Alphatec Software Ltd

ClaimControl - Insurance Claims, Health and Safety Incidents and Risk Management Software

Alphatec Software's ClaimControl is an award winning insurance claims, claim handling, health and safety incidents and insurance risk management SaaS solution that helps you efficiently manage all incidents, all types of claims, insurance, policies and more, in a single, simple to use system.

Features

• Integrated diary action system with built in workflow
• Document and image management
• Ability to add fields and workflows
• Detailed financial and insurance planning reporting
• Full e-mail integration including ability to e-mail directly to claim
• Highly configurable solution - ClaimControl fits your organisation
• Schools / Client / Partner / Departmental Portals
• Integrated First Notification of Loss with Automatic Notifications workflow
• Complete audit trail of changes
• Business Intelligence, Property, Policy, Fleet and Driver Management capabilities

Benefits

• Web-based supporting agile/home working and hot desking
• Reduces administration costs, saving you time and freeing up resources
• Real-time visibility and evidence on all incidents and claims
• Ability to work on any device- smartphone, tablet, laptop, PC
• Full support for insurer financial and status uploads
• All corespondance, policy documents and photographs are at your fingertips
• Automatic service levels, escalation reminders ensures claim progression
• ClaimControl is continually enhanced to meet your needs
• Simple migration and implementation path from your old system
• Leading edge reporting capabilities, answer FOI requests in minutes

£95 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sdavies@alphatec.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

192460049670792

Contact

Simon Davies
01327 342 299
sdavies@alphatec.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ClaimControl is a standalone product but also operates as part of our Avers, WASP and Timebox systems.
• Cloud deployment model: Public cloud
• Service constraints: Browser: ClaimControl requires a modern secure browser and fully supports the following browsers:; Edge; Chrome; Safari ; Firefox; Opera; ; Mobile: ClaimControl is fully responsive and runs on:; iPhone; Android Smart Phones – E.G. Samsung; Windows Phones; Windows Tablets; iPad; Android Tablets; Running modern supported versions of the appropriate Windows, Android and iOS Operating systems.; ; Hardware: There are no specific hardware requirements.
• System requirements:
  • A compatible internet browser
  • A PDF Viewer to view PDF Reports
  • Excel, GoogleSheets or similar for viewing reports as spreadsheets

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Acknowledgement will be within the hour and resolution is typically within one hour of acknowledgment. Standard support is only available during UK office hours Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a single level of support for all our users.; ; This support is included in the cost of the subscription. Each account is allocated a primary account manager and primary support contact.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Alphatec uses our expertise in dealing with hundreds of organisations to help guide new accounts through the process of configuring and setting up their account in order to gain maximum benefit. This process is designed to be as easy for our clients as possible and we provide assistance throughout this process. ; ; As part of the implementation process we provide onsite training or online training depending on each organisations preference.; ; There is also user-guide documentation available as well and also in application help in a number of the modules.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Over 99% of our users have never unsubscribed, choosing instead to extend their subscription but for anyone who does wish to end the contract, we have an exit plan document, which explains our process in detail. ; ; For organisations that ever do wish to unsubscribe, we will supply all of their information in .CSV format with all of the relevant linkages to allow them to relate it.; ; All of the information in ClaimControl always belongs to the client, unlike in some other claims systems we have had users migrate from.
• End-of-contract process: At the end of the contract, the user is required to give notice of wishing to end the contract. ; ; At that point in time, we will send them our exit document and start discussions with them, to agree a date when they want us to supply their information, so as to allow them to have a seamless transition. ; ; We will then discuss the informational needs and will supply them with their information on the day they want it delivered. Once they have confirmed receipt of the information, we will revoke their access to the account. ; ; If they would like us to, we will hold their data on the system for up to 2 weeks, so as to allow them to ensure they have everything they need for moving forward. We will then confirm with them that we are going to delete their information from ClaimControl permanently. The information will then be deleted. ; ; At all stages we will work with the client to help ensure the move is as simple and easy for them as possible.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile and desktop services are identical the system user interface is fully responsive so that the screen rendering takes account of the size and form factor of the mobile device being used.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The Service interface provides a simple, easy to use interface for the management of: Claims, Incidents, Time, Policies, Associated Correspondence, Documents and Images, Properties and Fleet. ; ; There are also useful dashboard views and business intelligence integration, to allow any user to create their own bespoke reporting views.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The system was developed with the Kendo UI control suite which supports WCAG 2.1AA and AAA
• API: Yes
• What users can and can't do using the API: The current API is limited to the submission of incidents & claims and can also be used to amend certain areas of system set up and different configurations. ; ; The API can also be used to upload documents, videos and images into the appropriate record in the system.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users are able to add new fields, values and options. They can even specify what types of claims these appear on. ; ; Unlike many systems these user defined fields also become part of the data they can report on enabling this information to be used productively - immediately. ; ; The organisational structure can be configured and changed by an admin user at any time, as can all organisational specific values in drop downs throughout the system. ; ; Any users with administration access can also customise what features and functions the users have access to even down to very specific actions within areas of the system (e.g. admin access users can configure what roles exist and what any users in each role can do).; ; The application can also be white labeled to support the organisations corporate branding. This is especially important on the First Notification of Loss forms used by many of our local government clients.; ; The application has a module that will link to the clients chosen business intelligence solution, E.G. QlikView, Tableau, MS Power B.I. within Office365 to help with client specific and customisable dashboards and reporting.

Scaling

• Independence of resources: Resource utilisation is monitored and flexed to ensure the system operates quickly and smoothly for all users.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can themselves report on the various metrics including user use of the system, number of incidents / claims recorded etc.; ; The BI Module can also be used, to link to a users chosen BI solution, to allow them to build their own service metric reports or dashboards, with data pulled directly from ClaimControl
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: In addition to the above, the databases are all encrypted with TDE and even within the databases, secure data such as password credentials are further encrypted.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data in a number of ways including Excel, PDF and CSV (simplified excel)
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Bespoke Payment Files Supported
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: We also implement a number of additional security measures to ensure security of both the system, the communication and the users data. e.g. we implement secret key authentication on all pages to protect users from cross site scripting.; ; All data is encrypted over HTTPS. Access to BI Data is restricted by IP Address.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The applications are monitored 24 hours a day, 365 days a year, with 24 hour support at network, developer and DBA level.; ; We guarantee 99.9% up time. We do not provide refunds.
• Approach to resilience: This information is available on request
• Outage reporting: Through our web site, e-mail alert to key account contacts and twitter.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces is secured and in addition, the feature group and features are enforced such that even if communication were compromised the protection cannot be circumvented
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: CDL Group
• ISO/IEC 27001 accreditation date: 01/04/2022
• What the ISO/IEC 27001 doesn’t cover: There are no exemptions in relation to the service listed on the framework.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001:2008
  • ISO 2000:2011
  • ISO 14001:2004
  • Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security policies and processes are all ISO 27001 certified. ; ; As well as the above, all releases are subject to security assessments based on the following criteria:; a) New or Major Application Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.; b) Third Party components – will be subject to full assessment after which it will be bound to policy requirements.; c) Point Releases – will be subject to an appropriate assessment level based on the risk of the changes in the application functionality and/or architecture.; d) Patch Releases – will be subject to an appropriate assessment level based on the risk of the changes to the application functionality and/or architecture.; e) Emergency Releases – An emergency release will be allowed to forgo security assessments and carry the assumed risk until such time that a proper assessment can be carried out. Emergency releases will be designated as such by a Director or appropriate manager who has been delegated this authority.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All change management is managed through our change management system Jira and Confluence. ; ; All source changes are managed through source control.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have external and internal vulnerability scans. These are run twice a week and any critical or high issues found are resolved as they arise, medium are planned for deployment or patching along with the monthly upgrade deployment.; ; Service packs and patches are applied once their impact on applications and users has been assessed and tested.; ; The information for the issues, service packs and patches comes from the internal and external vulnerability scans that run twice a week.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We have threat detection and DDoS protection within the datacentre and also have the application configured to provide logging and automatic notification of both errors and unauthorised behaviours.
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents by e-mail or by telephone to our support team. We have documented processes in place for common events (e.g. user access etc).; All support incidents are logged in Jira our incident management system and tracked through the SCRUM boards.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  ClaimControl is a hosted solution accessible from anywhere with an internet connection and on any device. ; Being hosted, means that users do not need any servers to benefit from using the system, so this is a saving in both power and space usage. ; ClaimControl also allows for all documents, images, e-mails etc. to be stored within the system, so there is no need for any documents to be printed out, as these can be accessed directly from the system and again on any device, so this is a further saving in both paper and energy usage. ; Along with the above, being hosted, allows for users to access the system from home, so they don't have to drive into their offices to use ClaimControl, which again, is a further environmental benefit, as they are not using their vehicles and producing exhaust fumes.; We operate a hybrid working policy, so staff do not need to drive into the office every day and work from home, so again offering an environmental benefit from lower vehicle usage. ; We have very few suppliers and those that we do use, have detailed climate polices in place and we believe (like ourselves), working towards a net zero greenhouse gas emissions.
• Covid-19 recovery:

  Covid-19 recovery

  As is with some of our other responses, as ClaimControl is a truly hosted solution, it can be accessed on most modern web browsers and on any device with access to the internet. ; ; With the systems, complete document and image storage, If a user is instructed to work from home and no longer needs to go into the office, all they need to do, is use an internet enabled device to log on to ClaimControl and continue to work on whatever they may have been doing whilst at their offices. ; ; One of our clients wrote as below:; ; "Since the decision was made to implement Claim Control as our new Claims handling system, we have always known that it’s cloud based functionality was, and would be, a huge benefit. During lockdown however this benefit has risen exponentially as staff have been able to register claims without having to resort to more “clunky” ways of accessing our system (as with other platforms that we use which are office server based).; ; Performance from ClaimControl has been seamless throughout this challenging period allowing us to continue working from home without any difficulties and without any noticeable difference to our clients. Since lock-down began as well Alphatec have remained in close contact with us, offering additional Webinars, Zoom calls and enhancements to the system which have improved the experience yet further."; ; Being web-based means that those staff who are still shielding or are concerned in being around others/in an office, can easily work from home/remotely, which in turn also helps with staff on-going costs, as their travel is reduced.
• Tackling economic inequality:

  Tackling economic inequality

  ClaimControl is an extremely cost-effective claims, incident, case, insurance risk management system, that can be used to manage and report on Insurance Claims, Health and Safety Incidents and in some case Complaints. ; The system can be compartmentalised, so different teams can all benefit from using the one system, rather than having to pay for two/three/four different systems. This means that users can save their organisations money, as they are paying for the one system to incorporate, one, two, three or even four different departments. ; This saving gives the users organisation, the ability to use the money that they have saved in procuring more systems to tackle economic inequality in other parts of their organisation.; The system is continually enhanced with feedback from our extensive list of users in lots of business sectors. These continual developments mean that clients are future proofing themselves with new ways of working to increase their productivity and decrease costs. Along with this, weekly internal and external vulnerability scans are carried out, and all relevant security patches / fixes that are released are installed straight away. This is done to ensure that the system is always up to date for the latest cyber security risks.
• Equal opportunity:

  Equal opportunity

  When any new employee joins the business, we have several policies in place to ensure that they are treated fairly and have the same equal opportunities as everyone already working within the company. ; ; These policies are regularly reviewed and cover lots of different areas and are accessible for all staff members to access and read at their leisure. ; ; A full explanation of the staff handbook containing all policy documents is explained during staff inductions and a reminder during staff 1:2:1’s and annual appraisals.; ; The employee appraisal forms that are completed during each employee appraisal, detail performance matrices and employee/manager feedback as below: ; ; Job Knowledge ; Work Quality ; Productivity ; Key Strengths ; Attendance and Punctuality ; Dependability ; Communication Skills ; Teamwork ; Working with Others ; Kay Areas of Success and Improvement ; Training and Development Action Plan ; Feedback Summary ; ; These sessions allow each manager and employee to have a detailed discussion around their working life within the company and their on-going personal development. ; ; The policy documentation folder is open to all employees to read any of the detailed Alphatec policies as and when they would like to update themselves. ; ; Our systems are also WCAG 2.1 compliant, to allow for those employees with certain disabilities to work for Alphatec and not be excluded. The offices are also wheelchair enabled, with ramped access, large height adjustable desks and toilet facilities. ; ; Staff are encouraged to develop themselves for the benefit of both themselves and the company and regular training is offered and given as is requested or regulations require.
• Wellbeing:

  Wellbeing

  We value the wellbeing of all our employees within the company, and strive to create:; ; • A better workplace environment; • Happier employees who are more confident and able to express their ; feelings and ideas; • Increased productivity, efficiency, and motivation; • Minimise the risk of burnout; • Improved staff retention ; ; The key areas that our wellbeing policy covers are: ; ; • Physical & Mental Health, and ensuring a safe working environment; • Creating a culture that encourages people to value and maintain a ; good work/life balance i.e. taking regular screen breaks, taking their ; holidays, not working excessive hours etc.,; • Communicate positive values & principles that staff can buy into and ; be proud to be associated with ; • Create an open-door environment and facilitate healthy relationships ; between all employees based on trust and respect; • Help staff to grow within their roles by providing relevant training and ; career progression, and recognise and appreciate everyone for their ; contribution; • Encourage good lifestyle choices e.g., lunchtime walking, cycle to ; work schemes etc.,; • Provide incentives, recognition, and rewards to retain staff and make ; them feel good ; ; One of the key points to this policy and what we endeavour to remember is looking after the wellbeing of our teams is like an investment in them, and our reward for it, will be fresher employees, who feel looked after and valued, typically resulting in them producing better work.

Pricing

• Price: £95 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sdavies@alphatec.net. Tell them what format you need. It will help if you say what assistive technology you use.