CSS EUROPE LIMITED

TCES Community

TCES Community is a web-based market leading Community Equipment Service solution used in over 50 NHS Trusts and Local Authorities facilitating the provision of equipment for Hospital Discharge or the Prevention of Admission care.

Features

• Web Ordering
• Activity Management
• Planned Preventative Maintenance
• Financial Integration
• Activity and Asset Management
• Microsoft Business Inteligence Management
• Purchase Order Processing
• Sales Invoicing
• Mobile Working
• Commercial Hire

Benefits

• On the go ordering
• Real-time order tracking & visibility
• Improved Productivity
• Cost efficiencies
• Asset tracking and maintenance
• On-time, every time deliveries & collections
• Streamlined procurement processes resulting in real-time harmonisation.
• Full history of past and present invoicing data
• Improved asset performance
• Increased security

£20,725 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emma.strain@csseurope.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

142800233441940

Contact

Emma Strain
08448794531
emma.strain@csseurope.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • Any compatible web browser
  • Android mobile device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard Support hours are Monday to Friday 08:00 to 18:00 (excluding Bank Holidays). Support for connectivity and ‘server up’ is 24/7/365 and provided by Rackspace UK Limited.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Livechat can be accessed via www.csseurope.co.uk by our dedicated support staff Monday - Friday 8am - 6pm (excluding Bank Holidays)
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Creative Software Solutions offer a dedicated helpdesk support team for every contract we work with, there is no additional cost for our telephone and online ticketing support. ; Support is from 08:00 to 18:00 GMT. Server and hosting support is 365/24/7.; Each customer is provided with an technical account manager and cloud support engineer.; We only offer on level of support. All support is provided as part of the subscription cost.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: CSS provides all our customers with 6 days training extra days can be purchased at a cost of £1095 per day. We also provide user guides documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users have the capability to download all data at contract end via SQL database method or excel extraction. This can be undertaken by our support team or by the client using our secure interface.
• End-of-contract process: Users have the capability to download all data at contract end via CSS's method via an SQL database or excel extraction. This can be undertaken by our support team or by the client using our secure interface. If non CSS template extractions are required our daily rate will be envoked.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users can call API's through secure web services for a variety of reasons. Live activity tracking information.; Placing orders from third party systems.; Moving Assets.; Completing activities. ; Asset tracking and verification.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All contracts can be configured to suit the needs of the customer and type of contract they are operating.

Scaling

• Independence of resources: TCES community is fully load balanced across communications, web and database. Through our provider Rackspace UK Limited, TCES Community has the ability to automatically increase bandwidth requirements and laid balance traffic across web and database servers in real time.

Analytics

• Service usage metrics: Yes
• Metrics types: CSS provide metrics for server availability throughout a given period through real time dashboards.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users export the data through our cloud interface.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • SQL Server
  • Microsoft Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Cloud Server Hosts Service Level Guarantee. Rackspace guarantees the functioning of all Host Servers hosting the Cloud Servers or Cluster (including the hypervisor, where applicable). If a Host Server hosting a Cloud Server or Cluster fails, Rackspace guarantee that restoration or repair; will be complete within one (1) hour of problem identification. If we fail to meet this guarantee you will be eligible for a credit, as follows: Five percent (5%) of the Service Fees for each additional hour of unavailability (or portion thereof), after the first hour, up to one hundred percent (100%) of the Service Fees.
• Approach to resilience: Available on request.
• Outage reporting: Outage reporting is communicated via a public dashboard, API's communicate outages or high usage volumes to customers. ; All outage failures are emailed to key client addresses as soon as an outage is determined.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: TCES Community defines a number of user roles that are key to managing the people who utilise the platform, both for administration and service and data management.; Users and people are essentially equivalent terms; it's the broadest definition for all people who use TCES Community.; TCES Community defines each user's role when they are added,as users role may be changed as needed. And, when users sign in, they are only shown the parts of the platform that they are allowed to see and use.; User access rights dictate who they can access TCES Community's support channel.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • IG SOC Level 3
  • Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: *Information Governance Level 3.; ; *Cyber Essentials Plus; ; *We adhere to the framework and controls of 27001.
• Information security policies and processes: Undertaking and adhering to the framework and controls of ISO 27001.; ; IG Soc NHS Level 3 certified.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: TCES Community change management steps:; ; 1.Collect all the information about the change, RFC. ; Submit RFC to change management.; Review and complete information if needed.; Classify - impractical, already considered or incomplete.; Implement change.; Monitor implementation progress, check that change has met its objectives. ; Close the record and notify requestor.; ; 2.Evaluation process, impact, urgency, risk, benefits and costs of doing and not doing the change,; Evaluate assessment results, schedule change advisory board meeting, schedule emergency, advisory board meeting, evaluate change for authorisation, project charter, schedules and other information, obtain required authorisation.; ; 3.Plan implementation, negotiate schedules, authorize and schedule change.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability is managed by our hosting provider Rackspace Uk in real time. Patches are deployed outside working hours as soon as we are notified by vendors.; Rackspace monitor threats through vendors and all reliable internet security channels.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: CSS and Rackspace apply protective monitoring, as deemed in CESG Good Practice Guide No. 13 (GPG 13:[4]), which we consider as our good practice.; CSS and backspace respond to incidents within 8 hours of any incident occuring.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users report any incident via our Zendesk Helpdesk system whereby a ticket can be labelled 'Security Incident'. ; Incident reports are also provided through the same secure Helpdesk system.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Wellbeing:

  Wellbeing

  Using TCES Community promotes well-being for employees in a variety of ways; Experience -Reduction in manual processes -Releasing time for staff to focus on must-do tasks to a higher standard Reduction in bureaucracy -Empowering staff to take control of processes that are easy to follow and are streamlined across the service -Manual processes are no more, introducing paperless working with automated processes for transfers, picking and stock take leads to a positive working environment, keeping morale high Time saving -Analyzing data from one true source, decreases time spent interrogating multiple reports from multiple sources Auto transfer dashboards and functionality ensures stock wastage is reduced and stock rotation is improved with minimum manual intervention

Pricing

• Price: £20,725 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emma.strain@csseurope.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.