Skip to main content

Help us improve the Digital Marketplace - send your feedback

CLEO SYSTEMS 24 LTD

Standalone and Integrated Electronic Prescribing System

CLEO SOLO EPS is an Electronic Prescribing Solution for Urgent Care and Outpatient Prescribing settings. Developed as a Covid-19 response to enable instant e-prescribing capability, using FHIR messaging standards, CLEO SOLO EPS gives clinicians instant prescribing capability without the need for any systems integration.

Features

  • Standalone or Integrated Electronic Prescribing System
  • Configurable formulary search, able to utilise Multilex and DM+D
  • Supports the use of multiple cost codes across a service
  • Prescription ID Confirmation sent via SMS to the patient
  • Inutitive to use, requiring only a 5 minutes of training
  • Used in a variety of clinical secondary care outpatient settings

Benefits

  • Electronically dispense to a pharmacy of the patient’s choice
  • Reduction of incidents including lost/stolen/illegible FP10s
  • Reduction in travelling for patients to collect paper prescriptions
  • Flexibility for prescribers such as prescribing out of hours
  • Ability to prescribe quickly in an emergency
  • Reduction in travel time and processing time for prescribers
  • Reduction in time spent by staff ordering FP10 Prescription pads
  • Reduction in stationary costs

Pricing

£38,145 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.burton@cleosystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 1 9 6 7 3 3 2 1 0 4 0 5 4 2

Contact

CLEO SYSTEMS 24 LTD Richard Burton
Telephone: 07753 902650
Email: richard.burton@cleosystems.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
Users must have Smartcard access, have reliable and functional devices to run the service, and pass all Acceptance Testing locally.
System requirements
  • Windows 10 1709 onwards
  • Dual Core 2Ghz processor or faster
  • Minimum Memory dedicated to CLEO 512MB (usually uses 240mb)
  • Optimal resolution of 1920x1080 (lower resolutions involve scrolling)
  • Install space 100MB per user
  • .net Framework 4.8 runtime
  • NHS Digital Identity Agent V2 onwards
  • Java Runtime Environment V8 32bit (requirement of NHS Identity Agent)
  • Gemalto Middleware (requirement of NHS Identity Agent)
  • Health and Social Care Network (“HSCN”) Connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 1 hour for critical issues (phone only), within 8 for questions.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
CLEO Systems exercise reasonable endeavours to respond to reports of Incident Service Levels in accordance with: P1 - 1 hour Critical, system down, complete loss of connectivity and/or service for all users - 4 Business Hours for fix or agreed work around. P2 - 2 hours High priority, major component of the client ability to operate, is affected. Loss of connectivity and/or service for some users. System or device fault which has a major impact on service performance or availability - 8 Business Hours for fix or agreed work around. P3 - 8 hours Core business unaffected but the issue is affecting multiple users. Problem or fault which has moderate impact on service but is not business critical - 3 Business Days for fix or agreed work around. P4 - 8 hours The issue is inconvenient but affecting limited number of users and/or workarounds are available. Problem or fault which has minor impact on service but requires resolution - 7 Business Days for fix or agreed work around. The guaranteed availability for our service is 99.9%.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
CLEO Systems provide the following services to onboard new users: - An initial demo to provide an overview of the system. - An online "live" training session, that can be recorded for future use. - An end user training guide. - An Administrator's training guide. - Weekly project calls to discuss actions, issues, risks and track milestone progress. - Technical workshops. - Train the Trainer sessions. - Post go-live support.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
CLEO Systems will create handover documentation to ensure knowledge transfer if that is deemed as required by the customer. Data will be transferred via SFTP in CSV format at the date agreed in conjunction with your contractual notice period. Data will be deleted supplier side after the SFTP file has been submitted, at an agreed date no longer than 3 months after contract expiry, including a certificate of completion.
End-of-contract process
CLEO Systems has adopted the retention periods set out in the Records Management Code of Practice for Health and Social Care 2016, Appendix 3. The retention schedule will be reviewed annually or as necessary to reflect changes in law. All data storage devices are purged of sensitive data before disposal. Where this is not possible, the equipment or media is destroyed by a technical WEEE service provider and a destruction certificate received. This is arranged with the CLEO IG Team to be logged accordingly. Any data that needs to be retained by the buyer, should be requested in writing. If data extracts are required for any purpose, then these may be subject to additional costs. Exit plans will be executed in accordance with the notice time period within your contract, either early or upon natural contract expiry, following which: CLEO Systems will switch off CLEO services at the date agreed in conjunction with your contractual notice period and data extractions will take place, as described above.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The interface is an intuitive, easy-to-use system designed to be familiar to healthcare professionals. We use straightforward navigation for the system, laid out in a sensible manner for optimal use.
Accessibility standards
None or don’t know
Description of accessibility
CLEO SOLO EPS has been developed to enable instant prescribing, using FHIR messaging standards, meaning clinicians can prescribe using seamless spine integration, in a variety of settings. Intuitive to use with only a 5-minute instruction video covering everything needed for your clinician to get going.
Accessibility testing
None at this point.
API
Yes
What users can and can't do using the API
INCOMING
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users with admin rights are able to add sites, setup users and make many other changes that will be run through by the account manager and trainers.

Scaling

Independence of resources
Proactive monitoring is in place, which alerts in real time should services meet thresholds that we have set and that we do proactively monitor (during a daily meeting) this to ensure our resources.

Capacity management is undertaken to ensure when new contracts are awarded, the planning of required resources is factored into the infrastructure builds.

Load balanced servers ensure capacity needs are spread across the data centres.

Analytics

Service usage metrics
Yes
Metrics types
We provide a regular export of all data and usage, available via SFTP which can be incorporated into a data warehouse or dashboard - this can be setup to view whatever metrics are preferred and is fully auditable.
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We provide the export of user data as a service.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
CLEO Systems guarantee the availability of our systems at 99.9%. In the unlikely event that this level of service is not met, then any refunds accrued would be as defined in the individual contracts that we agree with our customers.
Approach to resilience
Resiliency is built into the regional data centres that have availability zones.

Further information is available on request.
Outage reporting
In the rare event of a service wide outage occurring, our defined process states the following:

The first step we undertake is to identify the severity of the outage, as this helps us communicate the precise details to our service users. In the even that the outage is caused by a third party, we would seek information from them to distribute.

A service support lead would be identified, and they would be responsible in managing the team through the execution of the resolution plan and communications to our service users.

Any workarounds available to our service users should be included in our communications.

All notifications to our service users would be to their nominated contacts email addresses, as defined during the onboarding of their service. A service status webpage will also be made available.

The notification will include:
• Services affected
• Severity level
• Issue description
• Actions required
• Next update timing
• Additional details (if any)
• Steps already completed

As per our standard processes, following any high severity support incident, a full report will be created and shared with affected service users.

Identity and authentication

User authentication needed
Yes
User authentication
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is managed through permissions and role based controls, which are managed by Admin users. In addition to this, access to NHS Spine Services are control through end user Smartcards which have specific roles and activities applied. Access to our support channels is managed through having named users that are set up on our Support Portal, with usernames and passwords.
Access restriction testing frequency
Less than once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
12/06/2023
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
NHS Data Security and Protection Toolkit certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We fully support the principles of governance and recognises its public accountability, but equally places importance on the confidentiality of, and the security arrangements to safeguard, information about patients and colleagues. To do this, we abide by these principles: • To protect our computer systems from misuse and to minimise the impact of service breaks through compliance with the standard ISO27001/2 and the development procedures to manage and enforce this. • Will ensure that the Health Records within its control are held, retained, and disposed of, in accordance with the guidance in Records Management: NHS Code of Practice. • We will ensure that all information recorded by ourselves is accurate, complete and available appropriately, and we will use all appropriate means to ensure that it complies with the relevant Data. • Protection legislation, including The Data Protection Act, The UK General Data Protection Regulation and associated Codes of Practice issued by the Information Commissioner’s Office. • CLEO are also Cyber Essentials Plus and DSPT certified. CLEO’s Chief Executive Officer has responsibility for the Data Security & Protection Policy. The implementation of, and compliance with, is delegated to the SIRO, the Caldicott Guardian and the Data Protection Officer (DPO).

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We begin with understanding why the change is needed, what will be different, what needs to happen, measuring risks associated with the change and how improvements can be measured.
The details must then be recorded using a Change Control form, which captures the reasons for the change, what the change entails, all security considerations, key dates, plus the associated risks/costs. This is then reviewed with the Change Management Board. The Board will determine if the change can proceed.
Following the change, results will be monitored, and key learning will be recorded.
If successful, the change can then be fully adopted.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We receive regular CareCert alerts regarding software and application vulnerabilities from NHS England and key suppliers. We are mandated to patch any high CareCert alerts within 14 days and critical within 72 hours. We have a weekly Security meeting where we track all pending CareCert actions and assess risks. We also have active monitoring in place – using an Enterprise SEIM and SOC solution that informs us of potential threats.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We receive regular CareCert alerts regarding software and application vulnerabilities from NHS England and key suppliers.

We are mandated to patch any high CareCert alerts within 14 days and critical within 72 hours.

We have a weekly Security meeting where we track all pending CareCert actions and assess risks.

We also have active monitoring in place – using an Enterprise SEIM and SOC solution that informs us of potential threats.
Incident management type
Supplier-defined controls
Incident management approach
Incidents can be reported to our Service Desk via the customer portal, by email or by telephone. All incidents are logged within our Service Desk application and progress can then be tracked. The priority of the incident will be agreed between the Service Desk and our customers. Our Service Desk team are fully trained on all aspects of our applications and have pre-defined processes for managing incidents. Our service desk will issue Service Incident Reports as required and in accordance with contractual agreements.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

Fighting climate change

Fighting climate change

We embrace the requirement to achieve sustainability and add social value as defined in the Social Value Act 2012. We will make a continued difference across the UK through the provision of services that have a positive impact on people’s lives, on a personal and community level. Wherever possible, we will also prioritise the use of sustainable business practices, which will minimise negative impacts on the environment while making the best use of resources.
Our commitment to social value is demonstrated by our Group Gold Social Enterprise Mark - this is the highest level of Social Enterprise, awarded following a robust independent review. The Social Enterprise Gold Mark evidences best practice in key points across three key areas including governance, business ethics and financial transparency. We work within a set of values and principles that are underpinned by a responsibility to the different communities in which we operate. Our group has gained compliance with the UK Government Energy Savings Opportunity Scheme (ESOS) Phases 1 & 2 with the Environment Agency. The ESOS Scheme runs in four-year phases, we are now in Phase 3. Because of the work undertaken to comply with ESOS we have identified at least 90% of energy use throughout the organisation and made recommendations to save on its use. We record emissions that we can directly control (our Carbon Footprint) to support the NHS in their Net Zero Plan/Green Plan

Pricing

Price
£38,145 an instance a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at richard.burton@cleosystems.com. Tell them what format you need. It will help if you say what assistive technology you use.