Advanced Business Solutions

Care Cloud

A modern, cloud-based Care Business Management system including facilities for Care Planning, Invoicing for Service Users, Recruiting, managing & Rostering Staff and calculating Payroll. All within a secure and flexible platform including reporting and dashboard capabilities. A companion Mobile App also enables Carers to record Care delivery.

Features

• Care Management
• Mobile "Point of Care" recording
• Invoicing
• Applicant & People Management
• Intelligent Rostering
• Quality & Compliance
• Payroll
• Dashboards & Business Insight

Benefits

• Real-time, personalised graphical dashboards for quick oversight.
• Intelligent rostering and rota-planning calculate pay
• Creation of assessment form, mirroring paper-based documents
• Dedicated point-of-care apps, built with user in mind
• Flexible-invoicing facilitates the complex, like split funding or shared care
• Calculating gross payroll for multiple employee contracts
• SaaS technology, no requirements for customer installation or maintenance
• Utilising AWS, ensuring reliability and the highest levels of security

£46.80 to £528.00 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

178880061077639

Contact

Bid Support
0330 343 8000
bidmanagementteam@oneadvanced.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our Care Solution cannot be used without Multi-factor Authentication (MFA) enabled.
• System requirements:
  • PC - Operating system - Windows 10 & 11
  • PC - Web browser - Chrome, Edge
  • PC - Internet connection & access
  • Tablet - Operating Systems - iOS v15+, Android v12+
  • Tablet - Browser - Safari (iOS), Samsung Internet (Android)
  • Mobile Phone - Recommended iOS v15+, Android v12+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target Response Times; P1 - 1 hour; P2 - 4 hours; P3 - 8 hours; P4 - 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Target Response Times; P1 - 1 hour; P2 - 4 hours; P3 - 8 hours; P4 - 24 hours
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Advanced follow Prince2 Project Methodology. A Project Manager is assigned to the customer. At the stakeholder engagement meeting all documentation re the service is shared between stakeholders. Project plan is created aligning each task to a responsible owner. RAID log is shared with the customer and managed throughout; ; The customer will be provided with a sandpit environment for familiarisation/testing activities. We will jointly work on the project deliverables through to successful completion.; ; The customer will be provided with a suite of eLearning modules as well as virtual classroom sessions relevant to what the customer will utilise.; ; Upon training completion, the customer will receive 1:1 consultancy session’s. These will guide the customer through the process and provide ongoing support before a go live takes place.; ; Following successful user acceptance testing the customer will commence with a pilot go live for a subset of users/services for any operational issues to be addressed and the system to embed prior to a full go live.; ; Two-four weeks after your go live date, we will work to signoff the project off once satisfied. At this remote meeting, we will formally introduce your Account Manager/Customer Support/Customer Success Team(s) who will become your primary points of contact.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: There is no full data export that a user can invoke however, there are several options that can be discussed and explored with the customer to suit their needs, note that not all options below are available to all customers.; ; Right To Use License; Provision of a Database Backup (.BAK file), provision of SQL scripts to extract data and instructions on how to restore the database and use the scripts.; Advanced Extract of Data and provision in the form of .CSV files.; Provision of SQL scripts to extract data and instructions on how to use the scripts.
• End-of-contract process: Upon termination of contract, we will work with the customer/new supplier to prepare an Exit Plan which sets out the proposal for achieving an orderly transition of Data.; ; We will outline the approach to exist planning:; - Scope of data/extraction format; - Transfer mechanism to customer/new supplier; - Number of extracts provided for data validation; - Agree a retention period, following which Advanced will securely wipe all data from the Advanced systems; ; A commitment to developing a transition plan with the customer/new supplier at least 3months before the transition date (unless agreed otherwise); ; Advanced will work with the customer/new supplier to ensure continuity of data for care provision. This will be detailed in the jointly agreed Exit Plan, normally including:; - Defined timeline with clear definition of ownership/responsibilities; - Defined agreement and approach to the number/scope of any trial data migrations.; - Defined approach to how the data will be encrypted/transferred, and unencrypted.; - Definition and agreement of any dual-running activities which may be required during transition to ensure continuity of data for care.; ; A clear approach to exporting data from the system in an encrypted electronic format enabling upload into a new system containing the full set of data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The main Solution, browser based application runs on mobile and touch screen devices with a minimum screen size of 10in. This includes Android/iOS/Windows/Mac devices.; A Mobile App is available which is designed to run on iOS/Android Mobile phones with a smaller screen. The Mobile App does not include the full feature set of our Care Solution and is focused on the recording of interactions, Care Staff, at the "point of care" e.g. recording Personal Care/Preparation of Food/Medication Administration. The Mobile App can be used in settings including Supported Living/Residential /Nursing Care homes/Domiciliary Care. The App also works online/offline where necessary.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users work with a modern browser either desktop or Mobile to use the service.; The companion Mobile App, for use on smaller mobile devices such as Phones, uses a dedicated App, available from the App Store and Google Play Stores for the iOS and Android versions respectively.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The user interface of our Care Solution is developed with Accessibility-First Design principles adopted.; Our component library and design system (Mosaic) both adhere to WCAG AA 2.1 standards out of the box. So, any product that adopts them into their products will also inherit and pass on these benefits of a fully accessible site to their users.
• API: Yes
• What users can and can't do using the API: Our Care Solution includes open APIs enabling integrations to be developed with multiple other systems.; The solution utilizes the ASP.NET Web API framework to build HTTP RESTful services that reach a broad range of clients. It uses HTTP methods (mainly GET, POST, PUT, and DELETE) to communicate with the client. The Web API services allow other systems to request data if they have the correct security and authorisation. Using Web API our solution will return the results in JSON format.; Documentation for the APIs is comprehensive and entirely contained within the setup screens of the Care Solution itself.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: User organisations can customise our Care Solution in many ways:; 1. Live Dashboards can be defined to visualise, using lists and charts, the data within the system. This enables Users to quickly assimilate what requires their attention.; 2. Workflows can be configured to automate parts of a local business process or add additional validation rules.; 3. Pathways can be defined that allow the organisation to systematise their business processes.; 4. A digital forms designer enables the organisation to build and maintain data capture forms, including logic for quicker navigation or calculations.; 5. Reference Data lists can be adapted to include locally defined options.; 6. Home screens composed of collections of dashboards can be defined for use by different User roles.; 7. Role Based Access Control can be defined locally using Security Profiles to govern precisely what Users can see and do within the system to suit their role.

Scaling

• Independence of resources: The solution is built upon a highly scalable public cloud platform (Amazon Web Services) that has a near infinite amount of resource due to the size of its network infrastructure. The platform is multi-tenanted and is never limited to a single machine/data-centre, working across all available zones.; ; The system will automatically allocate more resource if required, and downscales when no longer required, without disruption to those currently using the solution.; ; For example, if the solution had 10,000 active users, processing power, RAM/storage and network bandwidth would scale to match system demand, then automatically lower if 5,000 users were to log-off.

Analytics

• Service usage metrics: Yes
• Metrics types: System User access reports are available from within the system along with comprehensive System Audit Data (every View, Create, Update, Delete etc).; Infrastructure is monitored in real time with proactive monitoring ahead of agreed thresholds being breached, whereby incident management action is triggered.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is no full data export that a user can invoke however, there are several options that can be discussed and explored with the customer to suit their needs, note that not all options below are available to all customers.; - Provision of a Database Backup (.BAK file), provision of SQL scripts to extract data and instructions on how to restore the database and use the scripts.; - Advanced Extract of Data and provision in the form of .CSV files.; - Provision of SQL scripts to extract data and instructions on how to use the scripts
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our internal target is an availability of 99.5% (excluding pre-organised maintenance).
• Approach to resilience: The AWS platform provides us with the tools required to utilise a highly resilient configuration, allowing the environment to be robust without single points of failure. All services are distributed across AWS availability zones, and are serviced via load balancers to ensure resilience of the network.; ; This approach is consistent across all application tiers and ensures that a single server or a whole data-centre becoming unavailable will have minimal impact on service availability i.e. if one server fails, the traffic will be automatically routed to a different server in a separate region which will mean no downtime.
• Outage reporting: When an outage or an issue that could potentially impact users is noticed, all applicable customers are informed via email or phone dependant on impact & severity. ; ; Customers are also able to directly call our service desk (both in and out-of-hours) to report any availability issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access control is in place both internally and across our solutions, following a policy of minimal access whereby employees are only given the required permissions to perform their relative function, this includes, restriction to confidential information. We advise all of our customer base to follow a similar policy, regarding user access and privilege management of the provided solution.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All G-Cloud activity is covered by the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70).
  • SOC 2 & 3.
  • FISMA.
  • ISO 9001 / ISO 27001.
  • ITAR.
  • FIPS 140-2.
  • MTCS Level 3.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Access control is in place both internally and across our solutions, following a policy of minimal access whereby employees are only given the required permissions to perform their relative function, this includes, restriction to confidential information. We advise all of our customer base to follow a similar policy, regarding user access and privilege management of the provided solution.; ; We have a dedicated Talent team who produce courses with current regulation and best practice in mind. These are mandatory for all employees to undertake (e.g. GDPR compliance, vulnerability & viruses management, data handling & breaches, etc..) before they are allowed to carry out their function. Additional courses (e.g. clinical training, PID management, legal assessment, etc.) are also in place for those in the applicable sector. Courses are renewed when applicable, or annually at a minimum.; ; Risk management processes are in place, whereby incidents found or reported are assessed based on impact and severity. Depending on the assessment, applicable actions may be taken as laid out in our ISMS, Disaster Recovery and Business Continuity policies. Escalation paths are provided and can be used as needed.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As a SaaS offering, we apply applicable security or application updates during pre-agreed maintenance windows. For updates, customers are provided with release notes. For security, customers are informed if there's an adverse effect on their system or data, updates would relate to the underlying cloud infrastructure.; Other changes will not be performed outside a regular monthly maintenance window, unless authorised by the customer. E.g., if users are required to temporarily stop use while technicians run a script to resolve an issue, then we advise an authorised party of the scope, impact and agree a time to carry out the work.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Incidents found or reported are assessed based on impact and severity. Depending on the assessment, applicable actions may be taken as laid out in our information security management system (ISMS), Disaster Recovery, and Business Continuity policies. ; ; Customers will be informed as soon as possible if any of these policies are enacted, with an ongoing channel of communication between setup.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Manual and automated alerting is in place to monitor performance, security, unauthorised access, or potential data breaches. If an issue were found that may impact customers, or be of a certain severity, they would be informed as soon as possible.; ; Retention time of audit logs the solution are user-definable, however, audit logs of the platform (such as network requests, database access, API usage, etc..) and are kept for the duration of the platforms existance, and can be used to investigate issues.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: OneAdvanced Incident-Management align with ENISA Good practice Guide for end-to-end processes and simplified down to Detect, Analyse, Contain, Eradicate, Recover. Our security tech-stack provides analysis of data consumed by security team and identifies potential-incidents. An analyst then reviews, analyses output. If validated, Incident is raised and Security team move to Contain the Incident supported by number of predefined Playbooks. Once contained, the Incident is moved to Eradication-phase, any malicious software/connections are removed. The Recover-phase lead by service-operation team supported by security and post-incident review conducted to identify preventative actions required. Incident is managed through case management system to govern progress.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We are committed to building a better tomorrow for our staff, customers and wider community through outstanding environmental sustainability performance. Our vision is underpinned by five core principles: ; ; To protect the environment by reducing our carbon footprint ; To reduce the environmental impact of our operational activities through effective management of our estate ; To create and maintain a positive environmental sustainability culture ; To maximise the positive impact of our sustainability actions through effective communication, collaboration and partnership ; To fulfil all environmental compliance obligations and seek to exceed regulatory requirements ; ; To achieve this vision, we continuously invest in and develop our ESG strategy to provide a structured and meaningful approach to our climate activity. Our success also relies on effective engagement with staff, utilising and developing their skills, knowledge and understanding. ; ; We have launched a number of initiatives to reduce our GHG emissions on an annual basis, since 2018 we have seen a reduction in 36% in our total GHG emissions. ; ; We are proactive in the property management of our offices, maintaining pressure on landlords and staff to ensure energy efficiency. Home working is facilitated and encouraged, and unnecessary travel is minimised by the delivery of consultancy, training and implementation services remotely, where appropriate. Reducing the amount of paper we generate is a key focus, and we use recycled paper - which we then recycle ourselves. We have also taken steps to recycle other materials such as plastics, food and cardboard. We comply with WEEE regulations and recycle our electrical items. All our UK based offices are entirely using green electricity and we have undertaken an office consolidation project to minimise unnecessary carbon expenditure. ; ; We are focused on our transition to a Cloud service company ensuring our customers have solutions which are future proofed and don’t require costly or energy inefficient hardware.

  Covid-19 recovery

  In the event of a similar incident OneAdvanced has a documented Health and Safety policy regarding Covid-19 Arrangements, which focuses on handwashing, hygiene, self-isolation and social distancing. ; ; As part of our transition to hybrid working we provided all employees with the materials and processes to allow them to work at home indefinitely. In the event of a similar incident all staff are able to work from home for as long as is required. This allows them to prioritise their health and safety and avoid risk of transmission. ; ; Working from home is undoubtedly challenging and may have a negative impact on the wellbeing of our employees. We provided guidance for staff working from home to stay connected e.g., quizzes, coffee mornings and time allocated for informal catch ups. ; ; We have also made changes to our approach to visiting customers on-site. Where appropriate, training and consultancy can be provided virtually. ; ; With the increase in remote work and changes in the software landscape we have invested significantly in digital transformation and cyber security to ensure the safety of the business, employees and customers. This includes protection of personal data.

  Tackling economic inequality

  OneAdvanced is committed to tackling economic inequality. We are renowned for our recruitment processes which seek to eradicate biases that can perpetuate economic inequality. We hire for potential rather than based on experience. ; ; Our commitment to tackling economic inequality is also exemplified in our pay reporting transparency. In addition to the legal requirements to produce a Gender Pay Gap Report, we have also released our Diversity Pay Gap Report to ensure accountability and so that we can take steps to address economic inequality within our own employee base. ; ; As we develop as an organisation and embrace our role in bettering society we are building features into our products to assist us in tackling economic inequality. One example of this is our education software that is used by prisons in the UK to help educate individuals that have been in the prison system and broaden their opportunities for education. Another example is the service we provide to many NHS offices across the country which allow them to act more efficiently and see more patients each day. ; ; A focus of OneAdvanced is to commit to increasing our community outreach. As part of our strategy we are planning to implement a regular schedule of community education workshops for local schools, colleges and other groups. Examples include ‘How to get started in Tech’ and coding classes. Each employee is entitled to 1 paid day they can use to volunteer for a cause close to their heart including those that are aimed at helping those from lower socio-economic areas. ; ; Our learning and development team are in place to allow our staff the opportunity to develop their skillset and further their professional career. This can allow disadvantaged individuals to increase their opportunities to secure high paying jobs both within the software industry and outside of it.

  Equal opportunity

  Cultivating a diverse workforce and inclusive culture is a priority for OneAdvanced. Diversity of experience, age, race, ethnicity, culture, gender and sexual orientation provides a wide range of talent from entry level through to our leadership teams creating richer perspectives and a powerful frame of reference. ; ; Not only is it right to recognise and celebrate differences, and ensure everyone has the opportunity to thrive, but creating a culture that is genuinely committed to a meritocratic workplace is important to our success. Ensuring all our employees understand and engage with our values, and have the opportunity to realise their full potential, is fundamental to our business. ; ; We have published 4 Diversity Pay Gap reports that extend beyond the legal requirement for gender to ethnicity, sexuality, education, disability and socio-economic status. This data provides transparency and will aid us significantly on our journey to creating a fair and equitable workplace for all. ; ; OneAdvanced is delighted to have been announced as one of the top 100 Diversity Leaders of 2020 across UK businesses following an independent survey carried out on behalf of the Financial Times. The award assesses diversity across gender, age, ethnicity, disability and sexual orientation, and ranks organisations in Europe on the extent to which they offer diverse and inclusive workplaces. The survey focused on two broad areas, looking at the scale in which employers promoted diversity within the workforce, and identifying companies that stood out when it came to encouraging diversity and equal opportunities. ; ; OneAdvanced is renowned for its innovative recruitment process, which seeks to eradicate bias – unconscious or otherwise – when hiring. In our recruitment, we use tools that give us additional insight into intellect and attitude, and remove CVs from the interview process, so managers go in without preconceptions.

  Wellbeing

  We take wellbeing very seriously at OneAdvanced, employees have access to the following initiatives to promote wellbeing: ; ; Our Employee Assistance Program (EAP) is a 24/7 phone line where our employees can speak to a trained professional regarding any matters. Whether that is related to their current workload, or whether it is related to their finances for example. This service is 100% confidential. ; ; The Wellbeing hub on our internal website is central point for resources, such as the Thrive app to which our employees have an access code. In addition, the Hub is a link to our partnership with Perks at Work who offer discounts and classes for wellbeing, fitness, and meditation. ; ; Our offices have been made more friendly and accessible than ever before as part of our office changes brought on by the new, flexible ways of working. All our offices now contain a ‘wellbeing room’, sharp boxes for needles and free sanitary products in all bathrooms (available to guests as well as our staff). ; ; We are undertaking an exercise to update our employee value proposition and undertook research to identify what factors employees themselves want. This was done so we can provide benefits that our employees will value from the most and benefit their health and wellbeing.

Pricing

• Price: £46.80 to £528.00 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagementteam@oneadvanced.com. Tell them what format you need. It will help if you say what assistive technology you use.