CITATION LIMITED

QuiqCare

A comprehensive compliance platform offering surveys, audits, quality assurance, data collection, and analysis. It's configurable for multi-sector organisations of any size, showcasing improvements and real-time compliance with standards and regulatory needs e.g. for CQC, safeguarding, estates and facilities, Premises Assurance Management (PAM), pharmacy, SEND and many more by arrangement.

Features

• Evidence Recording
• Action Plans
• Auditing
• Surveys
• Data Analysis
• Document Management
• Real-time Reporting
• Configurable Quality Frameworks
• Automated scheduling
• Email Alerting

Benefits

• Historic assurance and compliance data can be queried and reported
• Removes Paper and Spreadsheets to increase efficiency
• Provides a real-time picture of QA, Audits and Data
• Configurable forms, design your own Audits and Surveys
• Full automation to ensure all documents are circulated on time
• Report Writer giving information to those who need it
• Built-in Inspection and Peer Review functions
• Email alerting and reminders on all evidence and action plans
• Community Management – collaborate with multiple stakeholders
• Configurable user access by role/responsibility to improve user experience

£1,095 a licence

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paulkaye@citation.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

249845787623999

Contact

Paul Kaye
01948841116
paulkaye@citation.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All maintenance and software updates are carried outside of normal business hours and notified to all users in advance.; ; Browser access is a requirement, however some older versions of browsers (for example Internet Explorer version 10 or older) may occasionally cause some display issues and are not recommended for use with the QuiqCare application.
• System requirements:
  • Internet Access
  • Web Browser, e.g. Firefox, Safari, Chrome, IE, Edge, etc.
  • Firewall permissions to allow local access and data uploads
  • PDF reader for accessing standard print outputs
  • Email account for alerting

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 90% of the time, we aim to respond to questions within 4 hours during normal business hours from Monday to Friday between 9am and 5pm excluding bank holidays and weekends
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support is provided during normal business hours from Monday to Friday between 9am and 5pm.; Available support options:; Email; Telephone; Website Form Submission; ; Support options are available to all customers and are included within the software licencing agreement.; ; Any support call that requires it can be escalated to the technical contact on duty, with anticipated resolution times communicated by email.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Training is provided in a number of ways:; ; *On-site classroom or one-to-one training.; *Off-site remote training webinars.; *Quickstart Guides and user documentation.; *Embedded training videos and custom help files.; ; Post implementation best practice guidance is available by email, with hints and tips for optimal use of the system.; ; Helpdesk support services are available for any user who requires additional help when getting started with our services.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data can be downloaded at the end of the contract in a variety of formats at the discretion of the user.; ; Options available to print, or with PDF and CSV output:; ; *Evidence Summaries, ; *Action Plan Listings, ; *All configurable reports (real time and historical data), ; *Inspections Reports and Reviews, ; *User Activity listings including reminder dates, ; *Audit responses and reports, ; *Survey responses and reports,
• End-of-contract process: Citation will advise when access to the service will be withdrawn in advance of the contract termination date. Guidance will be given about the options to download any data and reports from the service at that time.; ; Citation are happy to discuss short-term contract extension periods where there are extenuating circumstances and there is commercial agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The user interface resizes to suit the device being used, this results in a condensed menu structure when using a mobile device. Some text entry features are better suited to a larger device (e.g. tablet, laptop) however these are still functional on mobile devices.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API functionality is designed for inter-application connectivity but does not allow users to set up or make changes to the service. API configuration is an option but would be discussed on a case-by-case basis.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users are able to design and implement custom forms including audits, surveys and other requests for information.; ; Users can also create custom quality frameworks with spreadsheet imports of standards, additional information and relevant resources which can be uploaded into QuiqCare.; ; Users can create schedules to ensure all documents are distributed for completion in a timely fashion.; ; Only users with appropriate administrator access privileges can customise the system unless by prior agreement with Citation.

Scaling

• Independence of resources: There is scalable bandwidth in the platform to ensure that users are not affected during periods of high usage by other users.; ; Some key operations are cached to minimise any impact on users.

Analytics

• Service usage metrics: Yes
• Metrics types: Citation is able to supply data on the frequency and duration of user logins. ; ; Activities with reminder dates can be reported on within the application showing the amount of current or overdue actions for users of the service.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Enterprise-grade anti-malware, endpoint-detection and response-agents deployed to all Citation-endpoints-and-servers with centralised-management-and-monitoring.; ; Enterprise-grade managed detection and response agents deployed to all Citation endpoints and servers.; ; Multi-factor authentication enforced for all Citation employees accessing cloud-based workplace services.; ; Enterprise-grade, centrally-managed firewalls in place to protect internal networks and external cloud applications and services.; ; Security event logs on all Citation devices, ingested and monitored 24/7 by our managed detection and response service.; ; Operating systems automatically patched when updates become available.; ; Third-party software versions monitored-and-patched automatically or via centralised software package-management.; ; Web-content filtering in-place on all endpoints to restrict access to suspicious or malicious websites.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export data in PDF and CSV formats using built-in report writing and export functions inherent within the system. There are options to customise reports and filter data to extract subsets of data if required.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Users can export data in PDF and CSV formats
• Data import formats:
  • CSV
  • Other
• Other data import formats: Users can upload from spreadsheets such as Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Enterprise-grade anti-malware, endpoint detection and response agents deployed to all Citation-endpoints and servers with centralised-management-&-monitoring.; ; Enterprise-grade managed-detection and response agents deployed to all Citation endpoints and servers.; ; Multi-factor authentication enforced for all Citation employees accessing cloud-based workplace services.; ; Enterprise-grade, centrally-managed firewalls in-place to protect internal-networks and external-cloud-applications and services.; ; Security event logs on all Citation devices, ingested-and-monitored 24/7 by our managed detection and response service.; ; Operating systems automatically-patched when updates become available.; ; Third-party software versions monitored and patched automatically or via centralised software package-management.; ; Email security policies in place for all Citation staff to protect from spam, phishing, and malware

Availability and resilience

• Guaranteed availability: Service provision 356 days 24/7. Uptime Availability: >99%. Scheduled Downtime <0.2%; ; Response in working hours (9-5) during business days. ; ; Support: On call as needed: Technical Support resolution for service limiting issues <4 hours.; ; Our applications are not typically mission critical and therefore we do not offer refunds for customers if availability levels are not met.
• Approach to resilience: The QuiqCare application is hosted on the Amazon Web Services infrastructure, and benefits from the resilience of the AWS platform. Being based on cloud services there is no standard vulnerability to hardware failure. Application and database servers are held on the AWS UK node for compliance purposes, ensuring no data is held beyond the UK territory.; ; There are hourly file backups and twice daily system backups.
• Outage reporting: Service availability is proactively monitored, any outages are reported by email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Configurable user access including roles & permissions, access is logged.
• Access restriction testing frequency: Less than once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Centre for assessment
• ISO/IEC 27001 accreditation date: 15/9/2022
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We maintain an Information-Security-Framework that includes technical-and-administrative-controls. This framework allows us to take a systemic-approach to protecting commercial information, including our clients data and other critical assets from both internal-and-external threats.; Our management system follows fundamental Information-Security best practises including:; ; Information security, data protection, and business continuity awareness training and education.; ; Dedicated teams and individuals-responsible for information security, data-protection, and business-continuity.; ; Confidentiality-integrity-and availability incorporated as an essential element of development, networks-and-systems.; ; Ensuring a risk-based approach to information-security-management.; ; Maintaining the principles of least privilege and need-to-know via role-based access controls.; ; Compliance with relevant laws-rules-and-regulations. Notwithstanding the contractual-terms agreed between Citation and its stakeholders, including clients/vendors/partners/employees and other applicable third parties.; ; Continual monitoring of information-security controls and adjusting and improving where necessary.; ; The Information Security Management System is maintained in accordance with the ISO27001 Standard. We use external auditors to test and verify the adequacy of its Information Security Management System and are ISO27001 certified.; ; We have appointed a Director of Information Security and a Data Protection Officer (DPO) who, along with their teams, are responsible for the Information Security Management System. Additionally, the team has several international certifications such as CISSP, OSCP, ISO27001 Lead Auditor, ISO27001 Lead Implementer, CIPM, and CDPO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A comprehensive change-management policy and process, covering various aspects such as scope/objectives/guiding principles/request for change (RFC) process/levels of change/urgency and impact assessment, roles-and-responsibilities, and the change-management process itself for both IT and development changes. ; ; Description: The process begins with an overview of change-management, emphasizing its importance in controlling the lifecycle of changes to IT-services and development while minimizing risks and disruptions.; ; Scope: Defines the scope-of-the-policy, specifying its applicability to all IT and development activities across the organization and third-party entities.; ; Objectives: Objectives are outlined, focusing on best-practices/minimizing disruptions/responding to business requirements/ensuring documentation/assessing and approving changes, and integrating with other-processes.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: How we assess potential threats to our services – We regularly carry out Business Impact Assessments, Penetration Tests and other threat detection techniques. We grade them based on a standard Impact/likelihood calculation.; ; How quickly we deploy patches to our services – Remediation is carried out ASAP, priority is dictated by threat level.; ; Where we get our information about potential threats from – We have a Managed Detection Response contract, regular penetration tests, have set up alerting on all relevant systems and other external sources.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Dedicated, in-house Operational Security team, responsible for managing/maintaining/monitoring the following technical security controls:; ; *Enterprise-grade anti-malware, endpoint detection and response agents. ; ; *Enterprise-grade managed detection and response agents.; ; *Multi-factor authentication enforced for all.; ; *Enterprise-grade, centrally-managed firewalls.; ; *Security event logs on all Citation devices.; ; *Operating systems automatically patched when updates become available.; ; *Third-party software versions monitored and patched automatically.; ; Email security policies:; ; *Web content filtering in place on all endpoints.; ; *Full Disk Encryption enforced on all Citation Limited workstations.; ; *Regular vulnerability scanning and analysis across the estate.; ; *Data loss prevention policies to identify the movement of sensitive data.
• Incident management type: Supplier-defined controls
• Incident management approach: Citation has a rigorous incident management policy and procedure for events and incidents that may affect the confidentiality, integrity or availability of our systems and data, or that may be a breach of our internal policies, procedures, and standards.; Incidents are classed based on their severity and impact. The incident management policy covers the full incident lifecycle: detection, monitoring, containment, investigation, remediation, notification, and root cause analysis. Each phase has its well-defined goals, guidelines, and responsibilities.; Citation Limited has had no material security incidents or reportable data breaches within the last 24 months.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The Citation Group and its subsidiaries, including Citation Limited, have committed to the Science Based Targets initiative (SBTi) and have an active commitment to set science-based targets. The Citation Group is in the final stages of establishing their emissions reduction targets in line with the SBTi’s criteria before presenting it to the SBTi for official validation. As part of this Citation Limited does and will continue to measure and report on its scope 1, 2 and 3 Green House Gas Emissions. We have a commitment to achieving Net Zero by 2050 and initiatives in place to achieve this. ; ; It’s only getting more important for businesses of all sizes to make sure they’re operating and growing sustainably. That’s why we launched our sustainability hub in 2023 to help our clients build a better business today, that’s set up for tomorrow. Sustainability isn’t just about the environment. That’s why we’ve split our hub into three key areas – People, Planet and Process. Packed full of insights, resources and a free sustainability assessment to help our clients measure how they are doing now, and the quick fixes they can make to improve in this important area.

  Covid-19 recovery

  Citation's Service teams have been actively supporting SMEs with Covid-19 recovery. For example, through the creation and implementation of health and safety and HR policies and risk assessments and supporting with organisational redesign to make businesses fit for the future.

  Tackling economic inequality

  Citation has academies in place which provide entry level recruits with the opportunity to gain nationally recognised professional qualifications in Health & Safety, Human Resources, Employment Law and Fire Safety. We pay into and utilise our Apprenticeship Levy and have a veterans programme in place within our Health & Safety team. Additionally, Citation is committed to paying colleagues the National Living Wage at minimum. Where possible, Citation offers flexible working arrangement to help enable a more inclusive approach to employement.

  Equal opportunity

  Citation strives to encourage and has seen the benefits of having a diverse and inclusive workforce. Diversity and inclusion is not just about seen differences, it covers hidden and perceived differences across background, education, social differences, neuro diversity, age, gender, religion, ethnicity, beliefs and much more. Inclusion isn’t just a policy; it’s part of the fabric of our culture. We want to learn from diverse perspectives, drive innovation, grow together and create an environment where differences are embraced so everyone can thrive at work.; ; A third of Citation colleagues have been promoted since joining us and in the last 12 months >87% of colleagues have undertaken development above the requirements of their. Our Women in Leadership Programme has helped us to accelerate the careers of high potential women and we have expanded our professional development programmes to increase female representation in traditionally male dominated professions. Citation has development schemesand CPD programmes in place for new and existing colleagues and funds nationally recognised professional qualifications in Health & Safety, Human Resources, Employment Law and Fire Safety.

  Wellbeing

  We want to be the business that colleagues want to work for and clients want to work with. That is why colleague engagement has been at the heart of our business strategy for over 10 years. We are proud of culture and our colleagues, who have together created a greatplace to work – evidenced through our leading colleague engagement scores which resulted in Citation being listed as one of the Sunday Times Best Places to Work in 2023. ; ; Citation has a number of colleagues who are trained as Mental Health First Aiders and colleagues have access to an Employee Assistance Programme as part of their healthcare benefit. Additionally, Citation has run wellbeing based training sessions for colleagues on topics such as Menopause Awareness, Mindfullness, Men's Mental Health and Alcohol Awareness.

Pricing

• Price: £1,095 a licence
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Complete service but for a time-limited period by arrangement

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paulkaye@citation.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.