InterSystems Corporation

InterSystems IRIS for Health Data Platform

InterSystems IRIS for Health is a complete, unified platform that simplifies development, deployment, and maintenance of real-time data rich solutions. InterSystems IRIS for Health combines a transactional-analytic processing engine for all data types; multiple, fully synchronised data models; native interoperability connecting disparate applications and data sources; an open analytics platform.

Features

• Enterprise unified data platform Data management interoperability transaction processing analytics
• Automatic model consistency promotes Low Code. Enables different development patterns
• Hybrid transactional/analytic database with ACID compliance for SQL/NoSQL
• Data Models. Support Objects, SQL, array, vector, document, columnar
• Enterprise Scalability. HA mirroring sharding and multi-node deployment options
• Analytics. BI cubes Python PMML NLP, GenAI, Machine Learning
• Multi Workload. Complex queries scanning big data. Fast data ingestion
• Flexible Cloud deployment including Hybrid SaaS PaaS plus on-premise
• Integration. Providing seamless service deployment and orchestration. Including devices IoT
• Developer flexibility. Java Javascript .Net C++ Python R XML JSON

Benefits

• Single Data Platform. Eliminates latency and duplicate data stores
• Single development environment across all functionality. Developer productivity and efficiency
• Concurrent transactional/analytical processing. Eliminates latencies delivers immediate insights
• Less code, fewer system resources and less maintenance. Optimal DevOps
• Vertical and horizontal scalability. Increased workloads data sizes/types users
• Reduce infrastructure costs. Efficient data storage and simple fast installation
• Integrated ESB or SOA. Revitalise legacy and create innovative solutions
• Enables innovation. Machine learning predictive analytics Natural Language Processing
• Government Security. Common Criteria 3 Certified all data document levels
• Free online learning environment. Comprehensive online documentation. Global developer community

£6,999.00 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@intersystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

222300201429133

Contact

Alex Zaremba
01753 836929
g-cloud@intersystems.com

Service scope

• Service constraints: No applicable constraints.; ; Refer to Service Definition, Pricing and License Terms.
• System requirements:
  • Containerised/Cloud agnostic - public, private, hybrid
  • Servers - Windows, AIX, SUSE, Redhat, Ubuntu & Oracle Linux
  • Additional Development Platforms - CentOS and Apple macOS
  • Link to detailed requirements provided in Service Definition

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: InterSystems Worldwide Response Center is accessible 24 x7 via phone, email or web-based support portal. Our intention is to provide an immediate response. All contacts have a response within 30 minutes.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: InterSystems Technical Assistance Services are provided on a 24x7 basis as standard for customers with a software subscription license for InterSystems IRIS. The customer sets the priority and can elevate the priority at any time. InterSystems staff may elevate the priority but may not lower the priority without customer authorisation. Customer Problems: Crisis = Immediate/Continuous 24-hrs attention until; resolution; High = Same customer business day resolution; Medium = resolution within 5 customer business days. Software Defects (Bug Fixes): Crisis = Immediate/Continuous 24-hrs developer attention until defect corrected or acceptable workaround; High = Fix tested and delivered to individual customer within 2 weeks and included in next maintenance release; Medium = Fix provided in next maintenance release. All supported customers have access to a named account manager and sales engineer as customer relationship points of contact. This is in addition to the problem management and escalation procedures of InterSystems Worldwide Response Centre.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: InterSystems provides extensive on-line learning materials and documentation. ; ; Classroom training is available from the InterSystems office in Windsor covering all aspects of working with the InterSystems IRIS platform. ; ; Onsite training is available on request.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: InterSystems IRIS provides connectivity which allows data to be extracted from the platform in a number of ways using either built in or third party ETL tools.
• End-of-contract process: This depends on the hosting option chosen, however, usually any data that is to be retained is extracted and then the platform is decommissioned.

Using the service

• Web browser interface: Yes
• Using the web interface: Users may manage, configure and operate all aspects of the InterSystems IRIS platform, assuming that a specific user has the appropriate development or administrative role(s). The customer decides which roles should be assigned to specific users. ; ; This includes creation and configuration of IRIS instances as well as any business logic, APIs and data structures. Some aspects are more easily maintained using either VSCode or Eclipse based IDEs that is available alongside the web based management portal.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The web interface provides a comprehensive mechanism to configure, manage and operate the InterSystems IRIS data platform. It is accessible from any mainstream browser and is restricted to a specific InterSystems IRIS instance.
• Web interface accessibility testing: The InterSystems IRIS Web portal is aligned with and conforms to common accessibility standards. InterSystems is aware of the standard and the importance of accessible tools, and are WCAG 2.0 level AA compliant with several of our products, but have not yet tested or audited Accessibility with InterSystems IRIS’ Management Portal.
• API: Yes
• What users can and can't do using the API: InterSystems IRIS provides many APIs. These are available to configure and manage the platform including continuous integration and operational management. ; ; InterSystems IRIS enables the creation and management of new application APIs as part of implementing an Service Oriented Architecture (SOA), utilising either a Service or MicroService based approach.
• API automation tools:
  • OpenStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools:
  • Kubernetes
  • InterSystems specifically works with Kubernetes, Terraform and Puppet,
  • However customers use a wide variety of automation tools.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
  • Other
• Using the command line interface: The user may exercise partial or complete control over the configuration and operation of InterSystems IRIS, dependent on their role(s) and permissions.

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Each customer operates using their own versions(s) of InterSystems IRIS using dedicated instances and operating environments. ; ; The InterSystems IRIS data platform can scale in a number of different dimensions in order to handle Petabyte scale data sets, very high rates of data ingestion and massive concurrent transactional and analytical workloads. ; ; Further details of deployment architectures to suit specific workload mixes are available on request.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • SMS

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Databases
  • Configuration data
• Backup controls: InterSystems offers a managed service for InterSystems IRIS, but not as part of this service. The platform offers built in capabilities to perform on-line backups of all data and code, as well as mechanisms to integrate with external backup mechanisms such as SAN snapshots. InterSystems maintains reference backups of the InterSystems IRIS data platform. Users fully control the nature and frequency of backups of data and configuration dependent on the nature of the chosen Cloud deployment platform. For further details on SaaS or PaaS, please contact InterSystems.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Data at rest may be encrypted, either at the hardware layer or platform layer. Strong user authentication is used and a variety of security mechanisms are deployed.

Availability and resilience

• Guaranteed availability: Dependent on chosen hosting option, however customers regularly choose to configure their environments to achieve between 99.99 and 99.999 uptime
• Approach to resilience: InterSystems IRIS includes in-built Synchronous and Asynchronous mirroring, suitable for the deployment of cost effective and robust HA and DR. This is usually combined with capabilities within the chosen hosting environment to provide very high levels of resilience. Further details may be found at the InterSystems Developer Community: https://community.intersystems.com
• Outage reporting: InterSystems IRIS is capable of generating a variety of different alerts, delivered by multiple mechanisms, dependent on the chosen Cloud hosting environment. Management of Enterprise deployments is often facilitated by using tools such as Nagios, which instrument aspects of the environment other than the core InterSystems IRIS solution. In such a case, reporting of outages or other operational issues is handled through the monitoring tool.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: This is dependent on the Cloud deployment options that are chosen and the security requirements of information to be managed within the InterSystems IRIS platform. Users for deployed solutions with sensitive data are often authenticated using multi factor authentication and access environments using restricted networks. However, a deployed application may authenticate users using a username/password combination. Frequently such authentication is often delegated to a trusted external source.
• Access restrictions in management interfaces and support channels: Management interfaces are provided via a locked down, dedicated Apache instance that is installed as part of InterSystems IRIS. Access to management facilities via this Apache instance is usually restricted to an encrypted VPN with 2-factor authentication. However this may be varied, dependent on the Cloud hosting option chosen and the sensitivity of the data within the platform.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Default configuration is username and password, however the service may be configured to constrain access by any of the mechanisms described. It depends on how the service is intended to be used.
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: TUV Nord
• ISO/IEC 27001 accreditation date: March 2022
• What the ISO/IEC 27001 doesn’t cover: The corresponding Statement of Applicability has no exclusions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: InterSystems UK has developed and implemented an information security management system, as a means to implement the required controls, which has been certified to ISO 27001. The corresponding Statement of Applicability has no exclusions, which means that InterSystems has implemented all available security controls under ISO 27002 and that an independent Certified Body fully audits these controls and measures on a regular periodic basis. InterSystems UK is certified to:• ISO 27001 - Information security management system• ISO 22301 - Business continuity management system• ISO 20000-1 - Service Management System• Cyber Essentials Plus.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration Items (CIs) are identified and controlled using Configuration Management Data Base (CMDB) systems. Any updates to the CIs (performed via Change Control) are replicated in the records on the CMDBs. Change Management controls all changes to all services in InterSystems UK. Changes follow a standard process of Categorisation, Impact Assessment, Approval, Design/Build, Testing, Release, Closure. Configuration record updates are performed during the Change Management process.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability Management within InterSystems UK is performed using processes which have been audited and certified to ISO/IEC 27001. Vulnerability scans are carried out proactively and the level of risk is determined for any issues identified. Vulnerabilities are also identified using a range of subscription monitoring services and software. Once an issue has been identified, appropriate corrective actions are developed and the impact of deployment established. The time taken to deploy any patch / update is consistent with the level of risk and the impact of deploying.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective Monitoring within InterSystems UK is performed using processes which have been audited and certified to ISO/IEC 27001. Monitoring is carried out of user activities, exceptions, faults and information security events and action identified consistent with the level of risk.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents are managed within InterSystems UK using processes which have been audited and certified to ISO/IEC 27001. Incidents can be reported by anybody within the organisation to a single point where they are logged and details taken. Investigations are carried out and corrective actions identified based on an assessment of the impact and likelihood of occurrence. Root Cause Analysis is carried out post-incident to determine any preventative actions that can be taken to avoid recurrence. Details of incidents are reported to senior management to enable further discussion and planning.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Dependent on the chosen Cloud hosting option
• How shared infrastructure is kept separate: Where different organisations are hosted on the same infrastructure, their InterSystems IRIS environments are fully separated, running in different OS images with data in motion usually secured by TLS implementations specific to each organisation and data at rest in physically separate databases, on separate storage mount points that are secured by strong encryption using keys that are specific to each organisation.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: InterSystems' primary data centre is listed on the European Energy Efficiency Platform (E3P) code of conduct (CoC) Data Centre (DC) Partners list; which can be accessed at https://e3p.jrc.ec.europa.eu/node/575; and have committed to comply with the Code of Conduct for Energy Efficiency in Data Centres. Where buyers do their own hosting, they would be responsible for ensuring that the chosen data centre used for deploying the IRIS Data Platform complies to the Code of Conduct.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  InterSystems are fully committed to achieving NetZero. We have reviewed our carbon emissions and published a Carbon Reduction Plan aligned to the Government's aims; we are ISO 14001 Environmental Management compliant and have various targets we monitor as part of this including waste.

  Tackling economic inequality

  InterSystems recognises its roles in the global marketplace. To continuously improve the social impact of its business operations and ensure we as a company make a positive impact on the communities and market within which we operate. InterSystems is committed to skills development and offer an internship programme to graduates and we are developing our volunteering approach.

  Equal opportunity

  InterSystems are proactively engaged in a global programme to promote diversity, equity and inclusion (DEI) and to identify and address any inequalities across our workforce. Our Diversity, Equality and Inclusion (DEI) Strategic Plan aims to create, implement, measure, and refine specific initiatives to drive the recruitment, retention and development of our employees who align with underrepresented communities, in order to improve the job satisfaction, innovation and skills of these talented employees who are key to our continued business success.

  Wellbeing

  InterSystems recognises the importance of encouraging and promoting good physical and mental well-being. ‘Project You!’ is InterSystems UK’s health and wellness programme, it is open to all employees and aims to provide the time and tools to inspire and support a healthier and happier workforce. We have formally signed up to the Mental Health at Work Standards and continue to develop in this key area.

Pricing

• Price: £6,999.00 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: InterSystems provides a range of no-risk options designed to allow prospective customers to learn more about IRIS Data Platform; explore the software itself; and then take steps towards becoming a customer or partner. See Service Definition for details of the IRIS Experience.
• Link to free trial: https://www.intersystems.com/products/intersystems-iris/#experience-it

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@intersystems.com. Tell them what format you need. It will help if you say what assistive technology you use.