SHREWD Resilience
SHREWD Resilience shows the operational situation of local urgent care systems as a simple view in real-time. Users can quickly and easily identify where the pressure is across the health system, why it is happening and the actions required, to support the implementation and effectiveness of a System Coordination Centre
Features
- Real time whole system view of urgent and emergency care
- Simple and intuitive visual management user interface
- Designed to support the development of System Co-ordination Centres
- Browser based so no additional hardware costs
- Decision making in real time rather than on historical data
- Supports A&E, MIU, Ambulance, 111, social care and community services
- Personalised dashboard for each user and organisation
- Web interface and smartphone app for iphone, android and windows
- Ability to set up individual alerts via SMS
- Supports variety of automated and manual data feeds as required
Benefits
- Reduce pressure on urgent and emergency care and A&E departments
- Easily identify where pressure exists across the health system
- Drill down into granular detail of why pressure exists
- Make effective decisions in time to resolve problems
- Transform working practice and save money
- Reduce breaches and associated costs
- Improves efficiency by making use of under-utilised urgent care capacity
- Improves resilience of the urgent care system, easing winter pressures
- Significantly reduces meeting time and conference call durations
- Visibility across geographical boundaries provides more options to relieve pressure
Pricing
£30,000 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
4 3 5 5 4 0 0 0 6 6 4 4 8 5 1
Contact
VITALHUB UK LIMITED
Colin Garrod
Telephone: +44 (0)203 397 6626
Email: colin.garrod@vitalhub.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- The application requires AHSN connectivity for health specific use and users should have nhs.net email addresses or NHS approved equivalents. The data used is publicly available and non-patient identifiable but data sharing agreements should be put in place between the organisations within the local health community. The data is best provided via a web service or API (other options such as csv / manual upload available) so a degree of integration knowledge is useful, however full support can be provided.
- System requirements
-
- Current compatible browser
- Internet connection (2mbps minimum, 5mbps recommended )
- Users must have nhs.net email address (or NHS approved equivalent)
- Capability to extract data from sources (e.g. API, webservice)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
The manned helpdesk (telephone and email) is available 08.30 to 17.00 Monday to Friday as well as an online portal called Freshdesk 24/7. Priority and timescale
1 (High) : Full system outage – no users at all can use the system. Response: Resolve 4 hours.
2 (Medium) : Partial system outage – a significant number of users are affected: Resolve: 1 business day
3 (Low): Minor – a handful of users or a part of the system is not working to Specification: Resolve 3 business days
4 (Query) : Minimal impact: Resolve 20 business days - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Ongoing technical support and a dedicated account manager is included within the monthly fees for the provision of the application. This includes the standard SLAs as follows:
Telephone and email helpdesk 08.30 to 17.00 Monday to Friday.
Priority and timescale
1 (High) : Full system outage – no users at all can use the system. Response: 10 mins. Resolve 4 hours.
2 (Medium) : Partial system outage – a significant number of users are affected. Response 10 mins. Resolve: 1 business day
3 (Low): Minor – a handful of users or a part of the system is not working to Specification. Response: 10 mins. Resolve 1 business day
4 (Query) : Minimal impact. Response; 3 business days. Resolve 20 business days.
Initial set up and additional training, integration and development services are available as per the rate card provided. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Customers receive a detailed Welcome Pack which outlines the implementation process for the product. A detailed and customised implementation project plan is then drawn up. This includes two days of training for users built into the Appropriate point. Each Urgent Care System agency is invited to nominate a superuser who receives comprehensive training in all aspects of the system. They will cascade training within their agency and become the first point of contact for questions and issues from within that agency. The help desk is also available for enquiries regarding use of the system. Documentation and video training is available via the application for users to access.
- Service documentation
- Yes
- Documentation formats
-
- ODF
- Other
- Other documentation formats
- Microsoftword.doc
- End-of-contract data extraction
- All raw data is real-time and publicly available while retained by the source organisation(s). All data provided over the duration the contract could be provided as a CSV at contract end. Other formats available at additional cost.
- End-of-contract process
- Source data feeds are switched off and accounts suspended.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- MacOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Functionality is the same across both mobile and web platforms, except where data analysis and reporting functionality is reduced by individual mobile device capabilities (e.g. limited memory). There are dedicated mobile versions for iphone and android platforms.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- SHREWD Web APIs is used by various NHS data providers to Push anonymous indicators data into SHREWD database, where indicators data contains three fields (IndicatorId, Current Values and Date Timestamp).
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- None (data is presented in visual formats in order to simplify complex system wide events and does not therefore support some assistive technologies)
- API
- Yes
- What users can and can't do using the API
- SHREWD Web APIs is used by various NHS data providers to Push anonymous indicators data into SHREWD database, where indicators data contains three fields (IndicatorId, Current Values and Date Timestamp). Customers can extract data using a RESTful API.
- API documentation
- Yes
- API documentation formats
-
- ODF
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Indicators used for personable dashboard and resulting alerts are user configured. The implementation co production approach allows dashboards to be custom designed for each user group.
Scaling
- Independence of resources
- Our primary servers are on a managed cloud provision. We have application and server monitoring in place to monitor the resource usages to automatic alerts in place to provision new resources when there is a need for more resources.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Users/Agencies/Indicators usage/breakdown/performance metrics, Indicator update frequency/breakdown/total metrics, Features usage metrics.
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Via the application menu, a user can select various export options including format (as below) and which specific indicator they wish included in the export. Bespoke exports may be available at additional cost.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- .xls
- SQL
- Data import formats
-
- CSV
- Other
- Other data import formats
- .xls
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Other
- Other protection between networks
- The primary datastore is replicated across networks using SSL. File based data transfers are password locked and encryption done using private/public key encryption algorithm.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- The primary datastore is replicated using SSL. File based data transfers are password locked and encryption done using private/public key encryption algorithm on top of TLS.
Availability and resilience
- Guaranteed availability
- Planned maintenance is undertaken outside business hours. As the service is charged on a 'pay as you use' basis, any unplanned outages would be refunded at a pro-rata percentage for unavailability in business hours.
- Approach to resilience
- Non-Disclosure Agreements are in place with all of hosting provider suppliers. A risk assessment is undertaken for each supplier, with any required actions (which can include the supplier being subject to a security audit by the hosting provider) are conducted and managed by the Director for Supplier Management in conjunction with the Security Manager. All suppliers are audited as part of ISO 27001 third party audit policies, which are in turn assessed by qualified and impartial third party ISO 27001 compliance assessors. Due diligence is performed on any security impacting third parties prior to selection and appropriate security requirements are built into contractual agreement where necessary. All strategic suppliers are assessed for their Business Continuity provision. Once reviewed the results of the assessment are analysed to assess the supply chain risk with regard to business continuity. Those suppliers considered to be inadequately prepared to deal with a BC scenario affecting their own organisation, which could therefore impact on the hosting provider to continue normal service operations, will be subject to further auditing, via a more detailed questionnaire or onsite at their premises. Third party suppliers are audited at least annually, with a shorter (quarterly) audit cycle for critical suppliers.
- Outage reporting
- When service has a disruption or outage, we notify the users through emails.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Limited access network (for example PSN)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to accounts that are created by internal admins is limited. Created accounts use two factor authentication to be able to access the interface.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 6 months and 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 6 months and 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Complies with NHS Data Security Protection Toolkit (DSPT). Policies and processes followed or used include: Email Policy, Information Asset Register, Information Asset Access Control Policy, IG Steering Group Roles and Responsibilities, Terms of Reference for Information Governance Steering Group, Physical Security Checklist, IG Awareness and Basic Training for new staff, Annual IG Refresher Training for all staff, Network Security Policy, Information Security Policy, Compliance Audit Checklist, Remote Access Policy, Mobile Computing & Teleworking Policy, Assignment of Mobile Computing Form, Portable Devices Standard Operating Procedure, Risk Assessment Impact, Incident Management Procedure, Business Continuity Management Policy, IT Disaster Recovery Plan and Business Impact Analysis Report among others. All documents pertaining to Information Governance are available and accessible to all members of staff on the company intranet. The reporting structure entails that all staff report any and all incidents to the IG Lead, who works closely with the appointed SIRO, IAO and Caldicott Guardian. Spot checks are carried out quarterly, IG refresher training courses are undertaken annually with an IG assessment carried out at the end of the year to ensure staff remain IG aware.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Processes are in place to ensure that all changes to the system are authorised and tested prior to being employed. These are compliant with the relevant aspects of NHS Data Security Protection Toolkit. To track components of services over time, version control is enforced and access control records are kept and monitored. All change requests are documented and assessed. All staff are trained on operational procedures maintained on the company intranet, including: Access Control and Password Management Procedures, Change Control Process, Privacy Impact Assessment & IG Checklist, Project and Change Management Control Plan, Network Security Policy and Information Security Policy.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Risk assessments to identify and mitigate issues are carried out as part of a process that is compliant with the relevant aspects of NHS Data Security and Protection Toolkit i.e. Information Security Assurance, Incident Management and Investigation.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Measures are put in place to detect any attacks or unauthorised activity as part of a process compliant with the relevant aspects of the NHS Data Security and Protection Toolkit i.e. Information Security Assurance, Incident Management and Investigation. Potential threats to our services are assessed through employing a 'listener', upon the detection of a threat the relevant IP address is immediately isolated and blocked, whilst a potential threat to our software products is monitored and curtailed immediately with patches deployed automatically to the affected areas.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Procedures are in place to ensure incidents are dealt with immediately to recover a secure and available service. The guidelines apply to all staff and include:All incidents must be reported to a line manager and/or IG lead immediately. An information incident report is then completed detailing; name of the individual reporting the incident, date of the incident, where the incident occurred, details of the incident and any initial actions taken, including who the incident has been reported to and the date the report is created. The line manager or IG lead investigate the incident and employ the necessary measures
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Health and Social Care Network (HSCN)
Social Value
- Equal opportunity
-
Equal opportunity
Transforming Systems have a corporate social responsibility to support charities and local initiatives. Each year our wider group selects two charities to support and help raise awareness and assist with fund raising activities as well as corporates service support in terms of marketing and business development help if required. We are renowned for working in partnership with the NHS and other private and public sector organisations. A number of our products have been co-developed and we are always working on proof of concept projects and sharing of new ideas including the participation of patient participation groups for the benefit of the community and patients residing therein.
We have a broader range of opportunities across the entirety of the business, and departments within it to offer apprenticeships. We have historically offered opportunities for work experience and apprenticeships across the UK, having affiliated links with universities and are dedicated in providing learning and development opportunities both to existing employees and potential new ones we hope to nurture and support.
We are able to offer virtual training courses which are designed to ensure staff readily understand and swiftly achieve a comprehensive knowledge of the system and are in the process of developing eLearning modules as well as a train the trainer approach to all new deployments.
We run a number of user groups across our customer base throughout the year which offers informal learning and networking opportunities with other people from across the UK and also more widely with our international partners to understand health challenges, solutions and approaches to problem solving more further afield.
Pricing
- Price
- £30,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No