The Access Group

Access CM - Electronic Care Monitoring, Management and Scheduling

The CM platform is the award-winning software at the heart of our services to Local Authorities & Community Health customers. It’s used by over 95 Councils for 1) a single workforce/care management solution to run "in-house/internal" care services; 2) to manage quality, risk and payment calculations for community based Providers.

Features

• Scheduling/rostering of community base care workers
• Mobile app for care workers providing diary & care records
• Full digital care records with eMAR medication & digital forms
• Real-time visit monitoring of care workers using landline or mobile
• Calculation of mileage, expenses, payroll, invoices
• Quality, risk & capacity management of care providers
• Billing arbitration between commissioned, planned & actual delivery
• Reporting, dashboards and business intelligence
• Outcomes based monitoring/management of care delivery
• Fully hosted, SaaS, 24/7/365 technical support

Benefits

• Workforce management automation / efficiencies
• Automation of schedule/roster creation
• Reduction in travel costs, office administrators
• Real-time visibility of care delivery , missed visits, visit length
• Administration automation/savings of payroll, expenses & billing calculations
• Increased care service capacity from same care workers
• Secure full digital care records available on mobile/web browser
• Significant savings based on actual care delivery not commissioned/planned
• Automation of billing calculations through flexible rule based arbitration
• Analytics to improve performance, decision making & lower risk

£45.00 a licence a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

135399132032750

Contact

Access UK
01206322575
tendernotifications@theaccessgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: - Solution supported on manufacturer supported web browsers and mobile operating systems (Android & iOS); - Planned software maintenance window is 12 midnight - 5am; - Support level/SLA determined by Customer Success Plan selected
• System requirements:
  • Mobile app runs on manufacturer supported Android/iOS smart phones
  • Parts of solution use Citrix with free browser/OS plug-in

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Call response times depend on the priority of the issue and the Customer Success Plan selected - please see the CM Service Definition. For urgent matters we'll respond within 1 hour.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Priority; Description; Response time; Target resolution time; ; Priority 1; The entire Access Product service is "down" and inaccessible.; Complete failure of Access Product Telephone Based Electronic Monitoring Service (where applicable). This does not include local Customer issues for example, but not limited to Customer infrastructure or internet connectivity issues. Priority 1 incidents shall be reported by telephone only when outside Normal Business Hours; Within one hour during Extended Business Hours; Within eight hours during Extended Business Hours. Continuous effort after initial response and with Customer co-operation.; ; Priority 2; Operation of Access Product is severely degraded, or major components of Access Product are not operational and work cannot reasonably continue; Within 2 hours during Normal Business Hours; Within two Business Days after initial response.; ; Priority 3; Certain non-essential features of Access Product are impaired while most major components of Access Product remain functional; Within 4 hours during Normal Business Hours; Within seven Business Days after initial response.; ; Priority 4; errors that are non-disabling or cosmetic and clearly have little or no impact on the normal operation of Access Product; Within 1 working day during Normal Business Hours; Next release of Access Product.; ; See Customer Success Plans for more information/pricing.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Access provides a comprehensive on-boarding process which has been designed for public sector needs/processes. Each solution has an implementation Flightpath that defines a process to onboard the solution from initial scoping through to go-live support. Flexible options are available so we can provide a tailored approach/project to meet your exact needs.; ; The implementation process has been designed so the solution is designed and configured in-line with the training around the system to build in a step by step process to align to your needs. Training sessions are fairly short and staggered as the system is configured rather than a "big bang" approach or self-teach. ; ; The default implementation these days is for an online remote implementation, which is fully proven and has been adjusted to work best to the new ways of working, however onsite sessions can be run if needed. Online videos and documentation are available through our online portal so new users can get up to speed through self-teach if need be.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers have a number of options available to them:; 1) Data Extraction Wizard - a step by step wizard process that allows you to extract data on bulk from the system.; 2) Reports & Dashboards - over 140 standard reports and the ability to write your own reports/dashboards (with CMBI) means data can be easily extracted.; 3) Write a Bespoke Extract yourself - using CMBI you can create your own data extract and run this as many times as you like. A repeating pattern can be defined.; 4) Access produces Bespoke Extract - as a chargeable service we can extract the data you need - a specification will be agreed and we'll provide the data in the format needed.
• End-of-contract process: At the end of the contract we will agree an Exit Plan between us. This will cleanly shutdown the system, comply with GDPR in terms of data destruction etc and extract any data that you need.; ; As outlined above on the previous question there are 3 options a customer can execute to extract their data themselves. If these are not suitable then Access can extract the data to a bespoke scope and format - this is an additional chargeable service.; ; Once any necessary data has been extracted we will decommission the system and destroy the data in-line with GDPR requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The CM solution includes a mobile app (called CM Mobile) for the Care Workers that includes their work schedule and a digital care record of the Service Users they are visiting. Visit verification is possible plus the recording of the care delivered, tasks, eMAR, digital forms, outcomes, care notes etc. App also includes a messaging solution to work colleagues, lone worker safety and expenses.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Extensive in-product configuration allows customisation of solution to suite individual customer needs. Some examples are provided below:; - all drop down lists in CallConfirmLive can be changed by customer admin users.; - Different interface styles are available to suit individual's needs e.g. for colour blindness.; - Standard reports are highly configurable plus customer can build their own reports, dashboards and extracts using CMBI; - Multiple fields allow customers to structure their teams as needed by geography, service, contract etc so very flexible.; - Any type of repeating shift pattern can be created by the users; - Pay & invoicing rates can be set/changed by customers; - Content of Client Portal can be configured by the customer to control what stakeholders see.; ; All configuration is controlled by administrative rights that are managed by the customer.

Scaling

• Independence of resources: Access CM hosted servers are monitored and load balanced ensuring that the service can expand sufficiently if required. In addition to this we use automated monitoring tools to alert us when demands on resource meet or exceed certain thresholds (CPU, RAM, I/O, disk usage etc). The infrastructure is sized to deliver comfortable capacity for even our peak service periods.; ; Each public sector customer typically has their own database thus ensuring performance. If a database is shared with other customers, the resources will be scaled to ensure comparable performance (note all the data is partitioned per customer so private to them).

Analytics

• Service usage metrics: Yes
• Metrics types: Our monthly invoice provides a breakdown of volumes used so provides the usage of the variable system volumes (e.g. carers, service users, SMS messages etc).; ; We can also provide support desk statistics and availability uptime.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: There are a number of ways users of the system can extract their data:; 1) Data Extraction Wizard - step by step wizard that allows you to extract data to a flat file.; 2) Reports & Dashboards - the system comes with over 140 standard reports + you can build your own reports and dashboards using CMBI.; 3) CMBI - build your data extract that will execute automatically on a recurring basis set by you with distribution options.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Excel
  • PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance. Our monthly availability has not dropped below 99.8% in any 4 week period in the last 12 months.
• Approach to resilience: There are several levels of resilience and failover built into the live production solution, including: ; - Virtualised environment, providing protection should a physical server fail ; - Leading anti-virus software within the virtualised environment to capture known viruses and malware to proactively prevent loss of signal and system interruption ; - Enterprise grade NetApp, that tolerates multi-disk failures without data loss ; - Multiple redundant servers available to handle calls/failover ; - Multiple resilient internet lines into the production environment ; - Multiple resilient routes for the landline monitoring solution ; - Alternate data centre hosting for our mobile monitoring solution to allow fast failover should a significant data centre issue occur.
• Outage reporting: We provide a customer accessible Status Page that shows the key solution elements with their current status. Planned maintenance is notified through the portal and any degradation of service and outages are also recorded. Updates are provided hourly as to progress of an issue. An email alert mechanism is available so any customer can receive automated email notifications off the Status Page so are pushed communication of issues and their resolution.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We operate a roll based access control, based on the last least privileged access, this applies to all our services. ; ; At an application level the only staff that have access to customer's data is the support team and any project/service delivery staff that have been given permission.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 30/11/2022
• What the ISO/IEC 27001 doesn’t cover: All matters covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to the production environment are controlled by the Change Management process so all development changes are subject to this procedure. Development teams are responsible for raising a formal Request for Change into our configuration management system. The change cannot go ahead until it has been approved by a team of approvers from across the organisation including security. Changes are tested by the Quality Assurance (QA) team and deployed by the Production Team. Continuous Integration tools provide an audit of what has been released, where and when. Octopus Deploy enables constraints to ensure a Feature/Development branch cannot accidently be released.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability. Any vulnerabilities found and fixes provided by third parties are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response for the highest priority incidents is within 1 hour on a 24/7/365 basis.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We operate a robust incident management process in line with ISO27001:2013. Staff are encouraged to report all incidents using a pre-defined process using the EQMS system that formally tracks and controls all incidents. The first aim is to recover from an incident in an effective and timely manner, whilst the second aim is to thoroughly investigate the incident cause and implement corrective actions and process change to reduce the risk of any re-occurrence. The Incident Management Team take immediate action to secure and contain the incident and reduce the risk of further breach or incident impact.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Access UK Limited is a Software author and provide associated services, including Hosting, Payroll Bureau and Payment services. We recognise that although we do not undertake manufacturing, our day to day operations will have impact on the environment at global, national, and local level. We are committed to the care of the environment and the prevention of pollution. •Access ensures that all our operations are carried out in with the minimum adverse effect on the environment but implementing many available resources and approved processes •We protect the environment by striving to prevent and minimise our contribution to pollution of land, air, and water •We keep wastage to a minimum and maximise the efficient use of materials and resources, and manage disposal of all waste in a responsible manner •We use energy, water, and natural resources wisely and prevent pollution by minimising waste, recycling whenever possible and properly disposing of waste that cannot be recycled. •Our management processes are developed to ensure that environmental factors are considered during planning and implementation •We raise employee awareness and encourage best practices for sustainability at work

  Equal opportunity

  We want everyone to feel at home at Access, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual; after all, if we were all the same it would be a pretty dull place. We love the fact that we’re all different. Having more diverse perspectives at work improves how we run our business, helps us support our customers, and when you think about it, it's just more fun. For us, this all starts with helping everyone feel part of the family and being at their best every day, making Access a place where everyone can love what they do and do what they love. We all have regular check-ins with our leaders, take part in monthly employee surveys, have lots of chances to share our views and ask for help, and with our own learning system, 'Access Shine', we really can make things even better each and every day. At Access we'll always hire the best candidate but we're continually looking for creative ways to increase the mix of diverse candidates into our recruitment process. On the basis that you ‘have to see it, to be it’, one thing we're doing is sharing more stories to celebrate the wonderful diverse range of talent we have at Access. It is important for us that our employees understand and reflect the customers and communities we support, and we want everyone to feel at home here, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual.

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £45.00 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.