Cinos

Connect for Health

Healthcare Communications omni-channel communication platform Webex-Connect for Health enables healthcare providers to orchestrate and automate contextual, real-time interactions and end-to-end journeys across the patient pathway. Includes SMS/RCS/Voice/email/Video/Push/In-App/WhatsApp/Chatbots and much more. Offering integrations with leading EPR/PAS systems & Call Centre solutions facilitating a handoff to an administrator where required.

Features

• Cross-channel and multi-channel campaign automation
• Event-triggered, recurring and interactive campaigns
• Flexibly integrate over Fhir, REST/SOAP APIs, message queues, FTP/sFTP
• Integrated tools to encourage channel shift, digital engagement
• Rapid build, test/launch using our Low Code environment
• Designed for large scale interactions volumes with scalable messaging throughput
• Comprehensive reporting & intuitive dashboards
• Visual, drag and drop, flow builder, Email Composer, Template Management
• Data security, ISO 270001 certified environment

Benefits

• Deliver personalised campaigns across multiple mobile/digital channels
• Drive consistent contact handling processes for compliance and best practice
• Overlay existing telephony and IT for quick deployment of services
• Improve efficiency by seamlessly blending inbound and pro-active engagement
• Support integrations with open APIs and access to reporting data
• Natural Language Processing and Artificial Intelligence for conversation automation
• Reduce call volumes & improve patient experience; sending timely notifications
• Reduce costs and improve operational efficiency
• Keep control of your outbound communications
• Trigger notifications from a simple UI

£0.04 to £0.04 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@cinos.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

232413665349924

Contact

Jody Faulkner
07869370406
bids@cinos.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Unified Communications services such as Cinos Cloud UC, Webex Calling; Contact Centre Services such as Cinos Cloud Ominichannel Contact Centres or Webex Contact Center; Existing customer engagement services; SMS services
• Cloud deployment model: Private cloud
• Service constraints: API integration to existing Line of Business systems may be dependent on engagement with the incumbent provider of that system.
• System requirements:
  • Relevant Available API's available in system to integrate with
  • Sufficient bandwidth availability for Cloud Services
  • Registrations and setup of digital channels - Facebook, Whatsapp etc.

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Our response times are based upon priority of the incident:; ; P1 - Severe Business Impact - 15 minutes; P2 - High Business Impact - 30 minutes; P3 - Medium Business Impact - 4 hours; P4 - Minor / no Business Impact - 24 hours; P5 - Service Request / Service Query - 1 business day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provided our NHS clients with 24/7 telephone and email support provided by our Support Desk. Training and onsite project support can be provided if and when required.; ; We provide a named Technical Account Manager for all of our customers, providing a point of escalation, a named contact for service queries and technical update / roadmap workshop sessions
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite, remote and online training available within the service provision. User Documentation also available to download from the system. Dedicated PM assigned throughout the life of the onboarding.; A Webex Connect account will be created and the login details will be shared with the Buyer who can now login and access their service. A dedicated Project Manager will be assigned to define and document specific service requirements and deliverables in collaboration with the Buyer. The PM will organise the build to the specified service configuration and hand-over to the Buyer for user acceptance testing (UAT). On successful completion of UAT the service will be made ready for go-live. To supplement this process we provide: 1/ Online help documentation 2/ Training sessions and go-live support as agreed with the CSM 3/ In service support and advice to make sure that the Buyer is achieving best value.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We support users to extract their data when the contract ends. This can be done by the user themselves using the service tools or as an additional service. To request this service users must contact their Customer Success Manager and raise a request for data extraction. Webex Connect supports exporting of data into files that can be ingested into the client’s own systems or data storage locations
• End-of-contract process: At the end of the contract we follow an offboarding and decommissioning process. We delete customer related, profile related and configuration related data following our disposal policies. Our data-destruction policies and procedures provide strict controls for governing the physical and logical destruction of data storage devices and data. Physical destruction is undertaken by a certified provider under a controlled process, and is fully-logged. Destruction providers are audited as part of our ongoing 3rd party review process. Devices to be re-used are hard-wiped using industry-approved data destruction tools. As part of the end-of-contract offboarding process the Buyer can request extraction or deletion of their data. Where data extraction is to be completed by IMImobile this activity may be chargeable depending on scope and complexity.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All functionality is still available, with lay out different to support device variance.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Data c an be trtansferred via a range of secure APIs, Webhooks, or as a fatfile transferred via sFTP. A web-based interface provides user s with reporting tools for monitoring activity. For builders we provide a secure web-accessed flow builder.
• Accessibility standards: None or don’t know
• Description of accessibility: All public facing web tools are supported through the use of browser embedded technologies, enabling translation, reading tools and audio Accessibility testing
• Accessibility testing: All public facing web tools are supported through the use of browser embedded technologies, enabling translation, reading tools and audio Accessibility testing
• API: Yes
• What users can and can't do using the API: They can connect to the service
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: In line with data held and client specified requirements. Hierarchy, templates, placeholders and modes of communication. Service configuration and engagement based upon demographic rules. All provided as a managed service. Changes will be made via the Service Desk.

Scaling

• Independence of resources: The service will allocate a fixed capacity that is agreed with each Buyer. Allocation is controlled automatically by the service platform to guarantee that users aren't affected by the demand other users are placing on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Webex Connect offers access to Dashboard and reports, which contain aggregate data across all services, assets, and channels. The following types of reports can be generated. Summary of incoming and outgoing messages across all channels and services; Service-wise reports; App-wise reports; Number-wise reports; Workflow-wise reports. The following data is available for each channel: Requests; Messages submitted; Messages Rejected;Messages delivered; Messages read; Messages failed. Customised reports can also be provided.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cisco

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Webex Connect is hosted in AWS cloud and supports multi-tenancy. The data of each customer is virtually segregated based on the client id. The data at rest is encrypted and encryption keys are stored separately, and only authorized users will have access to the keys. - All confidential data are encrypted using strong encryption algorithms such as AES 256 - All customer transaction data is encrypted using encryption keys - The encryption key is generated at the client level and are rotated at frequent intervals - Regular backups of all transaction data and logs done using cloud storage are encrypted
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Webex Connect has functionality within the UI that allows users to export transactional data for an agreed period. Any additional requirements should be raised with your Customer Success Manager.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Txt
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • REST API
  • Fhir
  • Txt

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee a service availability of 99.95% with our historical performance exceeding this guarantee. As such no service credit or refund process has been necessary or is offered.
• Approach to resilience: The service is deployed over two availability zones (AZ). Each of the AZs can work independently and with full capacity. However, to support High Availability (HA), both the AZs work in Hybrid mode. Therefore, in the case of a failure the service traffic would still be processed. All components are designed with N+1 redundancy (Database with N+N redundancy- master-master or master-slave configuration; storage with 1+1 redundancy). The service is deployed in active-active mode across two availability zones, so deployment on one zone acts as a disaster recovery for the deployment on the other zone. Proactive monitoring is achieved with traps and alerts setup in various modules not just within applications but also our gateways, application servers, databases and our middleware. Alerts are automatically sent to our NOC which is available 24x7. Technical support looks into these alerts to mitigate issues at an early stage. We also monitor system capacity and analyse traffic to identify any anomalies and identify potential issues.
• Outage reporting: We proactively monitor the service with traps and alerts setup in various modules not just within applications but also our gateways, application servers, databases and our middleware. Alerts are automatically sent to our NOC which is available 24x7. Technical support looks into these alerts to mitigate issues at an early stage. We also monitor system capacity and analyse traffic to identify any anomalies and identify potential issues. Support tickets are created in our ticketing tool (ServiceNow) with service affecting issues reported to users via email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Every user has a unique username and password that they need to enter to login and access the service. We also support integration with Single Sign on (SSO) over SAML. Each user is configured with a set of permissions that restrict access to management information and support channels as required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 27/04/2022
• What the ISO/IEC 27001 doesn’t cover: No exclusions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Data security and protection toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS Cyber Essentials, Data Security and Protection Toolkit
• Information security policies and processes: We have worked to ISO 27001 standards since accreditation in 2001 and relevant NHS Information Governance Toolkit ( Data Security and Protection Toolkit) requirements and NHS Cyber Essentials. We are registered with the UK Data Protection/Information Commission registrar. We are compliant to GDPR regulation. We operate a comprehensive IMS (Information Management System) to ensure that all customer data is protected by strong controls against unauthorised access, theft, interception or compromise. This system is implemented as part of our ISO/IEC 27001:2013 processes and operated in-line with PCI-DSS requirements and UK data protection requirements. We confirm that we will comply with Local and other territorial legislation and regulatory controls as required. We understand the risks of storing and processing data in territories with extra-territorial reach (such as the US Patriot Act) and take all measures to ensure the security, availability and integrity of all customer data. Clear controls, roles and responsibilities are defined with respect to storage, processing, encryption and transmission of customer data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes are implemented only after review and authorisation from relevant team members. Assessment is made for security and performance impacts. We provide services to clients with scheduled quarterly upgrade cycles. All upgrades go through a defined change management process including a Change Advisory Board (CAB) that comprises technical and business stakeholders. The CAB assesses proposed changes to the service platform which includes the impact on service availability, performance and security. The lifetime tracking of changes to the components of our service is managed and documented within our ISO9001 accredited process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process assesses potential threats to our service based the following test schedule: monthly internal vulnerability scans, quarterly internal penetration tests and annual external penetration tests carried out by certified third party. Identified threats are impact assessed and prioritised based on severity with patches applied appropriately which could be immediately for severe threats. Information about potential threats comes directly from our testing activity, from our customers and suppliers and our security team who are trained and supported by SANS Cyber Security.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential compromises using high industry standards such as ASVS and CIS. We utilise a continuous monitoring and analysing Security Operations Centre (SOC) team. Along with this we regularly orchestrate up to date CREST approved penetrations tests and run regular vulnerability scans across our platforms to ensure we have no known exploitable areas. We have an defined incident management process compliant with ISO 27001 requirements. Responsibilities and procedures are in place to handle information security events and weaknesses effectively once they have been reported. Logs and security events are monitored and acted upon by our 24 hour SOC team.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We identify potential compromises using high industry standards such as ASVS and CIS. We utilise a continuous monitoring and analysing Security Operations Centre (SOC) team. Along with this we regularly orchestrate up to date CREST approved penetrations tests and run regular vulnerability scans across our platforms to ensure we have no known exploitable areas. We have an defined incident management process compliant with ISO 27001 requirements. Responsibilities and procedures are in place to handle information security events and weaknesses effectively once they have been reported. Logs and security events are monitored and acted upon by our 24 hour SOC team.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Cinos is committed to fighting climate change and delivering environmental benefits in the performance of our contracts, including working towards net zero greenhouse gas emissions. Our ISO14001-accredited Environmental Management System ensures that business activities are managed to increase sustainability, and work towards net zero greenhouse gas emissions by 2047, as demonstrated in our Carbon Reduction Plan, in alignment with PPN 06/21 (https://www.cinos.net/our-company/carbon-reduction-plan/). ; As part of all our contracts, we take the following environmental measures: ; • Promote Circular Economy: We will implement a comprehensive equipment lifecycle management strategy, focusing on extending the lifespan of hardware. Instead of disposing of equipment, we will explore opportunities for reuse. Equipment that cannot be reused will be dismantled at component level to meet out 0% to landfill commitment, recycling component materials in-line with the EU's Waste and Electronic Equipment (WEEE) Directive 2012/19/EU. ; • Drive Packaging Innovation: Promote recycling and explore sustainable packaging to reduce waste and minimise environmental impact.; • Substances and Process Elimination: We will actively remove the use of substances and processes that adversely affect the environment. ; • Supplier Commitment: We will only obtain services, equipment, and power from providers, manufacturers, and vendors who are committed to environmental protection. ; • Sourcing and Recruiting Locally: We will prioritise local recruitment and sourcing of suppliers to minimise business travel requirements. ; • Delivering Environmental Training: We will provide environmental training to our staff and supply chain. ; • Utilising Collaboration Technologies: We will leverage collaboration technologies to reduce the need for physical travel. ; • Using Electric and Hybrid Vehicles: We are phasing out the use of diesel-powered vehicles promoting cleaner transportation and reducing air pollution. ; • Energy Efficiency – We are delivering an ongoing programme of upgrades and renewal to HVAC, insulation, and other systems to reduce energy consumption, carbon emissions.

  Covid-19 recovery

  Cinos confirm that on request we are able to provide Social Value deliverables that support Covid-19 recovery on a contract by contract basis as requested by potential Buyers.; IMImobile was acquired by Cisco in 2021. As the pandemic led to unprecedented shutdowns, Cisco swiftly took action to support the vulnerable, aiding nonprofits that delivered assistance to first responders and those needing food, housing aid, or financial relief due to lost wages.; Cisco and its collaborators focused on deploying networking, security, and IoT solutions to facilitate vaccine logistics from manufacturing and delivery to patient care. Quality control is bolstered by AI-driven sensors and cameras that monitor critical variables such as temperature and efficiency, while comprehensive security measures safeguard access to vaccines and sensitive information.; Cisco and Meraki extended support to entities of various sizes through technology contributions and adaptable pricing options. Post-pandemic, the working landscape is set to change, potentially leading to reduced traffic, lower environmental impact, and job growth outside urban centers due to fewer people returning to offices full-time.

  Tackling economic inequality

  Cinos confirm that on request we are able to provide Social Value deliverables that support Tackling economic inequality on a contract by contract basis as requested by potential Buyers.; In partnership with government bodies, Cisco has facilitated secure remote work infrastructures, bolstered public participation, and ensured the continuity of essential services in tough situations.; Understanding the significance of collaborative efforts, Cisco teams up with organisations like MuralNet, where it contributes financial aid and shares its technical and market acumen to promote the Sustainable Tribal Networks program, emphasising the importance of partnerships in driving substantial progress.

  Equal opportunity

  In the delivery of this Service, Cinos will deliver Equal Opportunity in line with the Social Value Model as follows;; As a Disability Confident employer, Cinos provide equality of opportunity for anyone with visible and/or non-visible disabilities. We ensure that our supply-chain share our values and disabled employees are fully-supported. Processes ensure we understand the issues affecting representation of disabled people in the workforce. We provide all speciality equipment for employees to fulfil their duties from any location so there are no barriers to any employee performing their role.; Cinos provide employment opportunities for all, regardless of gender, age, ethnic-origin, religion, sexual orientation, or disability. We promote the principles of equality and diversity in all dealings and hold Investors-in-People (Gold) and Living-Wage accreditations. We offer a range of accessible opportunities within our recruitment process with working-conditions promoting an inclusive working environment, including flexible and remote working. We’re committed to providing a working environment free from discrimination.; We support all employees in upskilling and progressing in their career with training budget allocated to every individual, alongside quarterly appraisals. Everyone has equal access career-development opportunities aligned to experience and ability. We take appropriate positive-action measures to provide specialised training and support for groups that are under-represented in taking-up training and career-development opportunities. Our apprenticeship program provides employment and training for candidates from local colleges and universities resulting in a job offer.; Cinos are committed to the avoidance of Modern-Slavery within our organisation and supply chains. We only work with suppliers who have embedded sustainable and ethical practices within their organisation; reporting in line with the UN Guiding Principles Framework and the Modern-Slavery Act and ensuring that our commitment to delivering social benefits and upholding human rights is disseminated through our Impact Report, Modern-Slavery Act statement and Sustainable Procurement Policy.

  Wellbeing

  Cinos confirm that on request we are able to provide Social Value deliverables that support Wellbeing on a contract by contract basis as requested by potential Buyers.; Cisco's efforts have also eased the shift to online learning, supported by its social responsibility initiatives such as the Cisco Networking Academy and collaborations with nonprofits like Talking Points and the MIND Research Institute.

Pricing

• Price: £0.04 to £0.04 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@cinos.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.