Locum's Nest

Locum's Nest

Locum’s Nest is the end-to-end total workforce solution that connects healthcare professionals to temporary work in NHS organisations. By streamlining and digitising HR, communications and finance processes we help our organisations improve retention and engagement of their workforce, whilst at the same time saving millions.

Features

• Cloud web and mobile based application
• Real-time multiple shift advertising and booking
• Electronic Time Sheet Management
• End-to-end workforce platform covering Bank/Collaborative/Agency/DE
• APIs for integration
• Collaborative staff banks formation
• Healthcare professional candidate on-boarding
• Real time data visualisation and reporting
• Workforce engagement tools and Staff bank Management
• Rostering and Scheduling

Benefits

• Increases staffbank size and reduces agency use producing cash savings
• Increases continuity in wards and maintains clinical service quality
• Reduces time spent by staff managing vacancies and processing timesheets
• Increases the ability of NHS management to plan ahead
• Enables staffbank collaboration across organisations
• Increases transparency of shift availability and rates paid decreasing breaches
• Enables flexible self-rostering for all staff
• Improves staff engagement and morale
• Streamlines communication and onboarding process for staff
• Facilitates activity-based rostering, scheduling and shift management

£5,000 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ahmed@locumsnest.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

382401200599382

Contact

Ahmed Shahrabani
07867382169
ahmed@locumsnest.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: With our gold standard open API links we can support organisations in their software suite. Our Link module facilitates service extensions to chosen rostering providers ; The Community module can be an extension to the current bank management system used by the Trust.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements:
  • A modern browser updated post year 2000
  • Internet connection to access Locum's Nest portal

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday-Friday: Within 2 hours ; Weekends: Within 2 hours for urgent queries
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users are able to type a question and dictate a question dependent on the type of device used and activated accessibility functionalities
• Web chat accessibility testing: Regular web chat testing with assistive technology users since 2016 - platforms constantly upgrading with regular releases to ensure best practises deployed
• Onsite support: Onsite support
• Support levels: Locum's Nest provides a dedicated team to each organisation which includes an experienced named account manager who works very closely with the partner organisation throughout the partnership. The account manager is available for telephone, email and on site support to onboard, train, resolve issues, answer questions or provide any other type of support requested. The dedicated account manager is provided at no cost to the organisation. The team that supports each organisation also constitutes a team of cloud support engineers as well as other experienced support team members
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide on site training (or remote if preferred) for all software users. We provide an account manager who makes regular onsite visits and offers 7-day support. Resources on how to use the system, including how-to videos, user guides and FAQs are available on the platform and can be accessed at all times
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • Hard copies
  • Videos
  • Online interactive tutorials
  • Audio files
  • Excel spreadsheets
  • Interactive user systems and live dashboards
• End-of-contract data extraction: At end of contract, the users can request access to all of their data which can be extracted directly from the platform or provided by Locum's Nest. Locums Nest end-of-contract processes are deployed to ensure a seamless transfer of data and transition to any future processes and/or systems.
• End-of-contract process: At the end of the contract, and assuming no renewal, the user is entitled to receive all their raw data from Locum's Nest free of charge. The Locums Nest end-of-contract process is also initiated where the team support the Trust with any future transition to new systems and/or processes.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop version has an administration system to help admin/managerial staff upload shifts and manage their workforce efficiently. It does not need any installation and can function off the cloud. The iOS and Android applications are used by healthcare professionals to book and manage shifts - both applications are native in nature - purpose built for the mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Locums Nest has a number of pre-developed and live APIs in place that enable the platform to connect with other systems deployed across our partner organisations.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Regular interface testing with assistive technology users since 2016 - platforms constantly upgrading with regular releases to ensure best practises deployed. Tested on demo environments with users prior to being deployed on the live platform.
• API: Yes
• What users can and can't do using the API: There are two sets of APIs. One set of Web APIs to serve the Web application accessed by the hospital staff and a set of RESTFul APIs consumed by our mobile apps. ; ; The mobile apps invoke a set of RESTFul APIs where the authentication is token based. Locum's Nest are providing access to 3rd parties through the provision of a set of APIs where the consumer will need to be authenticated and authorised by calling the end point. Certain control measures will be in place such as throttling to control the way API is consumed.; ; There are no limitations on how changes to the API can be made and/or requested by users
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our software is built in a modular way so that the majority of the features can be fully configurable to a level where they will appear to be entirely bespoke. It has been possible to customise the features to meet the demands of more complex organisations due to the sophisticated engine which powers the apps. ; ; Various features can be customised, for example, our rate escalation approval process and timesheet submission timeframe - these can be requested by organisations at launch and configured by Locum's Nest.; Organisations can themselves customise their organisation's structure such as sites, departments and users.; ; Locum's Nest will consider additional customisations on a case by case basis and both the partner user and the Locums Nest team are able to customise the platform

Scaling

• Independence of resources: Locum's Nest architecture ensures high level of availability and scalability based on demand. High scalability is ensured by leveraging AWS Fargate a serverless compute engine for containers with ECS (Amazon Elastic Service). In this way, our architecture automatically scales based on certain metrics.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics provided include but are not limited to:; -Number of shifts posted and filled ; -Percentage fill rate; -Rates advertised; -Rates paid; -Shifts posted by reason for vacancy; -Total spend on temporary staff; -Collaborative shifts worked; -Staff bank size and growth; -Staff bank engagement level; -Staff bank membership requests status; -Total applications received; -Benchmark metrics based on similar organisations; -Roster efficiency, flexibility index ; -Substantive/Bank/Agency staff breakdown
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Raw data can be exported via CSV and Excel files.; ; Data visualisations and analyses can be exported via Locum's Nest Intelligence platform which supports with live views of the organisations data demonstrated in an advanced and easy-to-follow way
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Powerpoint
  • PDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • JPEG
  • XLS
  • Direct API data uploads - bilateral

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Our architecture is structured via a VPC (Virtual Private Cloud) with security groups acting as firewall controlling both inbound and outbound traffic. Network Access Control ACLs act as a firewall for associated sub-nets. The transit of data is encrypted through SSL. CEPlus accredited and on DSPToolkit 2023/24. Annual CREST certified PenTest completion.

Availability and resilience

• Guaranteed availability: We guarantee availability for 99.99% of the time. Our application is not service critical so we do not anticipate service users requesting refunds and have had no instances of refund requests since the inception of the company. Our architecture/topology ensures high level of availability and failover support with multiple copies of data in different zones within the same region. In the unlikely event of total disaster we are capable of rebuilding the whole architecture and restore data within minutes. We design and implement our infrastructure using Infrastructure as a code a key DevOps practise. We have ready-built SLAs in place for any primary or secondary KPIs being missed with service credits deployed should the KPIs be missed.
• Approach to resilience: Our server provider guarantees 99.99% network up-time. We maintain high level of resilience at all levels. All of our resources are designed and deployed in multiple zones which automatically failover between zones without interruption. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures. Our applications operate on clusters ensuring high availability and our databases apply master/stand by replicas. In addition automated backup jobs are scheduled frequently with scripts for automated restoration.
• Outage reporting: We would report any outages immediately to all affected stakeholders via email alerts and telephone messages and if needed will be providing on-site support during the affected time. Any planned outages and always scheduled to be performed during non-working hours, a well-defined maintenance window, which is communicated to all affected stakeholders well beforehand for better manageability leading to qualitative service. This is also reflected on the users public dashboard alongside any expected periods of downtime which have been minimal to non-existent to-date

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: All NHS managers using the service need face-to-face authentication before Locum's Nest will issue a user name and password. The NHS organisational senior management will firstly provide a list of all approved users.; ; All Healthcare Professionals using the service need to upload two photographic IDs, professional registration number and/or an NHS.net email account.
• Access restrictions in management interfaces and support channels: All management users are subject to face-to-face vetting by Locum's Nest account managers.; ; On the Locum's Nest management side access is restricted to senior management with modular levels of access given to different types of users within the company
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Our server suppliers hold this information
• ISO/IEC 27001 accreditation date: Our server suppliers hold this information
• What the ISO/IEC 27001 doesn’t cover: Our server suppliers hold this information
• ISO 28000:2007 certification: Yes
• Who accredited the ISO 28000:2007: Our server suppliers hold this information
• ISO 28000:2007 accreditation date: Our server suppliers hold this information
• What the ISO 28000:2007 doesn’t cover: N/A
• CSA STAR certification: Yes
• CSA STAR accreditation date: Our server suppliers hold this information
• CSA STAR certification level: Level 5: CSA STAR Continuous Monitoring
• What the CSA STAR doesn’t cover: N/A
• PCI certification: Yes
• Who accredited the PCI DSS certification: Our server supplier holds this information
• PCI DSS accreditation date: Our server supplier holds this information
• What the PCI DSS doesn’t cover: Our server supplier holds this information
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Locum's Nest has three separate environments, used for development testing and production. ; ; We apply DevOps best practises ensuring that the software lifecycle is shorten allowing us to be responsive to change is a secure and controlled manner. ; ; Any software, undergoes thorough testing (automated and manual), code review before its delivery to the end customer. ; ; Any functionality follows the software release cycle ensuring best possible quality, with code reviews and testing (unit and integration testing). The production data is only accessible through the application server which authenticates and authorises any API calls to either retrieve or change data with full audit trail. The data is always encrypted at transit and at rest. ; ; Locum’s Nest is a registered data controller under the Information Commissioner’s office (ZA198860).; ; We have an IT security policy in place which includes policies for passwords, antivirus, data retention, software updates and privacy screens. All policies re documented and published and made known across to the organisation through the company's Intranet

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Any change on the sourcecode does not directly affect the live environment. Code upgrades or bug fixes are first tested on a mirror environment. Once it passes our Quality Assurance process it is then released onto the live server. This is always planned at 6am. This allows us to be very responsive if any unexpected bugs are detected. Locum's Nest assesses changes based on impact, difficulty and urgency. Depending on urgency - security or live bug - we prioritise and fix immediately. Changes are assessed on a daily basis. Then informally and formally they are tracked once a week.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Locum's Nest implements security checkpoints throughout the software development lifecycle to ensure that we are not vulnerable to common threats in web applications such as the Top 10 published by the Open Web Application Security Project - OWASP. The website is deployed behind HTTPS so all information exchanged between the user’s computer and the server are encrypted.; ; We can deploy patches immediately.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We maintain and monitor an access log which allows us to detect any unusual or unsolicited activity on our software. All users are vetted using multi-factor authentication. For example, a doctor will need to provide their GMC number, name and surname as they are kept by the General Medical Council. In addition, to access the application full range of functionalities they will need to provide a photo-ID or authenticate their account using an official NHS email. Both the GMC and bodies providing NHS email addresses, subject their users to multi-factor authentication processes themselves. Similar examples in place for other workers
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a pre-defined process that starts with detection. We then move to triage, analysis and incident response. ; ; We operate 3 levels of Customer Support. The incident hits the 1st level support (our front line) who deal with the incident. If the incident proves to require special skills to be addressed then is escalated (2nd or 3rd level) to the subject expert. ; ; In parallel, we make announcements and provide alerts to customers and the processes ends with lessons learnt and the implementation of mitigations if the incident has highlighted a vulnerability or fixes.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Locum’s Nest was shortlisted for the 2023 HSJ Partnership Award 2023 for our Environmental Sustainability Project with the University Hospitals of Leicester Trust. This project focuses on eradicating paper and reducing CO2 emissions through digital solutions. Our blog, ‘Leveraging Workforce Technology For A Greener NHS,’ outlines how we contribute to the NHS's net zero targets by 2045. As part of the NHS Innovation Accelerator, Locum’s Nest has implemented strict rules for all of its employees and is proud to say that we are now a carbon-neutral organisation.

  Covid-19 recovery

  At Locum’s Nest, we believe that a better work-life balance supporting the health and wellbeing of our team is core to our success to enable us and our NHS partners to recover their resilience. Following the pandemic, the team ensured that the Locum’s Nest app develops efficiencies around workforce management and so enables more Trusts to embrace flexible working. Since Covid-19, the collaborative staff bank was used to welcome back returners who may have left the NHS after becoming parents or retired from full time patterns, however the ease of shift booking changes the organisational culture and encourages them to stay boosting staffing levels. Our blog on our website, describes this approach in more detail. Part 1: Workforce technology on a mission to support NHS staff wellbeing — Locum's Nest. At the height of the pandemic, Locum’s Nest, alongside Microsoft and others, offered its end-to-end offering for free to any NHS Trusts that were struggling to safely staff their wards.

  Tackling economic inequality

  As an organisation, we support Tackling economic inequality through promoting new entrepreneurs: Our Co-Founder, Dr Ahmed Shahrabani is a NIA Innovation Fellow with the team and therefore encourages more new SMEs to launch their ideas to the NHS with the innovation team. In addition to this, Locum’s Nest employees are active supporters of the Crankstart Scholarship, offered to high-achieving medical students from low-income backgrounds at the University of Oxford.

  Equal opportunity

  Locum's Nest has a robust social value policy & Diversity and Inclusion policy. Our blog on our website shows how we support celebrating inclusivity as part of our values and as an organisation, we currently have an equal gender diversity ratio for those who identify as male:female which is 51:49. Our executive team has a 60:40 gender and global majority ratio which is rare in the health software technology sector.

  Wellbeing

  In order to evidence our internal culture of trust, autonomy, and flexibility for our colleagues, Locum’s Nest are fully accredited with a Flexa score of 96. We were delighted to have won the Flexa100 awards for 2024, ranking as number 1. We have a number of initiatives such as a personal monthly wellbeing allowance, access to free mental health provision as well as ensuring that necessary adjustments are made to team members from all backgrounds. By offering clinicians and NHS Trust colleagues a software platform that was built by them for them, we have seen staff survey scores improve across the vast majority of our partner Trusts when workforce wellness and wellbeing was being measured. NHS colleagues feel empowered when using the software technology, giving them levels of autonomy that other platforms and incumbent processes never could, this autonomy translates into higher levels of satisfaction and ultimately overall sense of wellbeing.

Pricing

• Price: £5,000 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: This is provided on a case-by-case basis depending on customer needs.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ahmed@locumsnest.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.