ReStart Consulting Ltd

IMX Platform

A platform with cloud deployed applications which can support EPR implementations, data archiving, PROMs, business continuity, integration, data migration and transformation. It's flexible, interoperable, and scalable, seamlessly integrating with existing ICT infrastructures. Suitable for use across any health and care organisation.

Features

• Patient Reported Outcomes Measures functionality
• Clinical Portal/Shared Care Record
• Archive Solution
• Electronic Document Management
• Interoperability Solutions
• Dashboards and Real time Reporting
• Business Continuity
• Support, Alerts and Monitoring
• Integration
• Integration Engine

Benefits

• Interoperable with any system
• Access and use on any device
• Highly configurable to support local processes
• Intuitive
• Secure with full RBAC access
• Modern microservices architecture
• Auditing and reporting functionality
• User led design
• Full compatibility between applications
• Flexible, agile and phased implementation approaches

£15,000 to £200,000 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@restartconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

404633377848431

Contact

Geri Boynova
01392 363888
commercial@restartconsulting.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Can be launched in patient context or embedded within any system.; ; Compatibility across all IMX solutions regardless of the initial application deployed.
• Cloud deployment model: Private cloud
• Service constraints: None.
• System requirements:
  • Integration Engine licence (if required for the specific IMX application)
  • Document conversion licence (if required for the specific IMX application)
  • EMPI/MDM software licence (if required for the specific IMX application)
  • Database software licences (if required for the specific IMX application)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLAs available on request and can be configured to suit an organisations requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support costs can vary between IMX applications and are dependent on the term of the contract selected by the organisation.; ; ReStart adopts a flexible pricing approach to suit any capital and revenue budgets and can modify pricing to fit any organisation's budget requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ReStart can support any training requirements. Our preferred approach is Train the Trainer but we can provide classroom training and documentation as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: If the solution is within the organisation's data centre, they will retain the data. If ReStart are holding the data, it will be exported and provided to the organisation in agreed location.
• End-of-contract process: If the system is being replaced we will work with the new supplier to do a sufficient hand over process. This process and the exit extract, if required, will not be at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference. They are the same solution.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: IMX has a fully open API available to organisations and their partners.; ; IMX can communicate with any API used in other solutions. It is a fully interoperable platform.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The IMX interface has been designed to be accessible for all users including those using assistive technology. All aspects of the solution have been user tested and approved for us by Health and Care organisations.
• API: Yes
• What users can and can't do using the API: User organisations can configure their internal systems to launch IMX via our openAPI.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: All aspects of the solution can be customised to suit the organisation and their users needs.

Scaling

• Independence of resources: If IMX is hosted in the organisation's environment then ReStart can recommend that additional resources are added to the deployment environment if concurrency becomes an issue.; ; If IMX is hosted in ReStart's environment, the environment will be configured to add additional resource as required.

Analytics

• Service usage metrics: Yes
• Metrics types: IMX has a full suite of auditing and logging tools that provide complete metrics to appropriate users in the organisation.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Qvera (QIE)

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users of IMX are clinicians. Should the data owner (patient/service user) require an export of their data, this can be obtained through a Subject Access Request to the data controlling organisation.; ; If the data controller is a health or care organisation then the process for exports will depend on local policy. ; ; If the solution is hosted in ReStart's cloud, then users can place a subject access request with ReStart directly.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Not applicable.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% up time guaranteed with service credits associated with any breaches.
• Approach to resilience: IMX is a high availability solution with 99.9% up time. In terms of resilience, the IMX solution is composed of microservices running in Kubernetes. This allows us to scale the workload flexibly when demand changes. Kubernetes spreads the workload across multiple servers, providing resilience to server failures. On our Cloud environment, these servers and other resources such as databases are distributed across Availability Zones, providing resilience against availability zone failure.; ; The Kubernetes cluster configuration is kept up-to-date with security best practices and each container is frequently scanned for CVEs to ensure the IMX solution is kept secure. ReStart's resilience policy is available on request.
• Outage reporting: Email alerts are used to report the majority of outages. ; ; Within IMX one of the applications IMX Alert has a customer facing dashboard which reports any issues in an organisations integration environment.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: Users are assigned roles based on RBAC principals. This allow access to interfaces and support channels to be managed.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: At ReStart ensuring the security and confidentiality of sensitive health data is paramount. We have established robust information security policies and processes to safeguard data integrity, protect against unauthorised access, and mitigate potential risks. All Restart's information security policies/processes are available on request. Some of these include:; ; - Data Protection Policy: This defines our procedures for handling, storing, and transmitting sensitive health information in compliance with relevant regulations such as GDPR (General Data Protection Regulation).; ; -Incident Response Plan: Outlines steps to be taken in the event of a security breach or data incident, including incident detection, containment, investigation, and reporting.; ; - Employee Training and Awareness: Requires regular training sessions and awareness programs to educate employees about information security best practices and their responsibilities in safeguarding sensitive data.; ; We conduct periodic audits and security assessments to evaluate compliance with information security policies and identify areas for improvement.; ; The reporting structure in place to ensure that policies are followed includes:; ; An Information Security Officer who oversees the development and implementation of information security policies and procedures.; ; Information Security Team: Responsible for monitoring systems, conducting risk assessments, and responding to security incidents.; ; Senior Management: Provides oversight and support for information security initiatives.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We track components throughout their lifecycle and assess changes for security impact. Our version control processes ensure accurate tracking, while documentation provides clarity. Changes undergo formal requests, risk assessments, and security reviews. Vulnerabilities are addressed pre-deployment through testing and remediation. Our Change Control Board approves changes based on impact and alignment with goals. Post-Implementation Reviews capture lessons for improvement. These processes maintain the integrity and security of our solutions.; ; ReStart's configuration and change management policy can be made available on request.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: ReStart's vulnerability management policy is confidential and available to organisations on request.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: ReStart's protective monitoring approach is confidential and available on request.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have predefined processes for common events, ensuring swift resolution. Users report incidents through various channels, including email, or phone. ; ; Our incident response team triages and prioritises issues based on severity. Regular updates are provided to users throughout the resolution process via email or an agreed system such as Jira. Post-incident, detailed incident reports can be generated, outlining the root cause, impact, actions taken, and preventive measures. These processes ensure timely resolution and transparency. ReStart's Incident Management policy is available on request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our Environmental Strategy has clear targets outlining how we work to ensure that we are contributing to our overall goals of achieving net zero greenhouse gas emissions. The strategy describes the risks, measures, and considerations we take across our organisation, partners and supply chain including but not limited to reduction in transport, paper use, recycling processes etc. We are happy to share this strategy on request.

  Tackling economic inequality

  Our Equality, Diversity, and Inclusion Strategy outlines how we will ensure that we will continuously learn about the inequalities within the sector, relevant to the solution and services we provide and ensure fair recruitment processes are adopted and progression is promoted across all existing employees. We are happy to share this strategy on request.

  Equal opportunity

  ReStart is committed to promoting equal opportunity by prioritising accessibility, diversity, and fairness. We adhere to accessibility standards to ensure all users can access our services. Our workforce and supplier base are diverse, reflecting our commitment to inclusivity. We uphold fair hiring practices, offer training opportunities for skill enhancement, and engage with local communities to understand their needs. These efforts collectively contribute to a more inclusive and equitable environment within our organisation and beyond.

  Wellbeing

  Our Health and Wellbeing Strategy outlines our commitments in ensuring health and wellbeing for employees. Tools, such as questionnaires, will be used to obtain feedback and develop further improvement strategies. We are happy to share this strategy on request.

Pricing

• Price: £15,000 to £200,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at commercial@restartconsulting.com. Tell them what format you need. It will help if you say what assistive technology you use.