Skip to main content

Help us improve the Digital Marketplace - send your feedback


MIS C3 fully hosted 999, IUC, 111 and PTS System

Intuitive ambulance command and control system; from call handling through triage to dispatch. Integrated Urgent Care and 111, NHS Digital and national system interfaces enhanced care pathway management for patients. Fully functional non-emergency patient transport system.


  • Market leading tri-service provision for mission critical 999, 111, PTS
  • Rapid, accurate call entry through intuitive user interface
  • Highly innovative modular design
  • Wide third party integration across industry sector
  • Advanced workload and resource distribution tools
  • Comprehensive reporting and data analytics
  • Integral, comprehensive auditing across all system aspects
  • High integration with NHSD services for holistic patient care provision
  • Advanced industry leading automated dispatch
  • Scalable, Real-Time, Multi-Site, Multi-User system


  • Tri-Service shared databasing and customer configuration
  • Truly benefit from economy of scale and cross discipline working
  • High integration to national and third party systems
  • Major Incident Command
  • Hazardous Area Response
  • Event Management
  • Aeromedical Flight Management
  • First Responder Management


£380 a licence a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 2 8 6 9 2 4 8 0 1 0 0 9 6 6


Telephone: 0845 330 4425

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
System requirements
  • Microsoft RDP compatible client devices e.g. Windows 10 or MacOS
  • Apple iOS Devices
  • Android Devices

User support

Email or online ticketing support
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
Service Desk - Our ITIL aligned Service desk is manned Monday to Friday (excluding England's bank holidays). We have 5 default Priority levels with tailored response time SLAs based on individual customer contract. Examples are: P1 (Urgent, system unusable). P2 (Important, hampering system operation). P3 (Non-Urgent, not affecting system operation). We provide a technical account manager and cloud support engineer for regular customer account meetings or incident management. Support is also available 24/7 subject to additional costs.
Support available to third parties

Onboarding and offboarding

Getting started
The training covers all aspects of user and technical training required to ensure that the customer will have the knowledge and skills to leverage maximum benefit from the C3 system both during implementation, and post go-live. The applications training covers every module of the system to be implemented, including training on the range of reporting tools supplied within C3. Training can be provided by our consultants onsite if required or delivered online via audio and visual conferencing tools such as Zoom or MS Teams and Skype. In addition to this, standard user documentation and materials will be made available in electronic format which can be saved locally by the user.
Service documentation
Documentation formats
End-of-contract data extraction
Upon the expiration of the contract we can offer an additional service as a read-only license to the application. However, should the customer wish the data to be extracted then consultancy would be required, which would need to be quoted for.
End-of-contract process
The Contract can be for one of two things: • C3 Application Software and Hosting • C3 Application software only. Upon notice to terminate the contract, we will require an exit plan from our customer, and we will quote accordingly for any professional or alternative services.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
Designed from the ground up to be light on its feet whilst maintaining the superior levels of functionality expected by our customers, our remote worker solution allows full role tailored functionality without compromise. The solution is portable and scalable with reduced resource requirement both in terms of server and network, suitable for mobile networks, it has a simplified customized UI targeted at tablet and touch screen devices. The simplified and configurable UI of Remote Worker reduces training need allowing for rapid deployment to new operators in times of peak demand.
Service interface
User support accessibility
None or don’t know
Customisation available
Description of customisation
The C3 suite of products provision for a high degree of customization per customer; with over 3000 uniquely configurable system parameters coupled with multiple modular desktop schemes, these desktop schemes allow operators to dynamically adjust their modular UI to suit their current role and requirements. Many of the modular elements within the desktop UI can be further customised by operators dynamically during use and stored as pre-sets for rapid recall in the future. Administrators are provisioned to modify system parameters and the level of configurable elements an individual user can leverage, with the remote worker product providing the ability to further lockdown and simplify the users UI where appropriate.


Independence of resources
Our cloud services are based on the requirements provided by our customers. We reserve the capacity required for each customer for the various components, e.g. application and database servers. If a 99.99% uptime SLA (or similar) is required we can build across multiple cloud datacentres in an active-active architecture to ensure available and provide an RTO of minutes. Cloud Bursting can also be used to handle peaks.


Service usage metrics
Metrics types
Usage metrics are available which include number of logged in users, license usage, number of calls and server, client and network test times. Common and generic infrastructure metrics exposed by the operating system and database products such a CPU and bandwidth etc are also available.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We can export user data upon request or alternatively users can be given access to export their own data. Most of the core data is stored in MS SQL Server databases so there are many third-party tools available.
Data export formats
  • CSV
  • Other
Other data export formats
  • GML
  • XML
Data import formats
  • CSV
  • Other
Other data import formats
  • GML
  • XML

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We use AWS and Azure for provision of our cloud infrastructure services, each cloud service has an individual SLA which is dependent on the configuration of individual service. As part of any contract we would clearly define and set out the expected SLAs for each component of the service based on the customer requirements. All claims concerning SLA guarantees must be made in writing by the Customer within seven days following the end of the month in question and will be shown as a credit (once agreed by MIS) on the next service charge invoice. Our approach is to design a service for the customer to ensure uptime SLAs are achieved, if an uptime SLA requires multiple 99.99% uptime servers this is what we will provide.
Approach to resilience
We use Microsoft Azure and Amazon AWS global Infrastructures and datacentres. Every component of the infrastructure and our solutions are designed and built for redundancy, reliability and uptime. All data is stored in UK regions and data centres by default (unless otherwise agreed) on highly durable and redundant infrastructure which can span geolocations for DR/BC purposes, data will also be encrypted at rest. Network load balancing and redundant routing is also configured where appropriate including the facility to use direct connections. Our preferred approach is to design a hosting solution and application layout that supports an active-active approach across multiple datacentres. This is a standard approach in AWS via availability zones, which allow applications to run across 2+ datacentres concurrently. This approach has the advantage that a datacentre failure results in near zero downtime and data loss, it also significantly reduces the cost and impact to the business of regular DR tests.
Outage reporting
We receive automated alerts from our proactive monitoring. Where possible the automated alerts will invoke automated corrective actions. We can configure email alerts for the customer under specific conditions and certain metrics. Due to the nature of our business, for sensitivity reasons we do not provide a public dashboard.

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Both AWS and Azure have Identity and Access Management controls built-in as standard that offer a very granular level of control and permissions. These permissions can be granted at the user or group level including policy and role based. Each resource on the cloud platform can be individually secured. Our C3 application includes a role and task-based security model, in which the software can be configured to give specific users access to areas of the system.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus ISOQA
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO27001 applies to the cloud infrastructure and support provided by our Group company Incline IT. It does not necessarily cover the application software.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • NHS Digital ITK Accreditation
  • Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials
Information security policies and processes
​We are currently Cyber Essentials PLUS accredited and have many internal security polices based on ISO27001. We are also accredited with ISO9001 for Business Processes / Software Development, and ISO27001 for the cloud environment. In order to ensure that our policies are followed, we are externally audited on an annual basis for our ISO9001 accreditation. ISO Processes are followed throughout the organisation. Overall control and management of our ISO Processes is overseen by our MIS Group Managing Director.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Change management is governed by ISO9001. Source code is controlled via Microsoft Visual SourceSafe (VSS). When used with MIS' internal processes, this ensures: Only one developer can work on any component at one time. All code changes are checked in/out of the master database. All code changes are recorded throughout the lifetime of the component. Any previous version can be compared/restored. All components are version controlled. Every software modification requires an amendment number and reason for change. All modifications are subject to our QA procedure. Changes, installations and designs are assessed for potential security impact considering GDPR and encryption.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We will provide a service to manage vulnerabilities and potential threats which reports to the Customer and also the hosting provider. Our service extends beyond patching into vulnerability management which is a key requirement for GDPR and ISO27001. This will result in reports of missing patches and details on un-patchable vulnerabilities which cannot be patched and may require workarounds until a patch is available from a vendor. The patching service follows a standard approach of delivering OS patches into Development and Test environments to allow application vendors to run automated tests before patches are deployed to production.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our service uses server based IPS/IDS capabilities as this provides a more granular approach to network inspection rather than a monolithic and expensive firewall at the edge. The service also includes automated checks to ensure firewall rules are compliant with best practice and can be evidenced against ISO27001, and GDPR. Findings are presented as (low, medium, or high), accompanied by detailed evidence and recommendations for remediation. The findings are also available as functions enabling automatic remediation of specific types of issues. Otherwise any high or medium alert will be quickly assessed by a cloud engineer.
Incident management type
Supplier-defined controls
Incident management approach
We offer an incident management approach based around ITIL and GDPR standard processes for incident events. These include identification, logging, investigation and diagnostics, assignment and escalation, resolution and closure. All support is regulated via our ISO 9001 quality system. Our Service desk performance is monitored and reviewed on a regular basis. Incident and SLA reports can be produced on request

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Equal opportunity

Equal opportunity

We are committed to promoting equal opportunities in employment. Any of our employees or job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation (Protected Characteristics).
Our long-term aim is that the composition of our workforce should reflect that of the community and that all workers should be offered equal opportunities to achieve their full potential.
We are committed to a programme of action to make this policy effective and to bring it to the attention of all workers. The principle of non-discrimination and equality of opportunity applies equally to the treatment of visitors, clients, customers and suppliers by members of our workforce and also, in some circumstances, ex-employees.


£380 a licence a month
Discount for educational organisations
Free trial available
Description of free trial
For existing customers we provide a test system which can be used to evaluate new modules and features.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.