JC Applications Development Limited

JCAD LACHS Claims Management Software

JCAD LACHS is a software solution for the improved management and reporting of insurance claims data. Data can be collected via a web form and there are a number or reporting tools available including export via API.

Features

• Claims handling software
• Address look-up, search & find function
• Dashboards
• API to enable enhanced reporting in BI tools
• 100 client configurable custom fields
• Realtime notifications and triggers
• Full 0365 email integration and document bundling
• GDPR claim anonymisation
• Claims litigation workflows
• Drag and drop

Benefits

• Faster claims processing through paperless office
• Improved accuracy and consistency of data
• Powerful & flexible reporting
• Maintain access to historic data
• Reduce claims and premiums
• Quick implementation
• Improved analysis of patterns and trends
• Great training and consultancy services
• Annual reviews with Account Manager
• Take advantage of additional modules

£600 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phil@jcad.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

420630800253011

Contact

Phil Walden
01730 712027
phil@jcad.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements: Edge, Chrome, Firefox and Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support desk runs 9 - 5.30 Monday through Friday. We guarantee immediate acknowledgement and fix within 4 hours. If this is not possible we keep the client informed and there is a defined escalation process that is followed for serious issues that can not be resolved within 24 hours. ; We also have a specific SLA that details support times for hosted products.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is a feature of our CRM system, Hubspot. Anyone using our website is able to ask a question. This feature is monitored by JCAD (through an alerts facility) to ensure timely responses are provided.
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: SLA for response times is based upon severity level.; ; Low - Within 24 hours; Medium - Within 24 hours; High - Within 8 hours; Critical/Significant customer impact - Within 4 Hours; ; Costs for the support detailed above are included within our maintenance fee.; ; Each client will have access to an Implementation Consultant and an Account Manager as well as the dedicated support desk. Should the issue lie with our hosting partners then JCAD will work with them to resolve.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Due to the nature of the system being "off the shelf" we adopt a standard approach to implementation which means that it can be achieved quickly and with a low resource from the client.; ; The basic approach is as follows.; ; 1. Pre-implementation meeting (remote or onsite) with assigned JCAD consultant to discuss data migration and to agree timeframes and responsibilities.; 2. Data migration takes place and JCAD make available the prototype database. The database is cleansed and validated during this process of migration.; 3. Client undertakes UAT on the back of some basic training and with reference to online resources; 4. Amendments are incorporated into the definitive database production; 5. Further training provided (remote or onsite); 6. System goes LIVE; 7. Once the main system goes LIVE we then move on to optional modules such as online claim forms, Claims Portal integration, asset registers, automated data uploads etc. ; 8. During implementation liaison with in-house IT is limited to O356 integration and security features such as MFA, IP whitelisting; ; We would normally expect an implementation to GO LIVE within 8 - 16 weeks.; ; Online documentation is provided as part of the system and includes instructional training videos.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • Other
• Other documentation formats:
  • Online help
  • Video
• End-of-contract data extraction: Data is extracted by the client in Excel format. If necessary JCAD can provide assistance with this but professional services may then be involved if it is more than the provision of a .csv or .xls format of record and action data.
• End-of-contract process: Once the contract is terminated, all access to the cloud service will be denied. If requested within 90 days of termination JCAD will provide a data export (at no charge) of claims data in .csv, html or Excel format. If additional records such as documents, emails and actions are also required a charge will be made for the associated professional services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The application can be accessed from smart phone or desktop but the user interface changes appropriately dependant upon screen size.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The API allows the user/organisation to retrieve data over a secure connection for reporting purposes with applications such as Power BI or Microsoft Excel
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: We operate in the MS Azure environment - Segregated customer instances have ringfenced resources to ensure that one customer doesn't take up a disproportionate amount of a single resource.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics such as who logged in, when they logged in and what they accessed are available as a report.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If necessary then data can be easily exported from the system into Excel via custom reporting or using data exports from the Find module with user configurable data views. This takes the fields & data within that view and exports directly to Excel. Graphs within the interactive dashboard can be output to images. Exports can be performed from claims, claimants, payments, diary, as well as from property, motor and content assets.; ; The API can also be used to extract data in to the relevant BI tool available at client site.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Pdf
  • Word
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Azure infrastructure has 100% network uptime availability. We aim to provided 99.99% application availability outside schedule maintenance windows.
• Approach to resilience: Available on request
• Outage reporting: Email alerts in the event of an outage

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: IP restrictions can be applied to restrict access to the application from specific IP ranges.
• Access restrictions in management interfaces and support channels: Access is restricted to designated support staff at a level required for them to perform their role. A escalation process in place whereby senior staff can also interface if needed.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 25/03/2024
• What the ISO/IEC 27001 doesn’t cover: We are compliant with all elements of the ISO27001:2022 standard.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: JCAD is independently certified ISO27001:2022 and ISO9001:2015 and also Cyber Essentials Plus standard.
• Information security policies and processes: We have an information security policy which is applied by our consultants when working with client data. The same policy is used in relation to our own data.; ; Our Head of Operations and MD are responsible for each of these respectively. Any breaches or issues will be reported to one of them.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All our services are monitored through threshold capacity monitoring on CPU, RAM, HDD and server availability monitoring with live SMS and email notification to support staff.; ; Any server changes go through a change control and risk assessment process and are logged.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our servers have independent penetration tests performed to highlight any potential vulnerabilities.; Patches are can be deployed within a short period of time to address any vulnerabilities.; Potential threat information is obtained from best practice review and industry focus based literature.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises can be highlighted by industry focus literature, client feedback, penetration testing. Any potential compromise will be reviewed for mitigation requirements and based up the level of risk addressed within a short period.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are recorded and assessed for root cause, resolution actions and resolution effectiveness. Common events are handled by our support team and incident tracking systems. Users can report incidents to our support team by phone or email during support hours.; As part of ISO27001:2022 our incident reporting policies and procedures are recorded and actioned routinely should they occur. ; JCAD have a Information & Security Policy that includes details of our incident management approach.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  A 2018 study found that using the Microsoft Azure cloud platform can be up to 93 percent more energy efficient and up to 98 percent more carbon efficient than on-premises solutions. This is why JCAD have partnered with Microsoft.; ; Within our organisation cloud computing and remote working have reduced emissions from less travelling to and from the office and a reduction in other forms of business travel.; ; JCAD also look to our supply chain to increase sustainability and reduce our carbon footprint.

Pricing

• Price: £600 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at phil@jcad.com. Tell them what format you need. It will help if you say what assistive technology you use.