Hicom Technology Ltd

Accent

HR management, training and education system supporting the multi-professional workforce. Accent is a comprehensive suite of fully-integrated facilities enabling the HR team to manage every aspect of the workforce; from setting up establishments, managing recruitment and rotations within programmes, to the on-going monitoring and assessment of career performance.

Features

• Curricular, programmes and post management including approvals and funding
• Management of rotations and placements
• Assessments and appraisal planning and results recording
• Courses and exam management
• Administration of leave, courses and assessment events Supporting revalidation activities
• Integrated document management
• Quality management
• HR administration including links to the NHS ESR (optional)

Benefits

• Reduction in administrative overhead
• Data collected at source leading to improved data quality
• Improved business efficiency through process automation
• Improved communications between HR team and the workforce
• Improved access to data for management and performance reporting
• ISO9001 and ISO27001 accredited

£15 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at scott.baker@hicom.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

309530312973244

Contact

Scott Baker
01483 794945
scott.baker@hicom.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Access to our help desk is limited to the service hours defined within this document, although the core service hours can be extended on request (at an additional charge).; ; Hicom will notify the client of any planned service disruption or downtime, although we reserve the right to temporarily restrict access to the service outside of normal Service Hours without notice to undertake system upgrades or maintenance.
• System requirements: Provision of industry standard browsers for each PC

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Hicom guarantee to respond to all support calls within eight working hours from the time of receipt of the call. Response to critical problem will be within two working hours from the time of the call.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: - First-line support: Basic level user and technical support. Also used to gather information and analyze a problem ; ; - Second-line support: In depth technical support used to troubleshoot and solve problems; ; - Third-line support: Expert support for complex issues. Also used to support first and second line support; ; All levels of support are provided through payment of the standard support and maintenance charge.; ; A technical Account Manager is provided.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training is delivered in accordance with the needs of each organisation. We will develop individual, tailored training courses specific to the needs of the individuals being trained.; ; Training can be delivered using a variety of different methods including cascade (train-the-trainer) training, classroom-style demonstrations, focus groups, workshops, online webinars and video tutorials.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is extracted by Hicom on request in a format dependent on future needs.
• End-of-contract process: The following activities can take place at the end of the contract:; ; - Analysis and design: We would be keen to either provide the replacement system, or provide consultancy around the nature of the requirement. This would include comprehensive legacy analysis of the existing system to inform the requirements of the next (additional cost); - Configuration and change management: Any change requests or defect reports will be passed to the developers of the subsequent system (additional cost); - Data will be provided as IFF (included); ; - Operations and support: The final release will still be supported until it is finally removed as long as this stage is still within contract(included); ; - Transition consultancy: General consultancy is offered to enable the move to the replacement system. This may include consultancy around data migration and, specifically, around the data schema (additional cost)

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: No major difference. Some small difference in how screens are rendered.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Accent is based on micro services architectures based on a multi tenancy system. Application is written based on ASP.NET MVC and REST services. ; Interface engine for Ascent is mixed of Identity server (SSO using Oauth2/OpenID Connect), REST, SOAP, PowerBi, SendGrid, and multiple payment gateways.
• Accessibility standards: None or don’t know
• Description of accessibility: We are aware of the WCAG standards and incorporate them wherever possible into the design of all of our software. We do our utmost to ensure that content is accessible to a wider range of people with disabilities as well as making our web content more usable to users in general.
• Accessibility testing: Our experience of interface testing with users of assistive technology is limited. However, we are aware that WCAG 2.0 success criteria are written as testable statements and are seeking to integrate this into our testing procedures, currently internally.
• API: Yes
• What users can and can't do using the API: The Accent ESR API is a bi-directional interface between Accent and Trust based ESR systems.; ; A link between an Accent Post and an ESR Position is established with the ESR instance. Position data is passed to Accent in a daily extract.; ; On receipt, Accent will carry out the following actions:; ; - Discrepancies between Accent and ESR data are used to update Accent data. This is configurable on a field by field basis, and can be automatic, or subject to administrator review.; - Received Positions are added to a watch list of Posts for which changes are reported back to ESR.; ; The ESR Interface will daily create two exports to ESR:; ; - Applicant Export – 3 months before a trainee begins a Placement, details will be sent to ESR.; - Notification Export – Changes to a Placement following inclusion in the Applicant Export are detailed in a separate export to ESR.; ; The import/export functionality allows updates to be synchronised between Accent and ESR, taking advantage of up-to-date data entered on either system.; ; The interface is designed to run with minimal user interaction. The degree of maintenance required is dependent on the level of oversight the administrator requires for updates from ESR.
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users have limited ability to customise the service. This includes menu items, data entry templates, document templates and, to a limited extent, the look and feel of the interface. This ability is limited to those users who have appropriate role based access controls.

Scaling

• Independence of resources: All environments utilise separate physical hardware and all networks are segregated using VLAN's, all network perimeters (internal and external) are secured with network firewalls, all servers utilise software firewalls, all environments utilise separate authentication, all hardware has a redundant layer and tolerates multiple levels of failure.

Analytics

• Service usage metrics: Yes
• Metrics types: The following service usage metrics can be provided on request:; ; - Core user actions: Are users consistently using predefined core user actions?; ; - Activity time: The number of times a user visits a service and the elapsed time they spend; ; - Visit frequency: How often does a user return to a service
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: All customer data is encrypted at rest using Micrsoft SQL Server encryption, all storage/physcial media is encrypted using FIPS level encryption.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be exported either by using pre-formatted, customisable audit reports or by creating their own reports via MS SQL server report builder using pre-defined templates.
• Data export formats:
  • CSV
  • ODF
  • Other
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Access is via the public internet or the Health & Social Care Network dependent upon the application. All access is encrypted using SSL/TLS/IPSEC VPN, certificates utilise the latest standards.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: All environments utilise separate physical hardware and all networks are segregated using VLAN's, all network perimeters (internal and external) are secured with network firewalls, all servers utilise software firewalls, all environments utilise separate authentication, there are multiple layers of physical security - secured electronic perimeter gates, biometric locks on external and internal doors, 24 hour monitored CCTV, 24 hour security patrols, the Hicom data centre within the main building is secured with coded locks and IP cameras.

Availability and resilience

• Guaranteed availability: Hicom will endeavour to make the service available without disruption during Service Hours; however allowances should be made within this period for essential service downtime to enable critical software upgrades and system maintenance to be carried out. ; ; Hicom provides all clients with an SLA (service level availabilty) that guarentees the availability of the service. The SLA generally guarentees availability of 99.5% during business hours however this is agreed with the client to meet their particular requirements.
• Approach to resilience: All physical equipment in the Hicom data centre has end to end redundancy, all client facing servers are hosted on high availability clusters. All firewalls, switches, power, cooling and cabling/connectivity has redundancy and will continue to operate in the event of component or device failure. 24x7x365 monitoring is place which monitors all elements of the environment including water leak and temperature monitoring. There is a replication based disaster recovery solution in place, in the event of a "disaster" occurring all system can be restored to a fully operation state within 2 hours.
• Outage reporting: All outages are reported via SMS & email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: All access to the system, including management interfaces, is provided by Role Based Access Control dependent on successful entering of a username and password. Where possible access control lists are used to restrict access by IP address.; ; Access to online support is similarly managed by Role Based Access Control, whilst those accessing telephone support may be asked to prove their identity if required. Where possible access control lists are used to restrict access by IP address.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: All management and support access requires separate credentials which are restricted to key personnel, access is secured with network firewalls at each network perimeter and software firewalls on all servers, rights are provided on a "minimum level of rights to complete the task" basis and access is reviewed and revoked when no longer required.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 16/06/2018
• What the ISO/IEC 27001 doesn’t cover: We believe this covers all of our activities.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Compliance with the Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are ISO 27001 accredited and, as such, our information security policies and processes are guided by this. This, therefore dictates the following: ; • Information security policies ; • Organisation of information security ; • Human resource security ; • Asset management ; • Access control; • Cryptography; • Physical and environmental security; • Operations security; • Communications security ; • System acquisition, development and maintenance ; • Supplier relationships; • Information security incident management; • Information security aspects of business continuity management ; • Compliance; with internal policies, and with external requirements, such as the law.; ; Hicom is registered with the Information Commissioner Office and adheres to the Data Protection Act 2018 and GDPR. We continue to ensure we remain compliant with the General Data Protection Regulations (GDPR).; ; Hicom holds certification for our Information Security Management System (ISMS) under ISO 27001 and manages a confidential data policy and responsibility through a mature yet continually improved ISMS. Hicom also maintains a Cyber Essentials certification.; ; Hicom is registered under the Data Security and Protection Toolkit for NHS digital and measure and publish our performance against the National Guardian’s ten data security standards.; ; ISO 27001 compliance is managed by our Quality and Information Security Manager.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes related to the product specification (configuration) are either captured by the Project Manager if the system is still being implemented, or by our support/account manager if the system has already been implemented.; ; Changes in the project processes or baseline (time, money etc.) are dealt with via the Project Manager and, if necessary the Product Manager. If a change is identified, all affected project parameters will be assessed, analysed for impact and acted upon.; ; All changes are impact assessed during their initial review with the project team, including security impact.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Hicom subscribes to/utilises multiple vulnerability alert/information services including - MS-ISAC, NCSC, CIS, Symantec, Microsoft, OWASP, the information provided is reviewed and corrective action taken to correct/mitigate any issues. Monthly vulnerability scans are carried using multiple tools to test for vulnerabilities internally and externally, the results and action are recorded and reviewed as part of the organisations security management.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Hicom utilise an SIEM (Security Information and Event Management Solution) for protective monitoring, the product currently in use is Splunk however this is subject to change as new products enter the market. The SIEM solution monitors and analyses the logs from web servers and other key systems.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our incident management approach is informed by ITIL and meets the ISO 27001 standard. It is made up of the following components:; - Incident detection and recording; - Classification and initial support; - Investigation and diagnosis; - Resolution and recovery; - Incident closure; - Ownership, monitoring, tracking and communication; ; Users report incidents through the support service defined in our standard SLA and incident reports are provided via the relevant Product Specialists to the Information Security Forum.; ; Any incidents detected internally are raised with the Information Security Forum and the customer is notified as per their contract.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Hicom consciously endeavour to contribute to a sustainable and positive impact on the environment. We make every effort to reduce our carbon footprint, whether through our many recycling stations, significant reductions in printed material, installing bike racks to support cycling to work and increased employee awareness and engagement through our social responsibility programme, which include company-sponsored litter picking activities.; ; We actively encourage car sharing to reduce carbon emissions and a number of our employees travel to work via public transport. We have also introduced flexible working hours to reduce carbon emissions during peak commuting hours and we have an established hybrid working policy enabling employees to work from home regularly further reducing the environmental impact
• Covid-19 recovery:

  Covid-19 recovery

  Throughout the pandemic Hicom have remained steadfast in supporting and delivering high quality software and support services to the NHS and our healthcare clients during a period of crisis within the sector and one of the most challenging times, both socially and economically, in a generation. During the pandemic our business leaders continuously assessed the impact of Covid 19 on our clients and on the wellbeing of employees. We responded rapidly to developments at the start of the pandemic and adjustments were made to working practices and working arrangements to ensure our clients and our people remained supported at all times. ; ; We were fortunate that we did not have to use the Government Furlough scheme, with our headcount increasing during the pandemic. Since the pandemic, we have been actively recruiting and providing long-term, sustainable jobs offering progression, training and a sense of purpose. ; ; Our products make a real difference to healthcare professionals and communities in need of the critical service our NHS clients provide each day. During Covid, we helped our clients transition to remote working and provided, free of charge, additional user licences so that a disparate and frequently changing care team could continue to use our software.; ; In the period of recovery following the worst of Covid, many of the measures we put in place, such as more flexible working arrangements, extended support, additional licences, improved access to systems remotely, etc., have been retained and are now part of our longer-term planning.
• Tackling economic inequality:

  Tackling economic inequality

  Hicom offer a number of employment opportunities and run successful apprenticeship schemes resulting in long-term gainful employment. We also provide our staff with training opportunities, both internally and with recognised external providers, leading to an expansion in employee knowledge and additional qualifications and certifications that provide employees with a career, development and earning path. Our training plan is designed to support the growth and development of our people, addresses skill gaps in the business and enhancing people’s skills for future career development.; ; We are and equal opportunities employer, committed to improving diversity inclusion and we welcome applicants from a wide range of backgrounds and communities. We believe in fair treatment to all above all else.
• Equal opportunity:

  Equal opportunity

  As an equal opportunities employer, Hicom are committed to the equal treatment of all current and prospective employees and do not condone discrimination on the basis of: age; disability; sex; sexual orientation; pregnancy and maternity status; race, ethnicity or nationality; religion or belief; gender identity; marriage ; and civil partnership status; political opinion and/or working arrangements.; ; We are committed to the principle of equal opportunity in employment and will ensure that all job applicants and employees are treated with equality and respect, complying with Equality Act 2010. Training in equal opportunities and discrimination is provided to all employees as part of our employee induction process.; ; Recruitment and career progression within Hicom is determined purely on personal merit and the application of criteria directly related to the duties of each particular job role and relevant salary structure. In all cases, the ability to perform the job will be the primary consideration. ; ; We are committed to:; ; • providing an environment in which the rights and dignity of all its staff are respected, and which is free from discrimination, prejudice, intimidation and all forms of harassment;; • promoting equality of opportunity for all persons; and ; • promoting a good and harmonious working environment.
• Wellbeing:

  Wellbeing

  Hicom is committed to providing an environment that supports and promotes wellbeing for all our employees. We have a number of structured initiatives in place to support employee wellbeing including: a comprehensive private medical insurance, inclusive of mental health cover; an Employee Assistance Programme offering counselling and support with bereavement, financial or legal issues; and we work with a specialist health and wellbeing provider to carry out regular assessment of the wellness of our people.; ; We offer complimentary fresh fruit every day and we provide a dedicated non-work area with leisure facilities including a pool table, puzzles, novels, guitars, sofas and a TV. Wellness training is also provided in the form of webinars arranged through our digital learning provider on topics such as stress awareness, anger management and creative thinking, and we run health-related training on topics such as adopting good sleep habits and tackling imposter syndrome. ; ; We harness a culture offering opportunities to discuss problems at work, either with a line manager of one of our qualified Mental Health First Aiders, with external support available if required. We have a dedicated Health and Wellbeing channel on Teams, where ideas, tips and wellbeing initiatives can be posted and accessed by all employees. We also hold regular social events to promote positive social connections in the workplace, as well as regular fundraising events with charities such as DRWF and Crisis. ; ; We recognise the importance of work/life balance and autonomy within employee’s roles and to support this we offer employees flexible working arrangements and hybrid working from day one of employment.

Pricing

• Price: £15 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at scott.baker@hicom.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.