Skip to main content

Help us improve the Digital Marketplace - send your feedback

MEG Support Tools

MEG Healthcare Quality, Risk & Compliance Management

MEG is a cloud-based healthcare Quality Management System (QMS), prioritising risk and incident management, tailored to meet LFPSE standards and CQC compliance. Our suite of web and mobile modules includes Auditing, Action Planning, Feedback Surveys, Document Management, and Quality Improvement (PDSA), alongside insightful dashboards and real-time reporting for informed decision-making.

Features

  • LFPSE-Compliant Risk Management: Supports PSIRF framework
  • Real-Time Analytics: Provides instant insights through interactive dashboards
  • Comprehensive Customisation: Tailor forms, workflows, and dashboards to specific needs
  • Audit, Incident, Feedback Surveys, and Document Management; any device.
  • API: Integrates smoothly with Power BI, EPRs, and other softwares.
  • Automated Workflows: Streamline operations and enhance efficiency.
  • Enforce role-based access, log changes with full audit trail
  • Mobile Accessibility: Accessible functionality, even offline, via mobile.
  • Action Planning: Identify and resolve issues promptly; supports PDCA/PDSA.
  • Form Builder: Empower admins to customise most aspects of forms.

Benefits

  • Mobile-friendly and user-centric design for ease of use
  • Interoperable with existing healthcare and IT systems
  • Clear organisational visibility and process support
  • Reduction in manual processes and paper-based operations
  • Efficient regulatory (CQC) compliance management
  • Data-driven decision-making for improved outcomes
  • Cost reduction and operational efficiency
  • Enhanced communication through trackable notices
  • Continuous quality and compliance improvement
  • Local consulting support for tailored assistance.

Pricing

£800 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@megit.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 4 8 2 5 5 9 5 6 5 8 6 1 0 6

Contact

MEG Support Tools Peter Clifford
Telephone: 020 3322 5406
Email: enquiries@megit.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
We aim to support latest versions of popular browsers and we are backwards compatible with older versions of browser and operating systems multiple versions behind.
The app requires Internet access to log in and upload data, but can nevertheless be used offline during inspection.
If data collection using a mobile device is required, MEG is compatible with iOS and Android OS, multiple versions behind.
System requirements
  • Recent version of a supported web browser
  • Internet Access
  • Software license required to use

User support

Email or online ticketing support
Email or online ticketing
Support response times
We aim to respond to clients within 4 working hours for high-level support issues and within 24 hours for normal level support issues during weekdays.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Online, email, and phone support are included within the software licence fee. On-site support will be provided at a cost of £900 per day excluding VAT.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our dedicated Implementation Team effectively manages the onboarding process, providing comprehensive project management from initiation to deployment. We coordinate timelines, allocate resources, and track milestones to ensure alignment with your organisation's objectives.

MEG offers dedicated training sessions for administrators, focusing on system configuration, user management, and permissions.

For broader user groups, we offer online training sessions and provide extensive user documentation, including 'how-to' guides, instructional videos, and a self-serve help desk and knowledge base with articles and FAQs. Our goal is to equip users with the knowledge and skills they need to effectively use the MEG platform from day one.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word format
  • HTML: Online dedicated Knowledge Base
  • Online articles
  • Online Help Desk
  • Web chat
End-of-contract data extraction
MEG ensures seamless data extraction for clients at the end of their contract. We provide clients with their data in electronic CSV or Excel format, ensuring compatibility with future systems.
End-of-contract process
At the end of the contract, MEG ensures that clients have full control over their data. Clients can choose to either archive or delete their data based on their preferences.

Additionally, upon request, clients can receive their data in electronic CSV or Excel format, ensuring compatibility with future systems. It's important to note that all user access to MEG is revoked to maintain data security.

If clients require historical data in a tailored format, MEG can provide this service at an additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile-optimised page layout is used on mobile devices, but features remain the same as on the desktop version.
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
Our web portal allows users with sufficient privileges to view reports, review submitted data, and manage the hospital's resources (users, wards, rooms etc.)
Accessibility standards
None or don’t know
Description of accessibility
No limitation for users using accessibility technologies.
Accessibility testing
We've tested the system using text scaling option.
Text scaling feature is built into the mobile app.
API
Yes
What users can and can't do using the API
Our API provides a bi-directional gateway for users to seamlessly integrate and manage data within our healthcare marketplace. Users can set up the service by configuring data transfer pathways between, for example, Electronic Patient Records (EPR) and Business Intelligence tools, facilitating the real-time exchange of ward structures, audit forms, and raw audit data. This setup is initiated through a simple authentication process, followed by endpoint configuration to align with your system's architecture.

Changes to service configurations, including adjustments to data exchange frequencies, format specifications, or integration points, can be made directly through the API. Users are empowered to submit audit data and request additional features to tailor the service to their specific needs.

However, the setup and modification processes are subject to certain limitations. Users must ensure compliance with healthcare data regulations and standards when configuring data exchanges.

Additionally, while our API supports a wide range of integrations, some third-party tools may require additional configuration or may not be fully supported.

Through our API, users gain a powerful tool for enhancing data interoperability and operational efficiency within the healthcare ecosystem, albeit with a keen adherence to compliance and security standards.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
[WHAT CAN BE CUSTOMISED?]

- User-specific settings: Includes setting and updating user passwords and granting access rights

- Audit configurations: Users can fully customise audits by editing questions and answers, setting compliance calculations, adding help texts and supporting graphics, and configuring the order of questions (mandatory or optional) and categories

- Organisational structure: This covers the setup and modification of sites, directorates, wards, and auditor teams to accurately reflect the organisational structure

- Audit scheduling: Tailor audit schedules according to requirements

- Data reporting: Export of audit data into Excel can be customised by specifying the fields required

[HOW CAN USERS CUSTOMISE? ]

- Customisation is primarily done through the user dashboard, which is designed for ease of use. Access to various customisation features is permission-based

- For advanced customisations like custom graphs/reports, RAG scores, QIP layout, or audit signatures, our technical team collaborates closely with clients to implement specified changes

[WHO CAN CUSTOMISE?]

- Basic customisation, such as audit schedules and organisational settings, can be done by any authorised user with access to the client’s dashboard

- Advanced customisations requiring technical support are facilitated through collaboration between the client’s designated administrators and our technical support team

Scaling

Independence of resources
We continuously monitor our servers and service levels to ensure users experience optimal performance, even during peak demand. Our strategy includes real-time monitoring and dynamic resource allocation to meet and anticipate user needs effectively.

Additionally, our services undergo rigorous load testing during development to accurately cater to expected demand. We offer hosted services as a fully elastic resource that scales according to usage guaranteeing that one customer's resource usage never impacts another.

Analytics

Service usage metrics
Yes
Metrics types
Users can view metrics of inspection usage through the Web Portal dashboard.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Private key authentication is required to access servers over ssh
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can export their data through the dashboard interface, offering options such as PDF, Excel, and CSV formats, as well as real-time access via API.
Data export formats
  • CSV
  • Other
Other data export formats
  • Microsoft Excel
  • PDF
  • JSON
  • JPEG (Image file)
  • .PPT (PowerPoint)
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • Microsoft Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.9% uptime guarantee.

In 2023, MEG customers in the UK experienced availability of 99.99% or better, backed by our Cloud Service provider.

Our standard SLAs can be tailored to include service credits aligned with specific client requirements.

We strive to exceed the baseline availability to ensure optimal connectivity, consistently maintaining performance levels above our stated target, with service credits available for any unexpected downtime outside of scheduled maintenance.
Approach to resilience
Our service infrastructure is designed for high resilience and performance, featuring fault-tolerant setups to ensure continuous operation. By aligning with top-tier cloud service providers, we ensure that our hardware configurations include 100% failover resilience. Additionally, our systems comply with ISO27001 standards for information security management, reflecting our commitment to secure and reliable service delivery.
Outage reporting
Private dashboard and e-mail alerts. Clients will be notified about relevant outages on request (opt-in).

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Developers who have access to the server management interface via ssh must use pivate key authentication. Other, unused, access channels are blocked (telnet, ftp etc) on firewall level.
Support staff can only access the admin UI via our secure employee VPN.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Citation.co.uk
ISO/IEC 27001 accreditation date
18/02/2022
What the ISO/IEC 27001 doesn’t cover
The scope of MEG's certification is for "The provision, ongoing support, development and maintenance of MEG’s Quality Management Software (QMS) platform for the Healthcare Industry."
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
NHS Data Security Protection Toolkit standards exceeded

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Our governance standards align with ISO27001, ensuring robust security management and our protocols include rigorous internal and external security measures. Our data protection officer holds IPA and IAPP certifications, reinforcing our commitment to robust data protection practices. Our hosting partners are also ISO27001 accredited, ensuring secure services.
Information security policies and processes
Our internal security policies are directly overseen by the CEO and our Information Security Committee. Every team member, including those in Technical, Marketing, Sales, Implementation and Support roles, is required to adhere strictly to these policies. Non-compliance must be reported immediately to the CEO. We enforce these policies through Internal Standard Operating Procedures (SOPs), supplemented by regular audits to ensure compliance. Additionally, all new staff receive training on these policies during their induction to guarantee a thorough understanding. We also conduct external assessments annually, aligned with Cyber Essentials, to maintain and enhance our security standards.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our configuration and change management approach ensures that all code changes undergo thorough testing and review to assess security implications. A detailed change control request process is in place, where the need and purpose of each change are fully explained. Changes impacting customers are communicated in advance, with agreed timeframes. Our rolling deployment model allows for changes to easily be rolled back.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
MEG undergoes CREST-accredited 3rd-party Vulnerability Scans and Penetration Tests on biannual basis. Any and all identified issues are resolved with immediate priority. Our vulnerability management approach also involves daily scans of third-party dependencies to detect vulnerabilities. We use industry-leading threat detection and prevention systems, including automated testing techniques as part of our development process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our protective monitoring processes are designed to identify potential compromises through regular code reviews and detailed access audits. Upon detecting a potential issue, our response is immediate, with all compromises addressed within 48 working hours. We maintain compliance with ISO 2700 standards to ensure a rigorous security framework.
Our automated CI pipelines do SAST scanning and dependency vulnerability scanning.
Incident management type
Supplier-defined controls
Incident management approach
MEG's incident management processes is aligned with ISO27001 standards, ensuring a structured approach to handling incidents. Users can report incidents via email or through a form available in our system. We provide incident reports through email once an incident is confirmed. MEG is governed by an industry-standard Incident Management & Disaster Recovery policy as a part of its ISO27001-compliant Information Security Management System (ISMS) run by its Security Committee who keep a close eye on and monitor incidents and potential incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

MEG is dedicated to fighting climate change by implementing a comprehensive strategy aimed at achieving net zero greenhouse gas emissions. As a remote-first organisation, we reduce our transportation footprint by promoting work-from-home practices, thereby diminishing the need for daily commutes and fostering sustainable waste management such as recycling at home.

To minimise energy use, our operations prioritise online meetings over business travel, reducing both office electricity consumption and travel-related emissions. Our office is located in a co-working space, which further cuts down on individual resource consumption.

Environmental considerations are integrated into every organisational decision, emphasising virtual interactions and supporting employees who choose office work with Cycle-to-Work and public transport commuter schemes. These initiatives not only mitigate traffic and emissions but also provide financial and health benefits.

Supporting our clients in transitioning away from paper-based systems, we leverage our digital solutions to significantly reduce their environmental impact. This shift not only streamlines processes but also minimises waste and reduces the carbon footprint associated with traditional paper use.

Our IT infrastructure also reflects our commitment to sustainability, using green hosting providers that rely on renewable energy and offer a smaller carbon footprint.

Through these efforts, MEG actively contributes to reducing the healthcare sector’s carbon footprint and advances the transition towards a more sustainable future. Our initiatives are designed to foster efficient collaborations that benefit both our customers and the planet, supporting our overarching goals of environmental preservation and climate change mitigation.

Tackling economic inequality

We focus on in-work progression to help individual staff members, especially those from disadvantaged or minority groups, move into higher-paid roles by developing new skills relevant to our services. This strategy helps bridge economic inequalities by offering ongoing professional development, ensuring all employees have the opportunity to advance their careers and improve their economic standing within our organisation.

Equal opportunity

Equal opportunity

MEG is committed to a diverse and varied workplace in our hiring processes, training and evaluation of our employees.

We are committed to inclusivity and equality as part of our workplace and community, through our business partners, suppliers and customer service. We believe in:

• Providing equal opportunities and recognising the importance in gender pay gap equality;
• Integrating messages of a safe and accepting multicultural work environment in our internal and external publications;
• Creating a flexible and accessible environment through adapting different equipment and tools to the unique needs of people with special needs etc.

We are committed to being an equal opportunity employer and we do not discriminate anyone for any reason, whether race, colour, age, gender, sexual orientation, gender identity and expression, ethnicity, religion, family status, social origin, disability, union membership or political affiliation.

Presently, MEG predominantly carries out its recruitment processes in-house. Where additional recruitment expertise is required, MEG uses only specified, reputable employment agencies to source labour and always verifies the practices of any new agency it is using before accepting workers from that agency.

We are committed to treating our employees equally in compensation and benefits, by supporting employees with their needs.

We are committed to creating a conscious culture and promote open communication as part of our inclusivity and diversity.

More details on relevant MEG policies can be found within the following statement on the website: https://www.megit.com/modern-slavery-and-human-trafficking-statement

Wellbeing

MEG is committed to promoting the health and well-being of our workforce through a diverse and inclusive work environment.
Conscious Culture: We foster open communication and inclusivity, allowing employees to express their health concerns freely and facilitating timely support and intervention when needed.
Adaptability: We cater to the unique needs of individuals, particularly those with special needs, ensuring all employees can perform their tasks comfortably and healthily.
Mental Health Support: We provide a safe, multicultural work environment and equal opportunities. We actively combat discrimination and harassment, fostering mental well-being.
Employee Assistance Program: Our employees have access to Spectrum.Life, an Employee Assistance Program offering resources and professional guidance for mental health support.
Wellness Initiatives: Also through Spectrum.Life, we offer access to exercise, healthy eating and wellness initiatives throughout the year. These initiatives are actively promoted in-house and aim to foster a culture of holistic health and well-being within our workforce.
Training and Development: Our ongoing training programs increase job satisfaction and overall well-being.
Ethical Partnerships: We work with reputable employment agencies, ensuring our workforce is treated fairly, which contributes to their overall well-being.
Comprehensive Policies: Our Modern Slavery and Human Trafficking Statement outlines our dedication to ethical labour practices.

Through these strategies, MEG will ensure effective measures for health and well-being during the contract's delivery. We believe our commitment to equal opportunities, diversity, and inclusivity will enhance the physical and mental health of our workforce.

Pricing

Price
£800 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Included in our pilot offering:
Access to core features of our QMS software, including basic forms, action planning and reporting tools. Limited user accounts.

Not included:
Advanced customisation, full integration capabilities, and some premium support services.

The pilot lasts up to 60 days, sufficient time to evaluate our service.
Link to free trial
https://www.megit.com/contact

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@megit.com. Tell them what format you need. It will help if you say what assistive technology you use.