CheckWare

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Can integrate with EPR systems and stand alone clinical applications or be used as a stand alone platform with deep clinical data. The tailored dashboards and analytics can be used to support service delivery, design and measurement with business and care focussed metrics
Cloud deployment model: Private cloud
Service constraints: Legacy CheckWare versions should be maximum of 2 versions behind the latest configuration available to ensure security and patches remain up to date.
System requirements: Current functional browser

Internet access

User support

Email or online ticketing support: Email or online ticketing
Support response times: The SLA is set at the contract level, in general it is labelled :
A
Critical error
Error that leads to system crash, loss of data or that other critical functions do not work.
4 working hours

B
Severe error
Error that leads to functions not working as described, time consuming to work around.
12 working hours

C
Less severe error
Error that leads to smaller functions not working as described, but that the Customer can easily work around.
5 working days
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: All assistance technology available in current common web browsers is supported
Onsite support: Yes, at extra cost
Support levels: This is set at the SLA levels on contracting and is in our standardised support document which can be attached at point of submission.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Activities in standard delivery project:

Establishing the installation
The Contractor establishes the installation(s) for the Customer and gives access to functionality.

Start-up meeting *
Walk-through of contract
Define organisation, reporting and time line for the introduction project
Agree, describe, approve and implement solution

Project meeting* to agree on a detailed solution
The Contractor creates solution description based on the project meeting
The Customer approves the solution description
The Contractor implements solution regarding to approved solution description

Training and approval
The Contractor carries out training for the Customers Super User(s)
The Customer carries out an acceptance test for the solution based on approved solution description

Production start
Handover meeting* with a plan for further cooperation in the form of user support, cooperation meetings and change handling
The Contractor makes the solution ready for production start
The Customer starts using the solution in production
Service documentation: Yes
Documentation formats: PDF

Other
Other documentation formats: Word
End-of-contract data extraction: Customer can export all items from installation in a structured export to CSV or SPSS. The extraction service can also be provided by CheckWare as a consulting cost.
End-of-contract process: Upon ending the contractual relationship, Customer data will be deleted from CheckWare’s servers. The Customer has the opportunity to export all relevant data prior to deletion.The extraction service can also be provided by CheckWare as a consulting cost.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Optimised for mobile devices features are the same with a responsive design for a "bring your own device" specification.
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: Access for diagnostic purposes is limited to necessary features for the purpose of the service maintenance and administration.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: The interface is delivered via web browsers, so is tied to the assistive services built into commonly used web browsers
API: Yes
What users can and can't do using the API: The API's are delivered open to customers and are configurable depending on integration level and features/services purchased
API documentation: Yes
API documentation formats: PDF

Other
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: The platform is fully customisable dependent on service to be delivered and clinical pathway design. The service can be built by the customer and is fully customisable to any clinical service, including a service design tool with "drag and drop" pathway building functionality. The user can add their own content and customise the delivery of content, even automating delivery of tools, questionnaires and measures, with content if required. Flagging can be automated using pre set threshold values, an application could be care escalation given a rise in patient threshold markers.

Scaling

Independence of resources: The service is hosted on a stand alone and scalable web-based platform which automatically increases with user additions and capacity. The complete offering is a schedule in contracting which highlights the increases in capacity with additional volume and additional services which are available to customers as the service scales up.

Analytics

Service usage metrics: Yes
Metrics types: Customised service performance data and dashboards can be configured in line with the copyrighted content, data and forms configured within the service design. User can design the level of detail they wish to extract within the service on build or post implementation.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with another standard
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: With enabled permissions to the solution, a user can, via the user interface, export collected data to SPSS file format or .CSV format for external use.
Any research data can be linked up to research servers and Outcome measure data can be transferred to minimum dataset databases, using the export functionality within CheckWare. Data can be de-identified or redacted as required.
The user can create templates for data export that can be started at a given time, additionally several sets of data extracts can be established and different file formats can be used as required.
Data export formats: CSV

Other
Other data export formats: SPSS
Data import formats: CSV

Other
Other data import formats: MPEG

.MOV

Within chat, multiple additional formats

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

Legacy SSL and TLS (under version 1.2)
Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability: If the Contractor fails to fulfil the requirements of service levels during a fix testing settlement period, the Customer will receive a calculated refund from achieved service levels. The reimbursement amounts are calculated as a percentage of the monthly payment for the relevant CheckWare product.

Deviation from service level:
Up to <0,49> percentage points- reimbursement 2.5%
Up to <2,49> percentage points - reimbursement 5.0%
Up to <4,99> percentage points- reimbursement 10%
Over <5,0> percentage points- reimbursement 15%
Approach to resilience: Available on request
Outage reporting: An API auto messaging system
email alert to chosen users
SMS to dedicated personnel chosen by customer

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Access to support functions is given on a "Needs" basis to support specific items through the support interfaces.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Limited access network (for example PSN)

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users receive audit information on a regular basis
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: DNV
ISO/IEC 27001 accreditation date: Valid until July 2026
What the ISO/IEC 27001 doesn’t cover: Please clarify
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: DCB 0129

CAIQ v4

DTAC compliant

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: CheckWare has an integrated management system consisting of the ISO-27001, ISO-13485 and ISO-14001 standards. These standards include the relevant controls and more. They are externally audited every year

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: CheckWare has an integrated management system consisting of the ISO-27001, ISO-13485 and ISO-14001 standards. These standards include the relevant controls and more. They are externally audited every year
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: CheckWare has an integrated management system consisting of the ISO-27001, ISO-13485 and ISO-14001 standards. These standards include the relevant controls and more. They are externally audited every year
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: CheckWare has an integrated management system consisting of the ISO-27001, ISO-13485 and ISO-14001 standards. These standards include the relevant controls and more. They are externally audited every year
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: CheckWare has an integrated management system consisting of the ISO-27001, ISO-13485 and ISO-14001 standards. These standards include the relevant controls and more. They are externally audited every year

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: NHS Network (N3)

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Reduction of carbon footprint created in face to face appointments, public and personal travel use. Materials and paper based production and replication is reduced using digital information. ISO 14001 certified

Covid-19 recovery

Rapidly deployable and configurable remote care packages which have already been proven during pandemic in partnership with the Norwegian Govt

Tackling economic inequality

Access to any system via link based system which does not rely on individual ownership of devices and can be deployed to the home to support patient access. In clinic systems can also be included if patients and family do not have their own device or access to the internet.

Equal opportunity

Access to any system via link based system which does not rely on ownership of devices and can be deployed to the home to support patient access. In clinic systems can also be included if patients do not have their own device or access

Wellbeing

Access to any system via link based system which does not rely on ownership of devices and can be deployed to the home, reduction in stigma for face to face visits and pressure of communication.

Pricing

Price: £5,000 to £1,000,000 a licence a year
Discount for educational organisations: Yes
Free trial available: Yes
Description of free trial: Under certain circumstances CheckWare can make a trial version available for "Proof of Concept".

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

CheckWare

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents