Allocate Software Limited

RLDatix Audits & Standards

RLDatix Audits and Standards provides assurance and protects your patients from preventable harm by ensuring regulatory compliance across your organisation. The solution provides you with a clear audit process to ensure both regulatory compliance and compliance of your internal policies, with steps to drive compliance where necessary.

Features

• Build an unlimited number of data collection tools.
• Connects audits, standards, and policies data into a single platform
• Regular updates to standards and regulations in the system database
• Conduct mock surveys and maintain continual readiness for inspections
• Assess the severity of non-compliance on a severity matrix
• Automated weekly email report of open findings
• Create and close findings of non-compliance in a streamlined process
• Comprehensive view of supporting documentation including: mobile auditing, policies, procedures
• Provides an in-depth score of performance after an inspection
• Mobile friendly, responsive web technology

Benefits

• A complete, streamlined audit process
• Protect patients from preventable harm
• Drive a culture of reporting and compliance
• Ready your organisation for an inspection
• Automate data collection, analysis, and reporting around compliance
• Track compliance and action plans related to self-inspections and surveys
• Access a library of best practices, resources, and educational material
• Identify and highlights areas of non-compliance
• Address potential risks and prevent incidents that may harm patients
• Empower staff to proactively identify opportunities for improvement

£2.94 to £15.30 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.manager@rldatix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

282356986280738

Contact

UK Sales
+44 (0)20 7355 5555
bid.manager@rldatix.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Allocate will normally perform Scheduled Maintenance activities during Out of Hours. Emergency Maintenance may be required as a result of identifying a problem through on-going monitoring and management that could potentially cause an outage or failure of the SaaS Services. Allocate will use reasonable endeavours to provide the Customer advance notification if possible and manage such Emergency Maintenance in such a way as to minimise impact on the Customer's operations. Emergency Maintenance may be conducted at any time.
• System requirements: Please see Service Definition for full details.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is provided Monday to Friday, 08:30 – 05:30 including UK Bank Holidays (Support Service Hours). Support is telephone and web-based. Operational Support Services Response and Resolution Target Service Level: * Priority 1 - Within one (1) hour - Four (4) Support Service Hours * Priority 2 - Within one (1) hour - Sixteen (16) Support Service Hours * Priority 3 - Within one (1) Business Day - Forty-eight (48) Support Service Hours * Priority 4 - Withi
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Allocate Software provide a single, priority-based support model which is included, at no additional cost, within the pricing document provided. * Priority 1 - Within one (1) hour - Four (4) Support Service Hours * Priority 2 - Within one (1) hour - Sixteen (16) Support Service Hours * Priority 3 - Within one (1) Business Day - Forty-eight (48) Support Service Hours * Priority 4 - Within one (1) Business Day - Within the next Software release At the point of “Go Live” the customer shall be assigned a Customer Success Analyst who shall focus on two key areas in their support of the customer: *Software Adoption – The Customer Success Analyst will visit customers and work with them to help them on their journey to realise financial and non-financial benefits from the software. Once baseline information has been assessed, an Adoption Account Plan will be prepared to identify and address key areas to help organisations better utilise the software. *Proactive Support – Using dashboards to monitor performance, engagement and the level of adoption, the Customer Success Analyst in collaboration with Customer Support, will be able to alert concerns proactively or provide assistance where a situation could be improved.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Allocate adopts and delivers many forms of training regimes based on the requirement of a project. Following implementation, Allocate will deliver a comprehensive training plan that will ensure the customer is fully trained in the use of our system and able to achieve the full benefits of the solution. • During implementation, training will be delivered by the Implementation Consultant on a face-to-face, classroom training basis • Training will be delivered to the project management team to ensure ongoing centrally managed delivery • Expert knowledge will be provided in each functional area • User guides and system documentation will be provided Following implementation, Allocate will provide ongoing training via the Allocate Academy, which is designed to provide organisations with the formal training and accreditation needed to ensure that they have the confidence and skills to fully utilise our system. Moreover, our training and accreditation programmes are focused on job roles and career progression within the customer’s teams, guaranteeing that members of the team are trained to the highest standards, are empowered with knowledge, and achieve an in-depth understanding and confidence of the solution.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Not applicable to this service, we do not hold your data.
• End-of-contract process: All training delivered during the implementation phase of the solution is included within the contract price. In addition the following is included during the term of the agreement: *System maintenance *Upgrades *Support

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: This product leverages Snowflake technology, ensures efficient data transfer directly into your BI tools or data warehouse.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: The service is monitored by a suite of performance monitoring tools (e.g. SPLUNK), which are designed to ensure that as a customers storage and processing requirements increase, the service is adjusted to compensate. This ensures continual, optimal performance of the service.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: This product safely and securely delivers workforce data from Optima directly to your own business intelligence tool or data warehouse. This product leverages Snowflake technology, ensures efficient data transfer directly into your BI tools or data warehouse.
• Data export formats: Other
• Other data export formats: Snowflake technology transfers directly into your data warehouse.
• Data import formats: Other
• Other data import formats: Snowflake technology transfers directly into your data warehouse.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% Actual Service Availability is calculated as follows: Service Availability = Operational Time – service Downtime x 100 % / Operational Time
• Approach to resilience: Our service is delivered via the Allocate Cloud, which is a private cloud infrastructure. It is delivered and run by Allocate Software including maintenance support and upgrade services – one accountable supplier. The Allocate Cloud infrastructure is built using fault tolerant clusters of powerful servers which are configured for a high availability software platform. A powerful fault-tolerant Storage Area Network (SAN) houses your data, providing safe data access which also allows dynamic migration of services; this enables resilience and scalability with no service disruption. The Allocate Cloud infrastructure and Cloud based applications are monitored in detail and in real time 24 hours a day, 7 days a week, and 365 days a year to ensure the service is healthy and performing correctly. Allocate perform regular capacity management reports to ensure we can meet demand for next month, next year and beyond. As and when your demand changes the compute power can increases with your growing requirement. Allocate’ s Cloud is kept up to date with regular security patches and system updates at all levels within the service solution. Antivirus and malware protection is kept up to date hourly and automatically ensuring the latest threats are kept at bay.
• Outage reporting: Reports of outages are provided via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: The service restricts user access to only those functions that their security profile allows. These are configurable by the organisation, allowing for multiple user access levels. It ensures users are prevented not only from accessing, but also seeing menus or screens that they do not have permissions to access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: DNV GL
• ISO/IEC 27001 accreditation date: 14/10/2013
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: The Information Security Policy of the Company is designed in accordance with ISO27001 and GDPR to ensure that: *The confidentiality, integrity and availability of information will be maintained at all times. *All regulatory and legislative requirements are met and reviewed regularly *Business continuity plans are in place and regularly maintained *All breaches of security must be reported by employees and investigated by a Senior Member of the Management team and any necessary action taken. This policy has been approved by the Senior Management Team and all managers are responsible for implementing the policy in their business area and ensuring adherence to the policy by their staff.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Every Change to part of the service is subject to the following process: • A formal written Change Request must be submitted for all changes • All scheduled Change Requests must be submitted in accordance with change management procedures (documented) • Each scheduled Change Request must receive formal CAB approval before proceeding with the change. • The CAB may deny a scheduled or unscheduled change. • A Change Review must be completed for each change, whether scheduled or unscheduled, and whether successful or not. • A log (“Change Management Log”) must be maintained for all changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Allocate monitor for known vulnerabilities and act to mitigate: *‘Critical’ patches deployed within 14 calendar days of a patch becoming available *‘Important’ patches deployed within 30 calendar days of a patch becoming available *‘Other’ patches deployed within 90 calendar days of a patch becoming available *'Critical’, ‘Important’ and ‘Other’ are aligned to the following common vulnerability scoring systems: National Vulnerability Database Vulnerability Severity ratings: ‘High’, ‘Medium’ and ‘Low’ respectively (these in turn are aligned to CVSS scores as set out by NIST) Microsoft’s Security Bulletin Severity Rating System ratings: ‘Critical’, ‘Important’ and the two remaining levels (‘Moderate’ and ‘Low’) respectively.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Allocate collect multiple types of audit information and it is regularly analysed. Basic intrusion detection technologies are in place at the perimeter devices. Applications and services are monitored and reported in real time to the Allocate Operations monitoring centre.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Security Incident processes are in place for the Allocate Cloud service and are enacted in response to security incidents. *Pre-defined processes are in place for responding to common types of incident and attack. *A defined process and contact route exists for reporting of security incidents by consumers and external entities. *Security incidents of relevance to them will be reported to customers in acceptable timescales.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Fighting climate change Fighting climate change and supporting Net Zero RLDatix recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. To achieve this, RLDatix has completed the following: • RLDatix has an Environmental Policy that is reviewed on an annual basis to ensure it is relevant to the business • RLDatix has engaged our travel partners to ensure travel is as carbon efficient as possible, i.e., recommends trains rather than flights • Throughout all RLDatix offices we provide waste receptacles for recycling and general waste, supporting the reduction of waste to landfill • We encourage the reduced use of water and electricity and actively encourage the staff to consider the environment whilst printing • Many of our solutions assist our customers in reducing their own carbon footprint, i.e., assisting with route planning for community-based staff • RLDatix is working to be carbon neutral in the next few years and achieve ISO 14001 accreditation Many of these environmental proposals help us and will help you in your path to Net Zero. We are firmly committed to carbon reduction, as demonstrated by our Carbon Reduction Plan, published here: https://rldatix.com/en-uke/corporate-responsibility/

Pricing

• Price: £2.94 to £15.30 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.manager@rldatix.com. Tell them what format you need. It will help if you say what assistive technology you use.