CCube Solutions

CCube Cloud

The CCube Cloud Solution is largely intended to replace the high volumes of paper documents that move around a given organisation, enabling current practices with manual filing to be ended. Instead, documents (files) will be stored and retrieved electronically, and can be driven via workflow.

Features

• Securely manages and delivers electronic records at point of care
• Highly scalable data architecture – for data volumes and users
• Supports a wide range of file and content types
• Fast easy access to electronic records supports role-based access
• Viewer provides easy, intuitive access to multi-page documents
• Access directly in ‘native’ mode or integrate with existing systems
• Fully integrated e-form and workflow
• Easily accessed via standard web-browsers where and when needed
• Full audit trail maintained of all access to electronic records
• Includes facilities for creating new patient information

Benefits

• Efficiency savings as electronic records accessed quickly and easily
• Multiple user access to same records concurrently, regardless of location
• Greatly reduces staff, storage and transport costs to manage records
• Records can be shared more easily across and between organisations
• Service and process re-design enabled as physical records removed
• Easily deployed across an organisation – minimises implementation costs
• Intuitive interface minimises training needs
• Rapid implementation optimises ROI
• Supports compliance with data management standards such as BIP0008
• Secure access, greater compliance with Governance and data protection legislation

£11,250 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at henry.francis@ccubesolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

118893285394381

Contact

Henry Francis
01908677752
henry.francis@ccubesolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance arrangements will be agreed with customers to minimise any impact to their usage of the service.
• System requirements:
  • Linux 64 bit OS
  • Min 1 GB memory (recommended 8 GB memory)
  • Min 50 GB storage
  • Access to SQL Database

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour of receipt.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a 24x7x365 days per year Service desk software that enables issues to be logged. This Service desk is monitored out of hours. Support is offered weekdays from 08:30 to 17:30. We manage a central, UK based Help Desk and Call Logging facility which is web based and accessible to customers – each customer has an account setup within this facility for logging calls and for monitoring their progress. The on-line help desk facility is available on a 24/7 basis. Monitoring of calls received takes place during extended normal hours, ie. between 8.30am and 17.30. Call monitoring outside these hours is available on an agreed basis.; ; We provide direct Technical Support, including:; • call receipt; • call screening; • incident reporting and tracking; • search problem databases and resolve documented problems; • installation assistance; • problem isolation; • problem resolution.; All calls are logged and information on issues and their resolutions held within our on-line call-logging facility which is accessible to customers. This in turn provides a knowledge repository. The service also includes an internal error log facility as well as a full audit trail.; ; We provide a technical account manager to each customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite or remote training (Train the Trainer is the favoured approach), video tutorials, webinars, to setup of service. User documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Via API, database extraction (dump).
• End-of-contract process: At the end of the contract, assuming that the customer does not wish to renew, the customer extracts their data from the service and we, in agreement with the customer, delete all data records held. This is included in the price of the contract. Any additional requirements that the customer may have, may be subject to an additional fee.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between mobile and desktop service, other than screen size.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Create, Delete, Modify documents and database items within the service.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Branding of the service for users is also possible. Re branding would normally be carried out by a System Administrator/Super User.

Scaling

• Independence of resources: Service automatically scales out to accommodate increased user load and storage.

Analytics

• Service usage metrics: Yes
• Metrics types: Logging of changes made, documents created, modified or deleted, system level audit trail and application level logging.
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Via API, database extraction (dump).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Minimum 99.95% service availability - Unavailability applies to existing VMs that become unresponsive due to a fault recognised at the IaaS layer or below, that is, the fault is within UKCloud-controlled components, such as the physical host availability, storage, power and internal networking such as physical firewalls and routers.
• Approach to resilience: Multiple secure UK data centres separated by more than 100km and connected by high-bandwidth, low-latency dedicated connectivity.
• Outage reporting: Proactive monitoring, 24 hour staffed NOC

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Role based security within the service.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Ltd
• ISO/IEC 27001 accreditation date: 08/09/2023
• What the ISO/IEC 27001 doesn’t cover: All aspects of our service are covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Platform optimised for OFFICIAL and OFFICIAL-SENSITIVE data and fully aligned to the National Cyber Security Centre (NCSC) 14 Cloud Security Principles.
• Information security policies and processes: Platform optimised for OFFICIAL and OFFICIAL-SENSITIVE data and fully aligned to the National Cyber Security Centre (NCSC) 14 Cloud Security Principles.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management and configuration management is undertaken at 3 levels, first by development team during coding, then by development team and CTO on predeployment server, finally on locally hosted live server. Once passed all stages it is deployed to production installations.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Vulnerabilities are identified and the risks of these vulnerabilities are evaluated. This then leads to correcting the vulnerabilities and removing the risk or formal risk acceptance by the organization. Vulnerability scanning is carried out, consisting of using software to identify vulnerabilities in networks, computer infrastructure or applications.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Protective Monitoring provides visibility and an understanding of who is accessing sensitive data.The Protective Monitoring system is used to ensure that there is a level of operational insight, to ensure that we have an understanding of how the systems are being used or abused by internal or external agents.
• Incident management type: Supplier-defined controls
• Incident management approach: Issues/problems are raised via our Service desk facility Zendesk, the call is assigned to 1st line support, who will perform a base level diagnosis of the issue. If they can fix the issue the call will be closed. If not, they will gather as much information and assign the call to second line support, who will then look more deeply into the issue. If the issue is deemed to be with the core code this will be passed onto the Development manager. At every stage the Customer is updated with what is happening to the call.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Social value is truly embed into CCube Solutions business. Our attitude and approach is about working towards a culture whereby social impact is created naturally and fluidly. Some of the Social Value initiatives that we can provide to Customers include:; • Reducing carbon footprints; • Improving working policies; • Participating in Fairtrade; • Diversity, equity and inclusion; • A very active User Group where all users can discuss ideas and matters for improvement in their working practices; • Corporate policies that benefit the environment; ; Principles of our Social Value to customers include:; • Involving stakeholders. Informing what gets measured and how this is measured and valued in an account ; • Understanding what changes; • Valuing the outcomes that matter; • Being transparent; ; The scope of each contract and buyer expectations differ widely so it is important for us to familiarise ourselves with local social value priorities to ensure that our commitments reflect them as each customer has its own unique socio-economic challenges which they look for to be addressed:; From an economic point our offerings:; • Create jobs for local people; • Assist customers in progressing towards paying a living wage; • Use local suppliers and support a local supply chain; • Invest in local SME businesses; • Providing training schemes; From an environmental stand point our solutions provide the following:; • Reducing energy and fuel consumption in the provision of the contract; • Minimising waste through re-use and recycling; • Using environmentally friendly goods to minimise pollution; • Saving energy e.g. using energy efficient lighting and equipment; • Sustainability considerations incorporated into our supply chain; The social impact of our offerings include improving the health and wellbeing of employees and championing ethical supply e.g. Fair Trade.

Pricing

• Price: £11,250 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at henry.francis@ccubesolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.