Aire Logic Limited

AireBook - Scheduling & Appointment Management

AireBook is a flexible booking engine, helping you to manage appointment bookings against available slots or a schedule. The nature of these appointments is generic, and the responsibility of the engine is largely around the coordination of scheduling and availability.

Features

• Generic booking API
• Flexible scheduling
• Intelligent appointment distribution
• Responsive UI for appointment selection
• Extensive reporting for appointment management

Benefits

• Coordinate events with automated booking
• Reduce intensive busy times with even booking distribution
• Deeply embed into any system through RESTful interface
• Multiple deployment options for flexible usage
• Create custom schedules for complete control over your booking availability

£1,000 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at procurement@airelogic.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

294422306591566

Contact

Mike Odling-Smee
+44 (0)7946 51274
procurement@airelogic.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Can be integrated with PAS and other central health care systems and can be utilised with Aire Logic's forms4health product
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: There are no constraints in running the service
• System requirements: Modern browsers - Edge, Chrome, Firefox, Safari and IE 11

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Support is banded into service level agreements. Some services can choose to have little support and some stronger support. The level of support selected by the customer determines whether it is free or chargeable.; ; Our response times are within 2 hours for urgent requirements, to 3-4 days for low priority requirements depending on the service level the customer has selected.; ; We do provide weekend support, but this does fall into one of the chargeable models
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Bronze: email support, submission stats, 8 hour SLA; Silver: email and phone support, submission stats, 6 hour SLA; Gold: email and phone support, submission stats, 4 hour SLA and form building advice; Platinum: 24/7 emergency phone support, core hours email support, submission stats and form building advice
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial workshops to support analysis of the deployment requirement for user and patient recording and the transformation the platform will bring. We will then work with the local team to configure the platform to the local need, ensuring effective knowledge transfer during this process so the local team can manage ongoing maintenance effectively. We then provide testing support and guidance ready from release into the production environment. We also provide on-site and online training as required for local staff to be able to manage new requirements or as refresher training if required. We support all our customers with ongoing account management to ensure the platform continues to meet their needs.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Database export
• End-of-contract process: Full database export

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All of our products are device agnostic
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Authorised users can self-administer the configuration settings for their organisation, adding and retiring users, adding organisations, managing patient information requirements and managing integration with other applications
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have used both online and offline accessibility testing tools and have installed local accessibility tools on developer workstations.
• API: Yes
• What users can and can't do using the API: There are a number of APIs across our platform, which allow you to programatically access functionality within each service. The APIs are secure by design, and follow RESTful principles. There are also GraphQL APIs which allow you to fetch discrete data points using selective querying.; ; APIs can be used to access available forms, query data collected through forms, retrieve lists of workflow tasks and create new patient records. It is not possible to delete patient data through the APIs, you are able to withdraw information, but it cannot be permanently delete for audit purposes.; ; APIs documentation is made available dynamically through OpenAPI specifications, and product specific documentation sites. These sources detail the extensive capabilities of individual API methods, and their respective interfaces.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Configuration for various features within the platform including dashboards, patient recording requirements, roles for users, fields available for completion, organisation units, reports etc

Scaling

• Independence of resources: Segregated resources (docker containers)

Analytics

• Service usage metrics: Yes
• Metrics types: Form usage reports (e.g. form completions within last 30 days), popular forms, form uptake.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Database extract
• Data export formats: Other
• Other data export formats:
  • XML
  • JSON
  • CSV
  • FHIR
  • XDS
  • OpenEHR
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.5
• Approach to resilience: Available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Role Base Access Controls
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK
• ISO/IEC 27001 accreditation date: 09/10/2020
• What the ISO/IEC 27001 doesn’t cover: Outsourced Development - No development is outsourced, it is all don inhouse.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Protection and Security Toolkit (NHS Digital)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: We are Data Protection and Security accredited with NHS Digital and Cyber Essential approved.
• Information security policies and processes: We follow the requirements of the Data Protection and Security Toolkit and Cyber Essentials. We are compliant with ISO 27001.; ; We have a Clinical Safety Officer to ensure Clinical safety in the deployment of the application in healthcare settings; ; All staff are required to attend an information security (and GDPR) session and read our information security guidelines.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All build and configuration assets are version controlled (using git). All changes are peer reviewed by at least two others before being merged into the codebase (or configuration).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We do in-house penetration testing. Any known vulnerabilities should be patched within 24 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Pro-active log monitoring
• Incident management type: Undisclosed
• Incident management approach: Users can email or phone with incidents. We use an incident management tool (Zendesk) that has built-in reporting.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  ‍Aire Logic Limited is committed to achieving Net Zero emissions by 2030. You can read our full Carbon Reduction Plan here: https://www.airelogic.com/legal/carbon-reduction-plan
• Covid-19 recovery:

  Covid-19 recovery

  During the COVID-19 pandemic and recovery phase, Aire Logic offered its services for free to any organisations that needed help managing COVID-19. For example we worked with The Bradford Institute for Health Research, utilising their community links, we looked at how we could more closely monitor the spread of COVID-19 in vulnerable ethnic minority communities. This resulted in a re-useable and tailorable COVID-19 symptom monitor (C-Track)
• Tackling economic inequality:

  Tackling economic inequality

  Aire Logic work with different charities to help underrepresented groups develop a career in digital technology. Part of our strategy is to reach out to younger generations to show development paths for careers in digital technology.
• Equal opportunity:

  Equal opportunity

  Aire Logic is committed to challenging discrimination and promoting inclusivity. We embrace the Equality Act 2010 and all the protected characteristics listed within. In addition, we also support social mobility and gender diversity. We provide a working environment that is a safe space where every person is treated fairly and with respect.
• Wellbeing:

  Wellbeing

  Aire Logic became a member of the Good Business Charter in 2020 and has achieved all of the criteria including a commitment to fairer working hours and contracts, by encouraging part time working and initiatives such as “wellbeing days” where our employees can book time off, to concentrate on their physical and mental wellbeing, or that of a family member, we aim to make a career in technology accessible to everyone. Equally, we’re committed to paying fair tax, which in turn facilitates central and localised investment in community led initiatives, putting people in control of their own destinies and the future of their community.

Pricing

• Price: £1,000 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Free trials are available - contact us to discuss your requirements

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at procurement@airelogic.com. Tell them what format you need. It will help if you say what assistive technology you use.