AzeusCare Case Management System

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: N/A
System requirements: Desktop/Laptop requirements:

2GB RAM, dual-core 2 GHZ, 7.9 inch 1024x768 resolution

Windows 8/10 with Edge or Chrome, Mac with Safari

Mobile Requirements:

IOS 9 or later for iPad Pro/iPad/iPad Air/iPad Mini

Android 5.1 or later for 7.9 inch with 1024x768 resolution

Windows 10 for Microsoft Surface 3 or Surface Pro 3

Other requirements:

PDF, MS office compatible document and spreadsheet viewer/editor

Any SMTP and POP3/IMAP compliant mail server

User support

Email or online ticketing support: Email or online ticketing
Support response times: Questions will be responded within 1 business day
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Each customer is assigned an Account Manager. He/she manages the ongoing contract, any amendments or additions to any aspect of it, provides general customer engagement, new product information and guidance and the provision and pricing of any new or additional business, technical, project management, user training and consultancy services as may be required by the customer. The services of the Account Manager are included gratis for each customer.

Application Support is provided via the medium of the Help Desk for the ongoing maintenance and support of the licensed application(s). Such support also covers the management of the delivery to the customer of upgrades to the application. The cost of Help Desk support is included in the application licence.

Our Standard Support includes access to the Help Desk which can be contacted via telephone or email during office hours. All issues raised will be logged in our online tracking system JIRA to which the customer also has access and which is available 24/7.

Our Enhanced Support extends our Help Desk support hours to provide 24/7 support if desired and may include onsite visits. The cost of extended support is negotiated with the Account Manager.
Support available to third parties: No

Onboarding and offboarding

Getting started: Prospective customers should contact Azeus UK to discuss their service requirements. It should be noted that we offer, in addition to cloud-based services, on-premise hosting if required.

On completion of the contract signing, a project manager will be assigned and Azeus UK will prepare the cloud-based instance or local environments according to the customer’s specifications.

For new customers, Azeus UK will provide data migration and implementation services to assist in moving from the existing system to AzeusCare with a view to enabling the customer to have complete ‘ownership’ of their new system.

The following services are offered:

1. Business Process Consultancy and System Configuration,
2. Data Migration,
3. Ad hoc Reports and Recording Templates development,
4. User training (hands-on and eLearning).

Azeus UK supplies an extensive resource library to customers which is regularly added to and maintained/updated. These resources include: 1. Release Notes, 2. Technical Set Up Guides, 3. User Guides per module, 4. Training Guides and Training Needs Analysis Templates, 5. Entity Relationship Diagrams, 6. Maintenance and Support Policies and Procedures.
Service documentation: Yes
Documentation formats: PDF

Other
Other documentation formats: MS Word
End-of-contract data extraction: A subscription termination notice should be supplied in writing to Azeus UK in accordance with the Call-Off Contract and the AzeusCare Software as a Service (SaaS) Subscription Agreement. Upon request for account termination by either party, any remaining payments must be cleared.

Azeus UK can provide the following services to extract customer's data at additional cost.

On an agreed date Azeus UK staff will generate an XML extract file containing the complete case record. (XML is an open standard format which can be easily used to facilitate data import to another system if needed.) Should there be a need for a user friendly format, we provide a tool (XSLT) to transform the XML into HTML.

Using this tool Azeus UK will dump all case data and make it available to the customer for secure download via SFTP (secure FTP). The customer will be provided with the instructions and the certificate required in downloading the output files. The customer will be given an agreed timeframe (usually 30 days) to download the output files before the records are purged.

On the agreed date, Azeus UK will then destroy the customer's data and release all resources that were allocated to the service.
End-of-contract process: Azeus UK can provide a) the data dump described above and b) the most recently updated version of the documentation as follows: Entity Relationship Diagram, Logical Data Model, Database Size Report (i.e. number of records per table and total database size in GB), XML schema definition for archived records.

Azeus UK can also provide the following services where it is expected that data from AzeusCare will be migrated to a new system: Data Quality Review, Bulk data cleansing/correction, Data Conversion in accordance with a customer defined format.

The above will be charged and Azeus UK will provide a quote upon receipt of the requirements from customer.

At the customer's explicit request and for further negotiated cost, the time for which the system can remain online after the termination date can be extended if required.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Chrome

Safari
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: AzeusCare's Mobile Application provides a sub-set of functions from the Case Management Application and can be used in either online or offline mode. It is essentially a recording device with capability to synchronise data with the server. Case records can be downloaded in whole or in part, core data updated, forms and case notes completed for either persons or families. Digital signatures and photographic 'evidence' can also be captured.

In addition, the application provides for the completion of Care Act financial assessments and for the calculation logic to apply whether or not the mobile device is connected to the internet.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: AzeusCare is a web-based suite of applications which sit on an Oracle database. The suite comprises a case management application, public-facing portals and an online/offline mobile application the user interface being written using Java (Java 6 server side). AzeusCare uses the Open Source JasperReports as the main embedded reporting tool alongside an in-house reporting tool developed by Azeus.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: The AzeusCare CMS application is compliant with assistive technologies compatible with MS operating systems such as Dragon Naturally Speaking and JAWS Screen Readers.
API: Yes
What users can and can't do using the API: Our standard API enables users a) to interface AzeusCare with third-party systems (including the capability to search and retrieve basic person information as well as generating and retrieving data extracts) and b) to create and update case records via the generation of compatible electronic forms which can be completed outside of the system independently and then checked in once completed.

API access is executed via web services. Our system monitors all API transactions. This includes requiring user authentication and creating an audit log for all transactions. Furthermore, API transactions pass through our Role-Based Access Control framework to ensure that record access is restricted to authorised users.

For security reasons we do not provide APIs for:
- User account Administration
- Amending system configuration
- Merging person records or performing error correction
- Workflow record approval
- Performing bulk record updates
- Deleting any record
- Direct creation of person records (this is to avoid duplicate person records from being created)
API documentation: Yes
API documentation formats: PDF
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: AzeusCare offers significant levels of flexibility in the customisation of the applications using the in-built tools provided, all of which are under access rights to authorised administrators:
- Recording Templates: create and amend existing forms,
- Workflow Management: set up and configure workflow tasks and/or embed in recording templates,
- Rules Engine: configure rules for financial computations for RAS, financial assessments, foster carer payments etc.,
- System Parameters: configure system-wide behaviours,
- Employee, Post and Team management: set up system accounts and team structure,
- Function rights and data security: set up role-based access control,
- Financial/accounting codes: set up background codes, authorisers, budgets,
- Reports Design: design and create reports,
- Reports Management: set up reporting schedule and recipient list,
- Dashboard Reports: set up queries and access rights,
- Standard Letters: set up templates for data merging,
- Directories: populate professional, provider, carer and organisations directories,
- Reference Code Tables: populate drop-downs,
- Flags and Alerts: set up rules for generation against case records,
- Dictionary Management: manage spellchecker,
- Address Management: manage address uploads,
- Workload Management Analysis Tool: manage caseload intensity scores,

Note that local branding can be applied to portals and output types also.

Scaling

Independence of resources: Azeus hosts the AzeusCare instance for each customer on a dedicated infrastructure that is carefully designed and based on the expected number of users. By providing each customer with a dedicated set of servers and storage devices based on the computed client load, our solution guarantees that each customer is physically and logically separated from other customers, with resources exclusively reserved for each customer. Should there be an increase in demand from the current users of the system, effectively increasing the expected workload capacity required by the infrastructure, the system can be configured to be scalable vertically and horizontally.

Analytics

Service usage metrics: Yes
Metrics types: AzeusCare provides extensive service metrics enabling analysis of how and when system users interact with the applications suite. These are presented in an on-screen audit facility (with multiple filter and drill-down options) from which detailed reports can be derived. This complies with Data Protection Act requirements. Reporting on case records can be executed via the embedded JasperReports tool and the proprietary query tool, which provides real-time dashboard reporting. Note that all field-level data in locally-created recording templates can be captured by reporting tools.
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with CSA CCM v3.0
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: AzeusCare provides a) a standard function for extracting all case data for a single case record into a XML output file and b) a PDF output of the same for subject access request purposes. Should there be a need for a user-friendly format, we provide a tool (XSLT) to transform the XML into HTML.

For data on case load and performance, the system provides output reports in PDF and XLS formats. We also provide an ad hoc query tool for user-defined queries and extract data into CSV or XML format.
Data export formats: CSV

Other
Other data export formats: XML

PDF

XLS
Data import formats: CSV

Other
Other data import formats: XML

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: The guaranteed system availability is 99.5%. Where the annual uptime percentage drops below 99.5% within a total Service Year (i.e., the preceding 365 days from the date of an SLA claim), the customer is eligible to receive a service credit equal to 0.5% of the annual service charge for each percentage below the committed availability. Note the annual service charge does not include ad hoc or pre-paid consultancy, training, project management or other one-off service types.

No credits are offered if a customer is in arrears with payments or has insufficient balance to continue using Azeus cloud services during the qualifying claimed credit period for at least 10 calendar days.

The maximum total credit for the yearly billing period, including all guarantees, will not exceed 5% of the total annual service charge payable by the customer for the eligible credit period (i.e. yearly billing cycle in which the most recent unavailable event included in the SLA claim occurred) nor can a credit amount in excess of 5% be carried over and applied to future fees.

The Account Manager service provides the means through which a claim can be made, account management meetings occurring quarterly.
Approach to resilience: Azeus UK implements a comprehensive backup strategy that keeps redundant backups of system data and its configuration. Backups are scheduled daily to ensure availability of data and will typically be kept for 14 days. A disaster recovery environment is available and is prepared in case a disaster occurs on the production site. The disaster recovery environment will be capable of taking over the operations from the production site if needed. Azeus UK will restore services to normal operations within 24 hours.

Our system infrastructure is designed to provide varying levels of availability to fit the customer's resilience requirements. The disaster recovery site is hosted on a geographically separate data centre with a system and server configuration that is identical to the production site.

The design can be adjusted to a strict resilience requirement with redundancy configured such that there is no single point of failure in the production setup or a more budget oriented approach where regular backups are configured and specific servers can be configured with hot or cold-standby configurations. The frequency of backup and replication can be configured to the customer's needs.
Outage reporting: Our service includes a Nagios server for monitoring the system. The monitoring service is configured to check if the system is up and to monitor performance and system-related parameters such as CPU utilisation, RAM utilisation and available storage space on servers. Thresholds are set so that Nagios will automatically generate an email alert should any threshold be breached. Email alerts are sent to the Azeus System Engineer for appropriate action. Data from Nagios monitoring is also used to monitor system usage and to inform future capacity planning.

For any scheduled downtime (e.g., maintenance or system upgrade) Azeus UK will inform the customer ahead of time (at least 1 week ahead except for emergency maintenance) and schedule the activities, where possible, outside of office hours.

Azeus UK provides a report for all system outages which includes the following:
1. Date and time when the outage was detected
2. Date and time of when Azeus UK first responded
3. Impact analysis
4. Contingency measures implemented
5. Date and time of when service was restored
6. Results of the post-mortem review of the incident.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password
Access restrictions in management interfaces and support channels: The AzeusCare applications support role-based access to all areas of the system and outputs (including reports). This includes administrator functions which can be delegated 'downwards' to other posts as required. All administrator activities are audited with the same level of granularity as other user types. Direct database access is handled independently.

Note that AzeusCare's unique Data Security module extends the role-based access via enabling control over who may see/update/delete specific data types irrespective of whether the user has rights to the areas or case types via standard function rights.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: British Assessment Bureau
ISO/IEC 27001 accreditation date: 3/8/15
What the ISO/IEC 27001 doesn’t cover: The following are inapplicable to Azeus UK as these are handled either by a third party (e.g., cloud hosting service provider) or by another Azeus subsidiary (e.g., Azeus Systems Philippines, which is where the software is developed). It should be pointed out, however, that our hosting service provider is ISO27001 accredited and our development house follows the principles of that accreditation:

- Physical security perimeter
- Physical entry controls
- Securing offices, rooms and facilities
- Delivery and loading areas
- Equipment siting and protection
- Supporting utilities
- Cabling security
- Equipment maintenance
- Removal of assets
- Security of equipment and assets off-premises
- Secure disposal or reuse of equipment
- Administrator and operator logs
- Clock synchronisation
- Secure development policy
- Technical review of applications after operating platform changes
- Secure system engineering principles
- Secure development environment
- System security testing
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: The AzeusCare team operates a formal Information Security Management System (ISMS) which is based on BS779 pt.2 and ISO17799 and accredited under the ISO standard 27001. It addresses the following areas: Quality, Performance Monitoring and Review, Policy and Procedures, Managing External Relationships, Financial Management, Strategic and Business planning, Human Resource Development and Service Innovation. There is a nominated Chief Security Officer (CSO) who ensures that Azeus UK staff members are aware of the importance of meeting customer, as well as statutory and regulatory, requirements. The Chief Security Officer also ensures that staff members contribute to achieving Azeus UK’s Information Security Objectives and ensures a) that the information security policy and objectives are in line with the strategic direction of the organisation, b) that they are fully integrated into the organisation’s processes and c) that resources needed for the ISMS are available. Further, the CSO ensures that communication covering the importance of effective information security management and conformance to the ISMS requirements is in place, that the ISMS achieves its intended outcome(s), that direction and support is available to staff and that continual improvement is promoted.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: Azeus UK tracks a range of system configuration settings (e.g. application, server, network, firewall, etc). During initial setup, we apply our standard configuration process (which includes server hardening) prior to release for customer use. Subsequent changes are then tracked and undergo our internal change management processes which includes impact analysis to system security and stability. Changes are first tested in an identical test environment before being rolled out to the production environment.

Azeus UK manages only the server-side configuration which includes OS security patches and server-side anti-virus updates. We expect the customer to maintain the configuration of all client-side devices.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Security testing is a key aspect in the overall development process for the AzeusCare Applications Suite. The system undergoes regular and methodical vulnerability scanning on both the application and the infrastructure in line with the requirements of the Digital Service Standard. Regular In-house testing ensures we are building and maintaining a body of expertise in the developer pool. Independent vulnerability scans are also often conducted by our customers for additional assurance. Potential and current vulnerabilities are made known by these scans. Appropriate rectification for these vulnerabilities are then handled in a timely manner dependent on the severity of the vulnerability.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: In conjunction with our hosting provider (who applies the Cloud Security Principles) our monitoring strategy embraces the NCSC's 10 Steps to Cyber Security. This strategy includes both technical and transactional monitoring, as appropriate, informed by previous security incidents and our remedial actions. Our incident response plan comprises 1. Make an initial assessment, 2. Communicate the incident, 3. Contain the damage and minimize the risk, 4. Identify the type and severity of the compromise and protect the evidence, 5. Notify external agencies and recover systems, 6. Document the incident. Response times will be dependent upon the severity and its impact.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Azeus UK uses JIRA (our online tracking system) to communicate, manage and report on all incidents. We provide authorised customer representatives access to our JIRA system in order to promote transparency and they can engage in the workflow from initial logging to resolution. Feedback on all incidents is available here.

Incidents are classified as critical, high, medium or low and are responded to within our response time commitment and resolution timeframes. Critical and High incidents will usually be followed by an internal Causal Analysis meeting and the appropriate updating of documentation and/or process.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: Public Services Network (PSN)

Health and Social Care Network (HSCN)

Fighting climate change: Fighting climate change

We are a carbon neutral company and carry out our work remotely by default - whilst we do attend onsite meetings where preferred by customers, in these cases we always travel by public transport. We also support fully remote working for our customers and have a proven track record of successful fully virtual delivery.

We are a paperless company - we do not maintain any paper records other than those required by law such as contracts. All other documentation is held securely on our own servers and with cloud partners.
Our systems enable a paperless office - we support the push in our customers towards fully paperless working, with no need to generate or maintain paper trails outside of the system. Our systems support fully PDF/A compliant archive formats and electronic signatures and authorisation audit trails, removing any need for paper records

All our staff work fully remotely as standard, avoiding the need for unnecessary journeys. This was our policy for many years prior to the Covid pandemic, and now that it has become a more standard way of working across the country, our customers are increasingly moving towards the same approach. For meetings that are better suited to being held face to face, we always use public (ground) transport to travel to them.
We were able to provide seamless transition for our customers to online working at the start of Covid due to being a web-based system with no unnecessary access restrictions.

Our implementation process and system can support organisations in working towards a goal of net zero by removing the unnecessary travel, office and meeting space, and also reduced energy overhead for maintaining a data centre by delivering the system via the cloud.

We are accredited to ISO14001 for environmental management.

Pricing

Price: £200 a user a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: Prospective customers may have up to 30 days free access to specific modules in order to test out functions and assess their applicability to current needs. We offer a standard 'sandpit' environment with a suitable dataset to enable real-life working scenarios to be managed.
Link to free trial: Please contact Azeus UK

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

AzeusCare Case Management System

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents