NHS North of England Commissioning Support Unit (Hosted by NHS England)

Axym (Secure Data Environment)

A cloud based data access platform / Secure Data Environment. Axym provides individual data access environments to collaborate and share data securely. Axym combines data provision and management, collaborative analytical workspaces, and information governance support and advice. Axym enables end users to develop analysis on a set of standardised data.

Features

• Cloud based data platform and Secure Data Environment
• Provides users a private ring-fenced space to interrogate data
• Data can be multi-model e.g. structured, unstructured, imaging etc
• Tooling including PowerBI, R, Python, SQL, Microsoft packages, Shiny
• Based on the Turing Institute architecture

Benefits

• Facilitates the effective and efficient use of data
• Supports existing and legacy processes
• Enables users to work collaboratively
• Allows secure processing of sensitive data
• Proven track record hosting health data
• Interoperable with NHS systems
• Multi factor authentication
• Scalable to support machine learning

£18,434 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at necsu.busdev@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

153434559984215

Contact

Business Development
0191 3751789
necsu.busdev@nhs.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The application can be utilised in conjunction with RAIDR to provide insights to a wider group of end users
• Cloud deployment model: Public cloud
• Service constraints: To manage the system planned maintenance arrangements are in place, these are discussed and agreed with customers during the on-boarding process.
• System requirements: No specific requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide user support during standard business hours and Monday to Friday 9-5.30, excluding bank holidays. All requests will receive an initial response within 2 working days. We can supply bespoke SLA agreements by request.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Customers will have a dedicated account lead who will work with the technical team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users will be supported through the onboarding progress with a dedicated lead. The process includes a readiness assessment to identify any items that need to be addressed. Online demos can be provided and are supported by user documentation. An initial period of hyper care will be provided during onboarding, this will be agreed as part of contract discussions.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: PPTX
• End-of-contract data extraction: Data extracts at the end of the contract would be provided by the service as part of the close down process, assuming that information governance arrangements allow extraction of the data
• End-of-contract process: At the end of a contract any data or outputs that are required to be retained would be extracted from the workspace and shared securely with customer, if inline with the agreed information governance model. The workspace would then be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Axym is accessed via VDI logon using a web browser or remote desktop client
• Accessibility standards: None or don’t know
• Description of accessibility: The service is desktop-based. Specialised desktop accessibility software would be installed onto that desktop within the secure environment where required, and used within the secure workspace.
• Accessibility testing: There is no dedicated interface testing with assistive technology however the service is windows based. Users requiring assistive technologies should access Axym via the remote desktp portal for integration between host and client.
• API: No
• Customisation available: Yes
• Description of customisation: The service can be fully customised through the addition of additional azure resources and software tooling. Any additional costs would be agreed as part of contract negotiations.

Scaling

• Independence of resources: Workspaces are fully segregated for security and resource purposes, and separate cloud infrastructure is provisioned per customer

Analytics

• Service usage metrics: Yes
• Metrics types: The service we provide is customisable and we will work closely with clients to develop the relevant metrics for their needs, this could includes things such as user logins, data accessed etc
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data is further secured within the database file using AES256
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data through a data airlock mechanism, based on prior information governance approval. (As a data access platform, most data provided will not belong to the user).
• Data export formats:
  • CSV
  • Other
• Other data export formats: Any format that is agreed by local information governance
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • Json
  • Parquet

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Additional VPNs can be configured if required by the customer but this would be discussed as part of contract negotiations.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%, assured by contractual commitment, excluding planned downtime for maintenance.
• Approach to resilience: This is available on request
• Outage reporting: E-mail alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Authentication is via MFA. Initial user registration requires approval from local customer representatives with knowledge of the user.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: MFA and further conditional access policies

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 26/04/2022
• What the ISO/IEC 27001 doesn’t cover: 14.1.3 Protecting Application services transactions 14.2.1 Secure development policy 14.2.5 Secure development environment 14.2.6 Outsourced development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: "Data Security Protection toolkit "

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Data Security Protection toolkit; Cyber Essentials; Cyber Essentials Plus
• Information security policies and processes: Our security governance approach encompasses:; Compliance with the Data Protection and Security Toolkit; Pursuit of additional accreditations to comply with the Cyber Essentials Plus scheme; Adherence to the IASME standard, a cyber security benchmark recognized by the UK Government, based on ISO27001; Alignment with ISO27001, an internationally recognised gold standard for Information Security.; NECS has a dedicated IT Security and Compliance team that reports to Executive level. NECS adheres to NHS England Information Security Management Plans and Corporate level security policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Requests are managed through an issue tracking system. They assessed for security and risk impacts for the product. Based on the outcome of the assessment and alignment to the contract NECS would agree with the customer how requests proceed.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are identified through risk assessments and vulnerability scans. Regular patches are provided by Microsoft and we implement these in a timely manner. Specific details of NECS' vulnerability management process will be made available during contract negotiation.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Axym is hosted in Azure so it makes use of cloud services which is monitored and notifications highlight suspicious activity. Due to the nature of the environment, security incidents are handled with maximum priority
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents via telephone, email or chat. Predefined processes exist for common events. Incident reports would be provided via the account manager as required.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  NECS is dedicated to assisting customers, though the delivery of our services, in achieving their strategic and operational objectives and ultimately enhancing outcomes and efficiency. ; Led by NECS' Organisational Development and Corporate Services Director our Corporate Social Responsibility (CSR) Group, is responsible for ensuring we meet our CSR Strategy. Our Strategy underscores our commitment to environmental sustainability. We aim to achieve 'Net Zero' carbon emissions, within our control, by 2040 and 'Net Zero' for emissions, we can influence, by 2045. To fulfil this pledge, we continually adapt our processes, harnessing digital platforms to minimise emissions and resource consumption.; To digitalise service delivery, we leverage tools like SharePoint and Microsoft Teams to create accessible real-time digital collaboration workspaces. This fosters seamless communication and enables sharing of insights, comments, and revisions, whilst minimising our carbon footprint.; By embracing digitalisation processes and Artificial Intelligence, we enhance efficiency, accessibility, and collaboration, while simultaneously reducing the environmental impact associated with traditional paper-based processes.; We continuously monitor and analyse our environmental impact, employing proven continuous improvement techniques to mitigate any increase in emissions or resource consumption.; We commit to a 20% reduction in our carbon footprint, a 30% decrease in paper consumption, and a 15% improvement in overall operational efficiency.; Our method statement includes implementing cloud-based project management tools, minimising in-person meetings through Microsoft Teams, reducing paper usage by adopting electronic documentation, optimising travel routes to minimise transportation emissions, and transparently monitoring and reporting on Key Performance Indicators for continual improvement.; Our healthcare procurement team ensures compliance with the Social Value Act 2012, considering economic, social, and environmental factors in commissioning services. We support clients to achieve health improvements, reduce health inequalities, and meet Net Zero and Carbon Reduction targets. Our team have gained invaluable knowledge and experience which we utilise when delivering our solutions.

  Covid-19 recovery

  As an integral part of the NHS, NECS played a pivotal role in supporting NHS England, Integrated Care Boards and Foundation Trusts in navigating and recovering from the challenges posed by COVID-19. We took a proactive approach in managing resources and internal capacity, ensuring our customers received the necessary support to alleviate pressure on services. Despite pandemic restrictions, our employees swiftly adapted to new working methods, embracing innovation to meet evolving demands.; We continue our commitment in supporting COVID-19 recovery efforts in several ways:; 1. Providing Strategic Guidance: We offer guidance and support to navigate the complexities of COVID-19 recovery planning. This includes assisting the development and implementation of recover strategies tailored to each providers unique needs and challenges. ; 2. Delivering Operational Support: We provide operational support to help providers manage and recover from the impacts of COVID-19. This involves assisting with workforce planning, resource allocation and service redesign to meet challenging demands. ; 3. Facilitating Innovation: We encourage innovation in solution delivery to address the challenges posed by COVID-19. This includes supporting the adoption of digital solutions to improve efficiency. ; 4. Promoting Health and Well-being: Our mental health "first aiders" provide support and signposting to resources to promote physical and mental wellbeing. We collaborated with trade unions to develop a new framework for flexible working, reflecting our commitment to adaptability amidst COVID-19 and the recovery period. Our framework emphasises decentralisation from traditional office setups, prioritising wellbeing, and accelerating carbon footprint reduction efforts. ; NECS is dedicated to playing a proactive and supportive role in COVID-19 recovery efforts, leveraging its expertise, resources, and partnerships to help provider organisations and communities emerge stronger from the pandemic. We are keen to share our experiences and best practices with both providers and customers, fostering collaborative efforts toward sustainability and efficiency.

  Tackling economic inequality

  NECS, as an NHS organisation, is guided by core values of professionalism, honesty, integrity, and high-performance standards. We prioritise both short-term objectives and long-term sustainability, striving for a balance between acquired skills, employment opportunities, and societal impact.; Embracing a culture of continuous learning, we offer an online platform with diverse courses for NECS employees and customers. We track participation and completion rates to inform future course offerings, aiming for an 8% annual increase in course completions over the next two years.; Recognising the importance of hands-on experience, we launched the NECS100 Programme for Graduate trainees and Apprenticeships in 2020. In the first year, this programme saw the recruitment of 100 graduates and apprentices into our organisation. We continue to increase apprenticeships and graduate trainee opportunities annually, ensuring diversity in recruitment and providing mentorship for knowledge sharing and skill development.; We conduct periodic assessments of staff skills and expertise to identify gaps and areas for improvement. Collaborating with contracting authorities helps us tailor services to evolving customer needs. Our Business Development Team and members of our Executive Team have access to HSJ intelligence, which is a digital platform offering real-time information exchange. This helps us anticipate market needs and adapt the services that we provide accordingly. ; Feedback loops with customers provide insights into service effectiveness and emerging needs. ; Our method statement outlines ongoing efforts to enhance online learning platforms, strengthen apprenticeship programs, conduct needs assessments, and address inequalities in skill development. Through measurable Key Performance Indicators, we ensure transparency, accountability, and adaptability in achieving desired outcomes.; Overall, our skills policy aims to elevate the overall skill level of our workforce, bridge gaps, and reduce inequalities in skill development, creating a diverse, inclusive, and adaptable workforce prepared for the dynamic healthcare environment.

  Equal opportunity

  NECS is committed to addressing inequalities within our organisation, evidenced by our ongoing reporting against the Workforce Race Equality Standard (WRES) and Workforce Disability Equality Standard (WDES). Through continuous efforts, we strive to enhance performance across all WRES and WDES indicators, gaining crucial insights into the challenges we face and working towards fostering a fairer, more inclusive workplace.; Our recruitment and selection policy reflects our commitment to positive discrimination through the Disability Confident scheme, ensuring that candidates are assessed solely based on their skills and relevant experiences. We take proactive measures to minimise opportunities for discrimination during recruitment by anonymising application forms and applying objective selection criteria. Furthermore, we maintain equitable pay across the organisation by adhering to NHS Agenda for Change pay rates.; Our training programmes prioritise Equality, Diversity, Inclusion, and Respect, creating an environment where diversity is celebrated, and equal opportunities are provided. We establish ground rules within teams to cultivate safe and inclusive learning environments, empowering every individual to realise their full potential.; To address inequality in training and development, we revamped our Talent Management Programme in 2020, offering stretch assignments and mentoring opportunities. Additionally, we introduced a 'reverse mentoring' programme, facilitating knowledge-sharing and enhancing employment prospects for colleagues from under-represented groups.; NECS focuses on enhancing experience, culture, and outcomes for all colleagues through an equality lens to support both protected and vulnerable groups. Leveraging insights from various reports and surveys, we have developed an Inclusion and Equality strategy encompassing communication pathways, workplace accessibility improvements, educational enhancements, workforce development support, and promotion of inclusive leadership.; These initiatives and policies are fundamental to our operations and will be upheld during the delivery of any call-off agreement. We remain open to sharing best practices with our suppliers and customers, fostering a culture of inclusivity and equity across our ecosystem.

  Wellbeing

  NECS prioritises good mental health and wellbeing among our employees, recognising the impact we have on wellbeing, longevity, physical health, and productivity. We are committed to implementing measures that encourage and promote a healthy workforce.; Our approach to managing health and wellbeing is integrated and comprehensive, overseen by our Health and Wellbeing Group who ensure that NECS takes a proactive and engaging stance towards enhancing the health and wellbeing of our employees, thereby fostering a supportive and nurturing work environment.; Our health and wellbeing champions play a pivotal role in promoting a culture that prioritises both the physical and mental health of our workforce. These champions not only support their colleagues but also receive support and development opportunities themselves, contributing to a mutually beneficial environment.; In line with our commitment to supporting mental health concerns, NECS has trained several employees as Mental Health First Aiders (MHFAs). While MHFAs are not clinically trained in mental health treatment, they are equipped to recognise early signs of mental health issues and provide responsive assistance, including signposting individuals to appropriate support services.; To further support employee wellbeing, we offer an Employee Assistance Programme, providing access to online Cognitive Behavioural Therapy (CBT), mindfulness exercises for mental health, a virtual gym, advice on sleep and nutrition for physical health.; We encourage employees to engage in volunteering initiatives through allocated time and funding. Since launching this programme in July 2023, employees have reported improvements in self-esteem, confidence, and work-life balance, along with the opportunity to learn new skills.; These initiatives and policies are integral to our operations and will be upheld during the delivery of any call-off agreement. Furthermore, we are committed to sharing our best practices with suppliers and customers, fostering a collaborative approach to promoting mental health and wellbeing across our ecosystem.

Pricing

• Price: £18,434 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Demo

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at necsu.busdev@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.