Attain Health Management Services Ltd

Attain Health and Care Workforce Command Centre

The Attain Workforce Command Centre gives users a view of the workforce baseline pressures across their health and care system. The Attain Workforce Command Centre provides a system architecture designed to understand and address the key current and future staff challenges that Health and social care systems face.

Features

• System wide baseline of workforce
• Align workforce datasets
• Clear representation of data
• interactive experience
• Granular dashboard
• NHS and local government IG approved
• Modular service offer
• Quarterly updates

Benefits

• One stop shop across the system
• Single version of the truth across the system
• Seamless integration with Office365

£30,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at CommercialBidSupport@Attain.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

413611378451992

Contact

Esther Pettigrew
02034356590
CommercialBidSupport@Attain.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Access to a web browser
  • Access to username and password credentials

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Anticipated 24 hour response
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: All new development, bug fixes, data refreshes, quarterly software and functional service updates. ; Each customer has an allocated account manager; These are included in the cost, any customisation requires scoping and costing in addition.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Agree project plan and project manage implementation of tool; Data upload uses standard templates to populate the tool.; Customer receives training on the tool, and on-going dedicated support; User documentation is in place
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data is provided in CSV files
• End-of-contract process: There is a project ramp down where the phased transition of information. ; Data model is not transferred to the customer; All customer data is deleted at the end of contract

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: The data and the representation of outcomes on the dashboard can be customised to serve the needs of the customer. This is managed through change control process overseen by the Attain Account Manager, with a designated customer representative.

Scaling

• Independence of resources: There is a scaleable Azure-based capacity for increases in demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly usage statistics by customer, user and system view
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Use .CSV files
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Azure guarantees 99.9% availability of its Power BI Embedded service
• Approach to resilience: Automatic Traffic Manager detects high levels of use and automatically adjusts capacity of service; ; Uses Microsoft UK South Data Centre which uses local redundancy to provide 99.5% availability of service
• Outage reporting: Automatic emails to Attain which we then share with users

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Other user authentication: Web filtering software used for mobile users
• Access restrictions in management interfaces and support channels: Restrict access through use of Active Directory controls
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: NHS Digital data security and protection toolkit - Cyber Essentials Plus
• Information security policies and processes: Policies and processes as per Cyber Essentials Plus accreditation. Policies include:; Data Protection Policy; Electronic Communications Policy; Incident Response Policy; Information Governance Policy; Information Sensitivity Policy; Network Security Policy; UK GDPR Training Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: ITIL change and configuration management
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: SIEM - this software provides valuable insights into potential security threats through a centralized collection and analysis of normalized security data pulled from a variety of systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As per Cyber Essentials Plus credentials
• Incident management type: Supplier-defined controls
• Incident management approach: ITIL change and configuration management

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Using a server farm removes our reliance on individual servers. Digital delivery with clients reduces our scope 3 emissions. We can offset out CO2e, compliant with UKGBC guidance.

  Covid-19 recovery

  We can offer business support/advice to local SME/MSMEs within each contract to support local businesses.

  Tackling economic inequality

  Attain can offer localised social value initiatives in line with the value of the contract e.g., CV and career advice in deprived schools in the contracted area.; We use Population Health Management information as part of our dashboards to ensure any workforce initiatives can reduce barriers to access to meaningful work for local people.

  Equal opportunity

  The Command Centre includes demographic information, to support targeted workforce initiatives, include EDI information. ; Attain can offer localised social value initiatives in line with the value of the contract e.g., CV and career advice in deprived schools in the contracted area.

  Wellbeing

  Workforce analysis can inform qualitative analysis on staff’s concerns, creating targeted initiatives to improve Health and Wellbeing. ; We have an Equality Diversity and Inclusion strategy to ensure we recruit, retain and support our staff, and informs how we work with clients in line with our values

Pricing

• Price: £30,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We provide free demos of the service to illustrate the tool and the value that is offers to customers.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at CommercialBidSupport@Attain.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.