Blueteq Ltd

Incident Management System

The Incident Management System allows users to manage multiple commissioner services such Patient Advice Liaison (PALS), Complaints, Serious Untoward Incidents, Safeguarding, GP Clinical Feedback, Risk, MP Questions, and other process driven services.

Features

• Take control of the practice drug stock levels
• Track drug batches across multiple sites and locations.
• Can cover other stock items if required.
• Record stock levels using via the scanning app.
• Record and check in deliveries
• Record all stock adjustments by Doctors/Nurses quickly via scanning app
• Keep a complete audit trail of the process
• Customised reporting tools available
• Planned integration with GP Systems/Surgery Network
• All hosting and back up routines taken care of

Benefits

• Scanning app saves time when recording stocklevels.
• Drug check out takes seconds.
• Instant warning of low stock levels/expired stock.
• End of year stock value report for accounts.
• FP34 report ensures that no claimable drug is missed.
• Supplier invoices can be easily matched against deliveries
• Manage your practice drugs budget effectively

£600.00 a person a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@blueteq.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

187287936159380

Contact

Graham Simmonds
02392 413057
info@blueteq.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: This web based software will run on a variety of web browsers without the installation of specialist software or configuration changes.
• System requirements:
  • Internet Explorer Version 7 - 11 or Chrome installed
  • Minimum 1Mbs synchronous Internet connection
  • Acrobat Reader for reading documents (Optional)
  • MS Office for opening Word/Excel documents (Optional)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All tickets are responded to within 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide a single level of support across all of our clients and systems. A Lead Project Manager is assigned to all new system implementations and he/she will remain the key contact until the system is handed over to the Practice.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide as much onsite and "webex" training as the client requires. ; We aim to meet all of our clients for review meetings annually as more often if required.; All our systems are provided with user documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When the date of termination is reached, we will securely provide an encrypted SQL Server back up file that includes all data, images and documents saved within the system.
• End-of-contract process: On termination of the contract, we will arrange for the secure return of all data as a SQL Server back up. There will be an additional cost if the client requires the data supplied in other formats.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Any aspect of the system and its configuration. We use our ticket system for users to request changes. We always advise that a key contact is assigned to manage changes within the system.

Scaling

• Independence of resources: We use a virtual server network where we will add hardware to the network to maintain satisfactory performance levels.

Analytics

• Service usage metrics: Yes
• Metrics types: Upon request
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users are able to export data into an Excel format within the system.; We can also supply a web service that will allow the export of data into data warehouses at no additional cost.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a 99% availability for access to our systems. All programmed maintenance is carried out outside of business hours and the client is informed of these outages in advance.; We would refund a pro-rata amount based on the outage time up to the amount of the monthly support charge.
• Approach to resilience: - Availability of multiple connections with re-routing capability to other data centre sites.; - UPS and 7 day generator back up.; - Virtual server network allowing for the transfer of system images from one hardware configuration to another.
• Outage reporting: Email alerts and login messages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All of our management interface and support channels are maintained on a private network with external access via IPSec VPN to named users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit 2020

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NHS Information Governance Toolkit Assessment V13.
• Information security policies and processes: All incidents relating to the security policies and processes are reported to the Information Governance Lead who is the Managing Director.; The following policies are available upon request:-; - Information Governance Policy; - Information Risk Management Policy; - Information Security Policy; - Information Security Incident Handling Procedure; - Network Security Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change management requests are recorded and tracked through our on-line ticket management system. Continuous internal assessment of the security impact of all changes applied to our systems. Regular external assessment of changes are carried out by a third party CHECK accredited Security Consultancy.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular monitoring of logs - firewalls, web and database services.; Weekend application of patches to all servers; Emergency security patch application overnight.; Security threat notifications received from NCSC website, Operating and application system websites. Symantec and McAfee.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Daily monitoring of logs - firewalls, web and database applications.; Unauthorised access attempts notifications from systems.; The response is determined by the nature of the compromise. Any security incident will be handled in the process laid out in our Information Security Incident Handling Procedure.
• Incident management type: Supplier-defined controls
• Incident management approach: We follow the procedure laid out in our Information Security Incident Handling Procedure (available upon request).

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We provide free electric car charging to our staff. This is powered by a large solar array and supplemented by a battery storage system. Our offices remain largely off grid.
• Covid-19 recovery:

  Covid-19 recovery

  We have worked with NHS England to provide data to aid them monitor effective Covid treatments.
• Equal opportunity:

  Equal opportunity

  We employ both men and women and sponsor foreign nationals to be able to live and work with us. Over 60% of our workforce are from overseas.

Pricing

• Price: £600.00 a person a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: One month free trial - includes everything except scanning hardware

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@blueteq.com. Tell them what format you need. It will help if you say what assistive technology you use.