Clarity Informatics Limited

Agilio Mortality Review

Clarity Assure Retrospective Case Review (RCRR) is an online solution to allow users to enter data for mortality reviews.
It complies fully with all national standards of reporting to the Learning from Deaths report.

Features

• Secure data storage
• Uses PRISM methodology
• Simple data retrieval
• Quality configurable reporting
• Thematic learning
• Uses structured case review approach
• Configurable data recording for specialist teams
• Uses NCEPOD qualitative scoring
• Escalation to team members
• Medical examiner reporting and recording

Benefits

• Secure data storage in the UK
• Proven technology and published peer-reviewed research
• Qualitative and quantitative reporting
• All information goverance process covered in detail
• Automated daily, weekly, monthly data uploads SUS or PAS
• Multi-layered reporting
• Simple set-up with no local installation as web-based solution

£19,000 to £19,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

212924744705839

Contact

James Stephenson
01912875800
james.stephenson@agiliosoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Community cloud
• Service constraints: No constraints
• System requirements: We support all modern internet browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All questions answered within 30 minutes of receipt.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Installation, face to face training, WebEx and telephone as required.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Site visits to explain the system.; IG linkage created.; Test upload of data files. ; Onsite or online training.; User documentation is provided.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data extracted via secure FTP. ; Various formats as needed. ; Single data dump if required. ; Self-service data feeds available.
• End-of-contract process: No additional cost. ; Data transfer project provided as standard.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Configurable reporting and new mortality review forms deployed quickly.

Scaling

• Independence of resources: No data or user limitations

Analytics

• Service usage metrics: Yes
• Metrics types: Configurable metrics across the platform.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Self-service and standard reporting provided. ; Configurable reporting available.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability is 99.9%; We have a 4 hour RTO
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management channels and interfaces are restricted by critical contacts at a trust providing us with bona fide contact user name, email and role. ; Verification is checked before allowing access to the application. ; Role based access is also a core feature of the tool which can further restrict access only to appropriate areas of the application.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 27/06/2019
• What the ISO/IEC 27001 doesn’t cover: Nothing in relation to this service
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001 processes; SIRO and DPO employed; Caldicott guardian employed; Board level assurances and reporting; Annual audits and penetration testing

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have a process that is certified by ISO 27001 where we we plan and assess any changes that need to be made to the system on an ongoing bas
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We conduct regular penetration tests.; Our servers are kept up to date with the latest patches on a weekly basis.; We subscribe to the latest feeds from Microsoft about potential vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As detailed in our ISMS, we monitor the industry for known threats/vulnerabilities and also have product specific controls and alerts for suspicious activity. Response times and actions vary with the level and nature of threat but can be within minutes or hours.
• Incident management type: Supplier-defined controls
• Incident management approach: We have several well defined processes for events both from customers and from internal alerts. User reports are via our helpdesk system (email or phone) and can be escalated immediately if appropriate. Significant events are logged and reviewed, with feedback to involved users and/or more general announcements or communications, Disaster recovery plans are in place for "common" incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Mortality review and tackling economic inequality.; ; Our mortality review service provides thematic learning from deaths in hospital. Where there are gaps in care or services this can be identified, reported and then discussed at a trust level using the Learning from Deaths methodology. ; ; This approach can lead to significant improvements in understanding mortality arising from health and economic inequality. It can be discussed at a local and regional level in order to understand the gaps and rectify service level improvement. ; ; Our application provides the ability to manage this process.

Pricing

• Price: £19,000 to £19,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.