C THE SIGNS LIMITED

C the Signs AI Cancer Prediction Platform

C the Signs is an AI Cancer Prediction Platform to improve earlier and faster cancer detection. C the Signs is a cloud-based software that enables healthcare professionals to identify patients at risk of cancer and recommending the best and fastest route to diagnosis in under 30 seconds.

Features

• Integrated with patient electronic medical record systems
• Real-time decision support to identify patients at risk of cancer
• Real-time automated tracking & safety-netting of patients with suspected cancer
• Real-time automated tracking of patients with a cancer diagnosis
• Population risk stratification of high-risk patients to invite for assessment
• Real-time cancer dashboard with cancer performance data & KPIs
• Real-time patient communication via SMS & email, in multiple languages
• Real-time triage of all patients to correct clinical pathway
• SMART forms ensure 100% of patients referred are clinical appropriate
• Cancer performance data accessible to users, organisations and stakeholders

Benefits

• Increased identification of patients at risk of cancer
• Increase in number of cancers diagnosed early
• Faster diagnosis and faster start of treatment for patients
• Improved patient experience & patient education
• Prevent inappropriate referrals and reduces waiting times in hospitals
• Reduce inequalities in cancer outcomes
• Improved overall cancer performance using a data driven approach
• Increase in cancer conversion rates from referrals and diagnostics
• Reducing in cancers diagnosed through emergency presentations
• Reduction in cost of cancer care

£0.20 to £0.33 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bbakshi@cthesigns.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

369091500655811

Contact

Bhavagaya Bakshi
07809482781
bbakshi@cthesigns.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our service is designed to work in the framework of NHS recommended hardware and software. The Electronic Healthcare Record (EHR) integrated version is available on EMIS web, SystmOne and Vision. These cover more than 97% of all EHR systems in primary care. Alternative or further integrations can be provided upon request.
• System requirements:
  • Windows 10 (or above) operating system (typical)
  • Microsoft Dotnet 4.7.2 (or above) framework installed (free)
  • 100mb of hard disk space for desktop app installation
  • Modern secure browser (Chrome, Edge)
  • 1Gb computer RAM (4Gb recommended by NHS Digital as standard)
  • 1GHz computer processor speed
  • Standard broadband connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our average response time is within 1 hour for over 95% of queries. These are queries raised through our internal error management system and the technical Helpdesk we operate (users can contact via phone and email).; ; As we currently work predominantly with primary care services the service specifications have not requested Helpdesk support over weekends as organisations and services are closed during these periods. However, if the contract would be with an organisation operating over weekends we would extend the service over this period of time.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: C the Signs offers a comprehensive technical and clinical support help desk. The help desk runs Monday to Friday 9am to 5pm. We have a single point of entry to the technical and Clinical Helpdesk to make it easier for user.; ; We have a rapid response rate to questions and queries, with a 95% closure rate with an average response time of less than 1 hour for emails and internal notifications (with telephone being considerably quicker).; ; Alongside this, any issues requiring onsite investigation or support we will facilitate an engineer to go out to the site to investigate and fix this issue.; ; Help desks and support provided is inclusive of the license fee.; ; The Helpdesk is led by the Quality Assurance Team and the Clinical Commissioning Lead for each customer, who serve as the first point of contact for the customer, to manage and lead on the installation, deployment and ongoing support, training and any technical and clinical questions regarding the system.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Prior to the deployment of the system, the Clinical Comissioning Lead for the area/customer will engage with all intended users across the region and invites them to register for online training with the following options:; 1. Webinar; 2. Organisation-based training (on-site or virtual); 3. Attendance at a standing meeting to conduct training (on-site or virtual); ; Alongside this, a comprehensive education and training pack with videos, guides, and information on cancer in the UK, best practice guidelines, national cancer targets and performance requirements are provided.; ; Unlimited training is provided throughout the commissioning period. Once areas are on-boarded, training focuses on understanding cancer data and creating cancer improvement plans; ; Throughout the license periods activity is monitored to target users to invite them for training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon the contract ending C the Signs will implement a detailed exit plan to facilitate the safe transfer of data back to the user & organisation, and then delete any identifiable data from the database.; ; Each organisation will be required to complete an exit questionnaire to determine local risks and continuity plans. During the contract termination notice period, there will be a phased switch-off in order to ensure that data can be safely moved on to alternative systems to ensure continuity of services and avoids any interruption to patient service delivery or harm.; ; C the Signs will be archived on computers once the following actions have been completed:; • All patients have been removed from the organisational dashboard.; • The organisation has notified C the Signs that they have no further use of the dashboard and patients have been removed.; • The end of the Data Processing Agreement term has been reached.; ; Once processes have been put in place, or the notice period complete, C the Signs will issue a password protected document with any remaining patients on the C the Signs dashboard. Following this, a data destruction certificate will be issued to certify the deletion of any identifiable data.
• End-of-contract process: C the Signs is commissioned as an annual license fee, based on the size of the population, the complexity of the build and configuration required, and the length of the license (from 1 - 5 years).; ; The license includes:; 1. Configuration of the system to cancer pathways, access to cancer diagnostics and services across the region and patient resources; 2. On-boarding of all sites (covering installation, training & education prior to deployment and throughout license period, to all users); 3. A technical and clinical Helpdesk throughout the license period, Monday to Friday 9am to 5pm (if requested over the weekend this can be accommodated).; 4. Throughout license any updates and changes to cancer pathways, services, and access across the region. These are made in a timely manor (2-4 weeks for routine changes and 48-72 hours for urgent changes).; 5. Technical and software updates required for continued use through the electronic health record systems & for security maintenance; 6. Updates in line with changes to national and local cancer guidelines and best practice recommendations; 7. Data reports: including extraction, analytics, modelling across the organisation and impact data on clinical outcomes & cost-effectiveness.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile service doesn't host any patient identifiable information (it facilitates remote risk assessment alone).
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: The primary service exists as a desktop toolbar which launches the default web-browser to access C the Signs features and functions. There are two main components (a risk assessment and referral service, and a practice dashboard to monitor safety-netted patients).
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: C the Signs is fully tested with clinical and administrative staff in primary care to assure it has a fantastic user experience. In regard of assistive technologies, we optimise the design of each feature to support those with hearing and visual impairments; however, this has not formally been tested.
• API: No
• Customisation available: Yes
• Description of customisation: There are components of the system which can be switched on and off depending on the requirements of the buyer. In addition, the system is fully customised to the local area available investigation and referral pathways. These are customised by C the Signs in consultation with the buyer.

Scaling

• Independence of resources: We use cloud based AWS architecture which is completely scalable (we have alarms on the system to monitor for growing demands to scale the infrastructure even further where required).

Analytics

• Service usage metrics: Yes
• Metrics types: We provide buyers with metrics on: engagement, usage, pathways (for optimisation), referral practices, safety-netting, and outcomes. We also provide individual practices with a live data dashboard which reflects this information to support improvement in cancer care.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: We ensure encryption and anonymisation of patient identifiable data at rest.
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is no requirement to export data on an individual user basis (all information is transferred back into the Electronic Healthcare Record to maintain a single source of truth for the patient and practice). However, data can be exported into CSV format on a practice level (e.g. if the practice is safety-netting patients using an alternative to C the Signs).
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Electronic healthcare record practice data scanning (Bulk importing)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee 99% availability of the C the Signs service which has been provided since our first contract (in line with AWS server guarantees). However, due to dependencies on servers and third parties for integration into the Electronic Healthcare Record (for example through NHS Digital's IM1 programme) we cannot guarantee the same level of availability for all components of the platform (as we have no recourse with third parties through NHS contracts). There are system back-ups (web, mobile applications) which provides a limited interim service whilst we wait for third parties to restore their systems. Failure to maintain server up time would trigger refunds inline with AWS refunds received and distributed amongst buyers.
• Approach to resilience: The service is designed in a microservice cloud-based architecture using the latest technology stack for resilience and scalability. Further information on data-centre resilience is available upon request.
• Outage reporting: Email alerts are sent out to all customers affected or customers who could be affected by service outage. We also provide in application notifications and error messages for particular service outage.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: We utilise Electronic Healthcare Record provider logins as a similar process to federated access to act as a dual authentication process. Users are also required to be connected to the HSCN network to access patient data within C the Signs.
• Access restrictions in management interfaces and support channels: We utilise role-based user access in Amazon Web Services, as well as within the production VPN.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 04/11/2022
• What the ISO/IEC 27001 doesn’t cover: Nil
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: - Cyber Essentials Plus certified; - NHS Data Security and Protection Toolkit standards exceeded
• Information security policies and processes: We implement a security and data by design framework.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: In the onboarding process we work with buyers to customise the platform to their requirements, including: practices supported, direct-access investigations, referral pathways, hospitals referred to locally, deployment plan, communication plan, and information governance approval. All configurations are documented, dated and assigned.; ; Platform feature updates are planned carefully with a security and data by design approach. When releases are scheduled, individual microservices contain version numbers, and each minor change can be tracked in audit logs and software to date, time and author.; ; Change requests by buyers (e.g. for pathways) are submitted through a form and tracked from request to deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Each month our public IPs undergo routine vulnerability scanning to establish any new threats. We also undergo annual manual penetration testing, or more frequent where there is a substantial change to the system. We also are part of NHS Digital's High Security Threat list for urgent security threat alerts. A threat assessment is completed to determine the clinical risks and a planned update or patch is delivered. This is typically within 2 working days for high or critical security threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We utilise automated bug tracking and exception tracking software which cause any runtime errors to detect any potential incidents or compromises to the system. We also have an automated error tracking system which notifies us of any unintended usage of our APIs.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We are certified and audited for ISO 20000-1. Users can report incidents through multiple channels: telephone, email and automatically tracked error messaging within the platform. Incidents are classified into P1-P3 to establish an SLA to manage the incident with the user or buyer being informed throughout the process. Incident reporting on P1 and P2 issues can be reported to buyers (on request as they usually need to be provided to specifc bodies within the organisation) and, where appropriate, are included in updates to our Clinical Safety Case Report (DCB 0129).

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  C the Signs is committed to achieving net-zero emissions as early as possible and well before 2040. Firstly, we utilise cloud computing with Amazon Web Services (AWS) which reduces CO2 emissions by 88% in comparison to local server hosting. We provide the vast majority of our training using remote video conferencing solutions, which minimises emissions related to transport, not only for C the Signs employees, but also for our users and buyers. In addition, AWS as well as our other software providers are all dedicated to achieving net-zero by 2040.; ; The greatest effect on CO2 emissions by C the Signs is achieved via early diagnosis of cancer. Early cancer diagnosis results in less chemotherapy, radiotherapy and surgery, including reduced cycles or repeated treatment. In addition, early diagnosis reduces the frequency of admissions to hospital. These events all have a significant carbon burden.

  Covid-19 recovery

  C the Signs helps to improve the accuracy of cancer referrals into secondary care. This means that we are able to detect more cancer for less referrals. Currently there is significant backlog for the elective recovery, with cancer referrals being prioritised above the routine backlog (currently standing at over 5 million patients). Therefore, C the Signs will help to support the elective recovery.

  Tackling economic inequality

  C the Signs measures baseline inequality indices at deployment, including: deprivation (economic inequality), ethnic background, mental health illness, physical and learning disability, and transgender patients. This means that local pathways and interventions can be assessed and narrow these inequality gaps across the commissioned area.

  Equal opportunity

  C the Signs is a strong proponent for equal opportunities for staff in our company, buyers and users of our service, and patients who benefit from our service.

  Wellbeing

  The most important benefit of C the Signs is earlier diagnosis of cancer which gives patients an 80% chance of survival (on average). We also support cancer care reviews which ensure patients are aware of their diagnosis and treatment, as well as taking a holistic approach to patient wellbeing (including physical and mental health, as well as family, financial and work related stressors which can be supported). In addition, by providing clinical decision support, our users are able to have peace of mind in a highly stressful environment on knowing when patients are at risk of cancer or can safely be excluded.

Pricing

• Price: £0.20 to £0.33 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide trials to the unintegrated service (web and mobile applications for up to one month). This is available on request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bbakshi@cthesigns.net. Tell them what format you need. It will help if you say what assistive technology you use.