Civica UK Limited

Malinko Intelligent Scheduling Software

Intelligent e-scheduling system: Enables the NHS to ‘free up time to care’ and improves how they manage capacity (clinical staff) and demand (patient needs) in a community setting. Improves safety, productivity, service quality, patient care and staff satisfaction whilst reducing clinical risk and care delivery costs in a community setting.

Features

• Clinically safe intelligent scheduling and service management system
• Unique clinical scheduling algorithm to optimally schedule patient appointments
• Automated caseload scheduling and visit booking and mileage reclaim
• Open and published APIs: Enables interoperability between organisations IT systems
• Intuitive design with real-time service capacity and demand view
• Service management analytics and reports including ‘Sit Rep’ reports
• Realtime staff location view and lone worker delayed visit alerts
• Android, iPhone and Windows apps with Mobile Device Management (MDM)
• SMS and voice text patient visit reminder service
• Class-1 Medical Device, DCB-0129, GDPR compliant, DSP Toolkit and ISO27001

Benefits

• Improve the quality and safety of the community nursing service
• Reducing daily planning/travel time releases clinical ‘time to care’
• Prevent unwarranted variation by standardising service delivery
• Reduce clinical risk, improve productivity, service delivery and patient care
• Reduce staffing costs (such as overtime, bank or agency staff)
• Safer and more equitable caseload management and workforce management
• Eliminate clinical incidents such as missed visits and scheduling errors
• Reduce travel costs, patient complaints and enquiries
• Staff feel safer through enhanced lone worker safeguarding arrangements
• Improved staff satisfaction and improved recruitment and retention of staff

£14 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at antony@malinkoapp.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

383832665550924

Contact

Antony Quinn
0161 850 0111
antony@malinkoapp.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Web application:; Microsoft Edge (most up to date version); Chrome (most up to date version); Firefox (most up to date version); Safari (most up to date version); No additional plug ins are required; ; Mobile application:; Android 10 +; iOS 10.0 +; NB. There may be some firewall configuration needed for full application functionality
• System requirements:
  • Internet connection
  • Chrome, Firefox, Safari or Edge
  • Separate licence per user
  • Suitable hardware if mobile app required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Immediate (Severity 1): Response within 1 hour during Service Hours. e.g. Service Failure / Unavailability affecting many users across 1 or multiple sites. ; ; Urgent (Severity 2): Response within 4 hours during Service Hours. e.g. Service Failure / Unavailability affecting few users at 1 or more sites. ; ; Normal (Severity 3): Response within 1 Working Day. e.g. Non-urgent Service defect with workaround affecting 1 or more users. These defects will be logged and be deployed in a future software release subject to the terms. ; ; Educational Support: Response within 1 hour during Service Hours with a target fix time of 4 hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: We use Zendesk - the market leader for support helpdesk software. Here is their assistive technology report: https://www.zendesk.co.uk/company/policies-procedures/accessibility/
• Onsite support: Yes, at extra cost
• Support levels: Immediate (Severity 1): Where a call priority is Immediate, Malinko will respond to the call within 1 hour during Service Hours. e.g. Service Failure / Unavailability of the Service affecting many users across 1 or multiple sites.; ; Urgent (Severity 2): Where a call priority is Urgent, Malinko will respond to the call within 4 hours during Service Hours. e.g. Service Failure / Unavailability of the Service affecting few users at 1 or more sites.; ; Normal (Severity 3): Where a call priority is Normal, Malinko will respond to the call within 1 Working Day. e.g. Non-urgent Service defect for which a workaround can be provided affecting 1 or more users.; ; Non-urgent software issue: Non-urgent Service defects (those defects inherent within the Service but for which a workaround is available) that are affecting 1 or more users will be logged and be deployed in a future software release subject to the terms.; ; Educational Support: Where a call is purely an educational request, Malinko will respond to the call within 1 hour during Service Hours with a target fix time of 4 hours.; ; All response times are within the Service Hours and Working Days of Malinko Helpdesk. ; ; Additional support levels available upon request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: There is a full project managed configuration, implementation and training plan. We provide on-site training with a train the trainer approach. ; ; We provide full user documentation and assist with creating your Standard Operating Procedure. ; ; Post implementation we have an online support ticketing system with associated online training support system and support articles.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • DOC
  • DOCX
• End-of-contract data extraction: Reports can be set up on the system for self service data export. Data is provided in csv format. For more specialised reports, the client can contact support. ; ; Additionally, within thirty (30) days of termination, the Customer may request that Malinko shall provide an extract of the Customer Data to the Customer.
• End-of-contract process: Within thirty (30) days of termination, the Customer may request that Malinko shall provide an extract of the Customer Data to the Customer (in such file format as Malinko shall determine). Malinko hereby reserves the right to charge a fee to the Customer for providing the said extract in accordance with its then current applicable charges for such service. If the Customer fails to request the return of Customer Data within the thirty (30) day timeframe, then, to the extent permitted by Applicable Law, Malinko reserves the right to delete all Customer Data in its possession. ; ; In the event of termination (for whatever reason), Malinko shall (for a period not exceeding 60 (sixty) Working Days after the date of termination or expiry) provide the Customer with reasonable co-operation to enable the Customer to make arrangements for the transition of the supply of the Service to an alternative provider. Malinko shall be entitled to charge the Customer at its prevailing day rate (as notified to the Customer from time to time) in respect of such assistance and co-operation.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is an optional mobile phone app, which is used for checking in/out of jobs and collecting information when out in the field - this does not have the full functionality of the main scheduling system and only allows collection of information on visits that have been allocated. This can be installed on iPhones, iPads, Android phones and tablets and Windows phones, tablets and desktops/laptops.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Malinko uses REST API and HL7. ; ; The REST API is read only. Through the REST API, user can: Access to client information; Access to visit information (including services, notes); Access to questions for a visit; Access visit check in and out information; Check status of a visit. ; HL7 API: ; Create/Update/Archive Patients; Create new users; Create/Reschedule/Cancel Appointments; Create/Update/Archive Staff
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Full configuration support including account configuration, rules configuration, services configuration, custom fields for clients and users. ; ; There are two levels of configuration: Account level - configured by Malinko internal staff.; Account manager level - client side staff with appropriate permissions can set up elements such as new service types.

Scaling

• Independence of resources: We use an on-demand cloud computing infrastructure to provide additional capacity, both planned (ie during working hours vs out of hours), as well as automatically provisioning new servers based on load.

Analytics

• Service usage metrics: Yes
• Metrics types: Malinko maintain audit trails of created, destroyed, edited or viewed records with time, date and IP address (for web app) or mobile device location (for mobile app).
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Reports can be set up on the system for self service data export. For more specialised reports, the client can contact support.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: XLSX
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Uptime/availability for services is 99.9% during Service Hours.; ; Systems are subject to a planned maintenance strategy. Planned maintenance where possible will be accommodated outside of Service Hours without impacting the availability to Users to the System.; All planned maintenance will be subject to change control procedures and will be communicated to the Purchaser within a reasonable notice period. ; ; Upon request we are able to refund on a prorata basis for any unplanned downtime which falls outside the 99.9% uptime availability.
• Approach to resilience: The application is split over physically separate availability zones, as well as a clustered database running over multiple physically separate availability zones.
• Outage reporting: Planned maintenance is communicated via in-app notifications and email communications to nominated contact within client. Support desk can give status updates. Customers can subscribe to our Status Page - this will give information about planned maintenance and unplanned outages and regular progress updates relating to this.; ; For unplanned outages, we can also communicate this with nominated contacts within client if required (whether in office hours or outside hours).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: We have Access Control Specifications, with the principle that only those who are required have a particular level of access actually do so. Dependent upon the system and action taken, sometimes it will require authorisation from two staff. Access to some information is only allowed via super admin log on. All staff are required to have a DBS check and require BS7858 vetting.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 17/02/2017
• What the ISO/IEC 27001 doesn’t cover: All activities are covered by the certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • NHS DSP Toolkit
  • DCB 0129 Clinical Risk Management

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS DSP Toolkit; Cyber Essentials
• Information security policies and processes: We have DCB 0129 Clinical Risk Management and DSP Toolkit compliance. We have the following policies in place which have a direct bearing on information security:; Acceptable use of internet and email policy, Access Control Policy, Anti-piracy Policy, Clear Desk and Clear Screen Policy, Cryptographic Controls Policy, Data Protection Policy, Data Retention Policy, Equipment disposal policy, Information Exchange Policy, Information Governance Policy, Information Sensitivity Policy, IT Policy, Laptop Policy, Leaving Policy, Media Destruction Policy, Network Security Policy, Network Systems Monitoring Policy, Remote Working Policy, Secure Development Policy, Security Policy, Security Incident Reporting Policy, Social Media Policy, USB memory sticks Policy, Virus Protection Policy, Whistleblowing Policy. ; ; We have a number of associated processes and procedures designed to adhere to these policies. We have an ongoing process of internal auditing to ensure adherence to these policies and monthly ISMS management meetings.; ; There is a dedicated software system with recorded process for handling: Security incident, Non-conformity, Change Request.; ; Staff security awareness training takes place throughout the year with briefing sessions for any substantive policy changes.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We have a change management process as part of ISO27001 and Class 1 Medical Device compliance. All tickets are logged and tracked via our issue and project tracking software (JIRA) and the potential security impact and clinical risk is assessed as part of the process of signing off a ticket. All changes to the software are tracked in our version control system (Git).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Server operating systems run Long Term Support versions which are regularly patched.; ; All application software changes resulting in failed tests or security vulnerabilities are blocked by continuous integration servers.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Role based access control, with audit trail of staff changes to records. ; ; As part of the Information Security Management System we screen staff and we have ongoing training including security awareness. In the case of an incident or near miss we have an incident management procedure and recording process and the Information Security Management System Manager would always been informed.; ; Dependent upon the nature of the incident we may also inform the ICO and we may report it via the DSP Toolkit reporting tool.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: For incidents requiring business continuity actions, these are defined within the Business Continuity (Disaster Recovery) Plan.; IS events identified are recorded following the procedures relating to the identification, control and recording of incidents handled using existing escalation procedures when required. These events are assessed by the ISMS Committee ISMS Manager to determine if they are to be defined as information security incidents and when relevant, details are referred to Senior Management.; All comments and actions arising from any incident are recorded within the ; recorded incident form and appropriate action is instigated - these can be provided upon request.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Malinko is a tried and tested clinical scheduling tool, proven to successfully enable community services to better manage and schedule capacity and demand in a safe and efficient way, ensuring that patients are seen by the right clinician at the right time.; ; During the COVID-19 pandemic, we and our NHS and local authority partners have been forced to adopt a remote only implementation methodology. The results have been surprising. The remote-only approach has proved to be a superior method to the pre-pandemic onsite implementation. Our NHS and local authority partners have benefited from the improved accessibility to our implementation team who, working remotely, can better respond to their needs. The increased flexibility and ‘on demand’ accessibility has provided our NHS and local authority partners with a superior implementation experience than the ‘on site’ implementation method for adopting Malinko. As such we will continue with, and formally adopt, a remote-only implementation support service.; ; Additionally, NHS and local authority organisations have received a far more comprehensive demonstration of Malinko when it is presented remotely. Working remotely, our sales, marketing and clinical teams have been able to be much more accessible and flexible in accommodating dates and times for demonstrations. We are also able to provide more frequent demonstrations to interested organisations, further enhanced by the ability of the organisations to invite large numbers of attendees and record sessions for those unable to attend; ; Adopting a remote-only business model has and continues to reduce the risk of our staff being exposed to COVID-19.; ; Whilst these are extremely important factors, none of us with a clear conscious can the ignore the impact that climate change is having on our planet. Our concern for the environment and the impact on future generations is by far the most important factor for adopting this remote-only policy.
• Covid-19 recovery:

  Covid-19 recovery

  We focused on safeguarding our people and communities and ensuring the successful ongoing provision of our business-critical software and services. Supporting customers: Alongside business as usual for our customers, we have worked hard to support the national and local level response through practical, innovative and updated software capability. We have delivered a range of new capabilities quickly, such as those listed below, and continue to provide system advice, configuration and data insights to ensure effective action. - COVID-19 App (the first of its kind in the UK and Ireland) was developed and launched with the Northern Ireland Department of Health, and helped reduce the pressure on the 111 helpline. - Developed local track and trace solution for London Borough of Redbridge, enabling it to support localised contact tracing/escalations. - Community Helper software - built on the iCasework platform to help local authorities co-ordinate rapid support for vulnerable people while minimising safeguarding risks. - Our Trac e-recruitment software was used to help NHS recruiters get the right candidates into posts quickly and fast-track DBS checks. - Supporting social housing tenants - assisted teams to re-focus resources and provide vital support to tenants. - Supporting Revenues and Benefits teams - software solutions for the two largest UK government measures, Business Rates Grant fund and the Council Tax Hardship fund. Supporting employees: We proactively provide guidance and support for our people, from keeping remote workers engaged, to our mental health champions and free-to-access Employee Assistance programme. We have adopted a blended working model enabling colleagues to work safely and flexibly at various locations and hub offices, enhanced how we communicate, and continue to look for new ways to share ideas and inspiration.
• Tackling economic inequality:

  Tackling economic inequality

  Create opportunities for entrepreneurship and help organisations to grow. Malinko is committed to working with its customers to deliver value into the community by supporting young people, developing skills and mentoring businesses to attract inward investment and growth that brings with it employment and skills. We support innovation through our NorthStar innovation lab, a company-wide initiative focused on enhanced client outcomes by applying fresh ideas on data, automation and new technologies. We work with our customers to co-create public services that are fit for today and for the future. Our NorthStar innovation lab creates physical and virtual opportunities for us to jointly explore trends and technologies. Create employment and training opportunities Malinko/Civica is a member of the 5% Club, and aims to have 5% of its UK work force as either apprentices, graduates or work experience students by the end of 2025. We employ apprentices and graduates into a number of different disciplines and locations, with a focus on ensuring they are long term employees of Civica. Support educational attainment Learning and development is at the core of the Malinko/Civica Quality Management Framework. We believe in investing in our people and are proud of our Investors in People Gold accreditation and in being a top rated Glassdoor Employer. We run our own Malinko/Civica Academy for employee development and skills enhancement, which delivered over 220,000 hours of training during 2021. We provide our own apprenticeship programme (team leader level 3) for our aspiring and current managers that are considered stars of the future. We are working on building some new apprenticeship standards such as the UX degree apprenticeship. This will benefit not only Malinko/Civica’s Digital Team but all companies and customers that need UX talent.
• Equal opportunity:

  Equal opportunity

  Malinko Health & Care Technologies is committed to being an Equal Opportunities employer and to maintain a working environment free from discrimination, victimisation, harassment, and bullying. Whether during recruitment, transfer, promotion, training or in the assessment of salary and benefits, it is the aim of Malinko Health & Care Technologies to ensure that all applicants, employees, and workers receive equal treatment irrespective of their sex, marriage or civil partnership status, sexual orientation, race, colour, ethnic or national origins, religion or belief, disability, or age. ; ; Unlawful discrimination, victimisation, harassment, and bullying will not be tolerated by Malinko Health & Care Technologies and those responsible for such treatment or any other breach of this policy may be subject to disciplinary action under Malinko Health & Care Technologies’ Disciplinary Procedure (up to and including summary dismissal) and may be personally liable for unlawful conduct. ; ; Policy ; ; All employment decisions will be made in a non-discriminatory manner and includes all decisions relating to: ; ; recruitment and selection ; ; transfers and promotions ; ; training and development ; ; salary ; ; benefits ; ; severance terms. ; ; Malinko Health & Care Technologies will monitor their employment practices at regular intervals to identify and eliminate and potential discriminatory practices.
• Wellbeing:

  Wellbeing

  Malinko/Civica actively promote a mentally healthy workplace and workforce through our 40+ Mental Health Champions (MHC) and our ‘Health and Wellbeing’ policy, encouraging a flexible and realistic work/life balance. We integrate mental health and general wellbeing in all that we do from recruitment and ‘First Impressions’ to appraisals and strategic management. Our ‘Health and Wellbeing’ policy and programme for all employees provide a foundation to support both the mental and physical health of our staff. Examples include: - Employee Assistance Programme and online Wellbeing Hub, which provides 24/7 access to websites, e-mail, phone and face-to-face counselling on all personal issues. - Aviva DigiCare+ Workplace App providing external mental health consultancy. - Mental Health Champions who support colleagues’ wellbeing in the workplace. - RedArc Personal nurse service. - Management Coaching - managers are trained in GROW (Goals, Reality, Options and Will) and in being Health and Wellbeing Advisors, supporting employees with mental/physical health needs. - Health assessments/advice aimed at improving physical health. - Cycle to Work scheme to aid physical and mental health. - Weekly fruit drop for offices, encouraging a healthier diet. - We provide free eye tests for all VDU users, encourage staff to take advantage of NHS flu vaccinations services, and support people wishing to use the NHS Stop Smoking Service. We also support our customers’ and communities’ physical and mental wellbeing through: Employee ‘Donate-a-Day’ to local charities; Local events organised through “Charity Champions”; Directors providing guidance to local community health and wellbeing projects; Supporting social housing tenants to re-focus resources and provide vital support to tenants. Suppliers/subcontractors are subject to Civica’s Sub-contractor Selection Process as defined in our ISO9001 Quality Management System, which includes criteria for assessing health and wellbeing policies and their promotion.

Pricing

• Price: £14 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at antony@malinkoapp.com. Tell them what format you need. It will help if you say what assistive technology you use.