Prism Improvement Insight (PIP or Prism Improvement)

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: No
System requirements: Uninterrupted broadband access to the internet

Access to the N3/HSCN Network for NHS users

Recommend users install latest version on their browser

Cookies enabled

16:9 screen aspect ratio

User support

Email or online ticketing support: Email or online ticketing
Support response times: UK time 9am to 5pm Monday to Friday excluding public/national holidays
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: The software support service comprises an email help desk providing first line technical support to all users of the software, which will include a BIU support team. The software support service is available to all users of the system between 9am and 5pm, Monday to Friday excluding national holidays.
Support available to third parties: No

Onboarding and offboarding

Getting started: We provide an on boarding service for our software modules. The process of on boarding a client will usually take between 5 and 10 working days depending on:
The number of Software modules included in the Call Off Order Form;
The number of users;
The complexity of the client’s requirements…;
The availability of the data requested by us from the Client;
Whether the Client can make data available via an API
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: There is not requirement for clients to extract data at the end of the contract. However if clients wish to extract data Prism will facilitate this process at no extra cost. Prism will also delete all personal data in line with the contract.
End-of-contract process: Unless replaced by a new order, the agreement between Prism Improvement and the Client will automatically expire at the end of the license period set out on the Call Off Order Form; The software will not be accessible to users.

The Client’s right to receive the services shall cease automatically; Each party shall immediately return to the other all property and materials containing confidential information belonging to the other; The Client shall immediately pay to Prism Improvement any sums due to Prism Improvement under this Agreement; It is the Client’s responsibility to extract and save any data stored on the software prior to the expiry of the agreement; If the Client does not remove its data prior to the expiry of the agreement, the Client can request that Prism Improvement will remove the Client’s data from its systems and provide a copy of that data to the Client. Any data sent by the client to Prism Improvement will automatically be deleted by Prism Improvement within 1 month following expiry of the contract.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: No
Service interface: No
User support accessibility: None or don’t know
API: Yes
What users can and can't do using the API: Users must have an account created by the IT Service Desk with API permissions. They can then login to the system and generate an API key which can be used to authenticate their service with the API. Users can upload data in a CSV format to be ingested by the system. Users cannot manage their account or update other users in their organisation using the API.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

PDF

Other
API sandbox or test environment: Yes
Customisation available: No

Scaling

Independence of resources: Elastic compute is in place to allow for the platform to scale on demand.

Analytics

Service usage metrics: Yes
Metrics types: User reporting
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Standard csv file
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: Services provides a 99.5% availability up-time. This is excluding scheduled maintenance and releases This service availability is backed by a 10% fee guarantee
Approach to resilience: Available on request
Outage reporting: Email alerts

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Limited access network (for example PSN)

Username or password
Access restrictions in management interfaces and support channels: Each user client has an unique username and password and cannot gain access to other user's accounts in other sites.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Between 6 months and 12 months
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: Between 6 months and 12 months
How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: Cyber Essentials NHS Data Security and Protection Toolkit
Information security policies and processes: We have an IT policy which sets out our data privacy policy that relates to the handling of client sensitive data. This policy is strictly adhered to and reviewed annually.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Internal testing Annual external reviews of systems All changes adhere to the ITIL/ITSM standards components adhere to the following process of identification, control, status and accounting, verification and audit.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Annual penetration testing for potential threats Each module is pen tested before release All data we hold is low risk- all anonymised with no patient identifiable data All data stored in a ISO27001 accredited facility
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: There is an online and automatic auditing of activity which will allow a quick response to incidents
Incident management type: Supplier-defined controls
Incident management approach: Our approach complies with ITSM definition All incidents are logged, and a risk assessment is applied with priority ratings of 1-4 We track all incidents, escalate incidents to senior management if not resolved in a timely fashion. An incident report is produced for every incident.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: NHS Network (N3)

Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Prism Improvement are always mindful on the area of carbon footprint as we understand by reducing carbon footprint is crucial to protect the environment and to limit the impact of climate change. Therefore, as a business, we have promised to support carbon reduction by encouraging our employees to conduct the following:

Reduce using personal cars for transformation and to use public transportation instead such as trains and buses, carpool with colleagues, ride a bike (as part of our cycle to work scheme) and offering our employees to purchase electric or hybrid cards via our Car purchase scheme.

Use energy-efficient light bulbs and appliances as they use 75% less energy and last up to 25 times longer.

Buy locally sourced food such as local farms.

Eat a plant-based diet to reduce the demand for meat and, in turn, this is to reduce carbon emissions.

Reduce waste by recycling rubbish, compost food waste vs general waste vs plastic waste.

Use renewable energy source such as install solar panels at home and choose a utility company that uses renewable energy sources.

Plant trees in gardens to offset carbon footprint, donate to organisations that plant trees and to participate in community tree planting events.

Reduce water usage which as a result also reduces energy usage such as taking shorter showers, installing low- follow showerheads, use dishwashers and running full loads of laundry, fix leaks promptly and water the grass early morning or late evening to reduce evaporation.

We regularly encourage the employees within our business to follow the above initiatives to ensure we can support our environment to be healthy and safe. This policy will be reviewed on a yearly basis.

Pricing

Price: £24,000 to £250,000 a licence
Discount for educational organisations: No
Free trial available: Yes
Description of free trial: Free limited user access to the software and support desk for the period of 1 month. The free trial includes 1No. data submission Not included:- Unlimited Access Unlimited Users Unlimited Data submissions Training

Prism Improvement Insight (PIP or Prism Improvement)

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Prism Improvement Insight (PIP or Prism Improvement)

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents