) being our preferred provider; alternatively Microsoft Azure is chosen. Both of these global corporations have published commitments to be carbon neutral or carbon negative by 2030 (Google:; https://sustainability.google/operating-sustainably/net-zero-carbon Microsoft:; https://www.microsoft.com/enus/corporateresponsibility/sustainability/report) and so, by taking the active decision to supply our services using these infrastructure offerings, Synanetics is able to ensure that our services adhere to the EU code of conduct for energy-efficient datacentres.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  Synanetics is committed to achieving Net Zero emissions by end of financial year 2040. Synanetics is a knowledge business; it has no manufacturing, distribution or retail operations. All staff are home-based and we have no vehicle fleet. We have no staff catering services and no International operations. Our sole office location is in Leeds city-centre, 5 minutes’ walk from the mainline station. All staff are encouraged to use the train when attending the office. All employees are given home based contracts and in person meetings are held on an exceptional basis, minimizing travel. Our landlord employs Ashdown Phillips & Partners as facilities management provider and that business ensures that environmental issues are at the heart of their operation. Ashdown Phillips are Planet Mark Accredited, Living Wage Accredited and are members of the Better Buildings Partnership. Their teams have won numerous sustainability awards which include: Green Apple, SCEPTRE and CSR Awards.; Wherever possible, our staff deliver their work remotely; less than 1% of all of our chargeable engagements require in person meetings. Typically, our projects utilise public cloud infrastructure, with Google Cloud Platform (GCP) being our preferred provider; alternatively Microsoft Azure is chosen. Both of these global corporations have published commitments to be carbon neutral or carbon negative by 2030 (Google:; https://sustainability.google/operating-sustainably/net-zero-carbon Microsoft:; https://www.microsoft.com/en-us/corporate responsibility/sustainability/report) and so,; by taking the active decision to supply our services using these infrastructure offerings, Synanetics is able to ensure that the most power intensive and therefore carbon intensive elements of our business operations are addressed and reduced. Ultimately, Synanetics already has a very small carbon footprint, but our focus on measures which minimise levels of carbon production mean that we will be Net Zero by 2040 at the latest, but an earlier date of Net Zero by 2030 is achievable as a stretch target.

  Tackling economic inequality

  Synanetics is a Small and Medium Sized Business (SME) and we recognize that our ability to make significant contributions to the themes around Tackling Economic Inequality are necessarily constrained by our size. As a knowledge business designing and supporting solutions used across NHS customers, all job roles demand high-levels of education, knowledge and experience of programming and high levels of demonstrable problem solving abilities so that the engineering principles which deliver the company’s ongoing success are maintained as we expand. The majority of our solutions are delivered as hosted and managed services, using either Google Cloud Platform (GCP) or Microsoft Azure and therefore we do benefit from the industry leading commitments and behaviours which these global corporations enshrine in their corporate ethos. However, we clearly understand that we need to be pro-active and can confirm that our business is committed to the concept of behaving as a good corporate citizen; therefore we embrace issues pertaining to social value. Synanetics continued growth and expansion by definition supports new businesses, creates new jobs and develops new skills. ; Our ongoing appraisal process, together with a culture of continuous professional development, means that our clear ambition is for employees to expand their knowledge and experience, which in-turn drives our ability to meet and exceed customer expectations. ; With regards to the Real Living Wage (as specified by Living Wage foundation) Synanetics can confirm that all of our roles pay significantly more than these rates.; Because of the size and scale of Synanetics operations, it is fundamentally important that ongoing focus on the viability of our projects is maintained throughout the life of the contract. All projects are reviewed on a monthly basis and so, should the resources planned and allocated to a project fall out of expectations, it will be reported, managed and rectified.

Pricing

• Price: £3.85 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.cook@synanetics.com. Tell them what format you need. It will help if you say what assistive technology you use.