Skip to main content

Help us improve the Digital Marketplace - send your feedback

Cinnamon Digital Applications Limited

Digital Staff Vaccinations

Digital Immunisation software for managing NHS vaccinations for staff:

- Easily record vaccinations for any programme (Flu, Covid etc.)
- Linked to ESR for full coverage
- Simple and intuitive
- Online clinic booking module included
- Options for non substantive staff
- Realtime automated reporting using ESR Hierachy

Features

  • Linked to ESR to ensure full coverage
  • Available on any device
  • Use with just an internet connection - no local hosting
  • In built security
  • Real time reporting of compliance
  • Easily record and report staff opt outs
  • Full clinic module for self-booking appointments
  • Data output for use in electronic clinical records
  • Interoperability with other systems
  • Simple and easy to use for all staff

Benefits

  • Easily record outcomes for all staff
  • Reduced vaccine waste
  • No paperwork!
  • Data exports for NIVS
  • No hassle for staff
  • Accessible anytime using any device
  • Zero IG breaches
  • Better relationships with stakeholders
  • Significant time savings for your nurses
  • Complete real-time reporting solution

Pricing

£7,225 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at support@cinnamondigitalapplications.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 3 7 4 7 5 0 4 5 6 0 8 5 8 6

Contact

Cinnamon Digital Applications Limited William Aspinall
Telephone: 07789483562
Email: support@cinnamondigitalapplications.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No known constraints.
System requirements
  • Windows 10 minimum
  • Internet connectivity

User support

Email or online ticketing support
Email or online ticketing
Support response times
Same day response to all helpdesk queries logged between 9-5 Monday to Friday (excluding bank holidays).
All queries logged outside of these hours will be answered the next working day.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
Customers fully supported by Monday to Friday service desk for queries and standard break fix. Emergency on call service for out of hours.
Support available to third parties
No

Onboarding and offboarding

Getting started
All customers benefit from onsite deployment support. Our on boarding model ensures that customers feel confident using our software and that products are fully customised to meet customer requirements.

This includes;

1. Full review of standard build and customisation to meet local requirements.
2. Provision of test environment for local testing and training.
3. Onsite training for core users.
4. User documentation
5. Offsite webinars for remote training
6. Mon-Fri service desk support
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data is fully extracted from our systems by our administrators and transferred to customers securely via encrypted email or other means in text file format (csv, txt etc.)
End-of-contract process
Towards the end of a contact term, we will provide a customer exit plan. This will set out exit governance and the activities required in the final months of the contract.

The exit plan will identify assets to be transferred and any data migration requirements. It will also outline how this will be managed and any ongoing requirement for the suppliers software at the end of the contract term. The exit plan will set out the suppliers chargeable services and how these are agreed between the parties including timing. At the end of the contract all data is securely returned to customers. Data is deleted from our systems. All customer content is removed from our active servers.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No difference between mobile and desktop services. Page scaling enabled to customise user views on any device.
Service interface
No
User support accessibility
WCAG 2.1 A
API
Yes
What users can and can't do using the API
API set up is carried out by the supplier. The API provides a full dataset containing all information stored in the application.
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All consent forms can be fully customised. This includes; questions, branding, formatting and assigned logic.

Scaling

Independence of resources
All customer applications are provided using their own instance. Each instance is automatically scaled to ensure peak demand doesn't affect service performance. This includes memory and disk space.

Analytics

Service usage metrics
Yes
Metrics types
Full analysis of completed consent forms.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
A restricted administration account is provided to each customer. This account can be used to generate a full database export of all data to .csv file.
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Our agreed SLA uptime is 99%. We measure this using our cloud service dashboard.

We will provide service credits where the availability service level is not achieved:

Availability Service Credit
99% - 0%
95% - 2.5%
90% - 5%
Less than 90% - 10%

This excludes permitted downtime (4 hours per month) or any separate agreement with the customer.
Approach to resilience
All application deployments are configured to use their own instance. This means that each deployment is wholly separate from others.

Our architecture is designed to eliminate cross-customer interactions. This means that we reduce the risk of security breaches and improve resilience for each and every customer.
Outage reporting
We will contact customers directly to report all outages through pre-agreed channels.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
We use role based access controls. All roles and user profiles are agreed in the scoping sessions with customers.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
As a micro company, all staff are fully vetted through a comprehensive recruitment process.
Our staff are fully trained in information security standards and are expected to adhere to the company information security policy at all times.
Our policy covers all the key requirements of GDPR.
Information security policies and processes
Board level Information Security Officer.

Quarterly review of Information Security Compliance and standards on all active customer projects.
Staff are required to complete annual IS mandatory training.
Spot checks on employees and processes.
Non compliance is dealt with formally through our HR processes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All software configuration is managed through our in house configuration portal. This ensures our developers have access to the most up to date information about the functional specification and all change management history.

All code, scripts, modules and components are assessed during the development cycle for security impacts. This includes third party vetting and assurance.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Our company has a board to floor risk management and assurance policy. All active risks are recorded on the company risk register with appropriate mitigations.
Our infrastructure is managed by a third party (Microsoft) who assess, mitigate and manage threats and vulnerabilities on our behalf. All server maintenance including patching is conducted by Microsoft in accordance with their release schedule.

Our company subscribe to the national UK CARECERT system to receive warning of potential threats and vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Database and server logs are monitored using real time dashboards to identify potential compromises.

If a potential compromise is identified we will immediately work with any affected customer to close down the breach and return the service to normal operating standards.

Any breach would be considered a serious incident and would trigger an internal company review.
Incident management type
Supplier-defined controls
Incident management approach
Customers are advised to report all incidents to our service desk. Incident management will depend on the severity x impact.

Incident reporting can be provided to customers on request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Introduction of our system has a significant impact on greenhouse gas emissions and contributes greatly towards net zero greenhouse gas emissions. Our systems and processes have multiple environmental benefits that cannot be overstated. These include;

Elimination of paper from immunisation pathway
Significant reduction in transport time and fuel
Reduced vaccine wastage because of accurate daily school lists
Reduced administration
Streamlined immunisation sessions in schools
Zero on-site storage for paper records
Fully hosted and managed in the Microsoft Cloud so efficiencies in IT hardware provision with carbon offsets
Reduced errors and re-work

Our main supplier Microsoft is committed to be carbon negative by 2030. Cinnamon Digital Applications Limited is committed to reducing our environmental impact. We have taken the following actions to support that commitment:

Purchase green electricity to power the buildings we operate in
Create our own energy using solar panels on the buildings we operate in
Only lease electric cars for our employees
Increase recycling
Provide time for our employees to contribute to local environment groups including habitat creation and tree planting
Eliminate paper from our offices and processes

Covid-19 recovery

Add something here
Cinnamon Digital Applications Limited only contracts with suppliers based in the UK. We only contract with suppliers that have shown a full commitment to eliminating modern slavery.

Tackling economic inequality

Cinnamon Digital Applications Limited only contracts with suppliers based in the UK. We only contract with suppliers that have shown a full commitment to eliminating modern slavery.

As a micro company we have a full understanding of our external contracts with third parties and regularly review these to ensure they are fit for purpose.

Equal opportunity

Cinnamon Digital Applications Limited has taken steps to increase the representation of disabled people in the workplace. This includes;

Equality and Diversity training for all staff
Provision of home allowance to improve home based working environment
Paid leave for all healthcare appointments

Wellbeing

Cinnamon Digital Applications Limited is a micro company. We are proud of our staff. Their well being and happiness at work is our main priority. We are a fully inclusive team and because of that all of our staff are working towards the same goals.

We are fully committed to the Mental Health at Work Commitment and the six standards in the pledge.

All our staff are encouraged to prioritise their mental health and we proactively promote an open culture where our staff are encouraged and supported with tools and time to maintain positive mental health outcomes.

Cinnamon Digital Applications Limited is proud of our community engagement activities. As a small company we have a responsibility to our staff, their families and their local communities.

We support local charities and groups with donations of time and money. We provide time for our staff to attend volunteering opportunities including tree planting and bereavement support.

During covid we dontated a signicant sum to a local school to purchase hardware to support remote learning for underprivilaged children.

In 2024 we aim to finalise a sponsorship scheme to sponsor local young people attend Higher Education to study coding as a career path. We are proud of this aim and are comitted to making it happen.

Pricing

Price
£7,225 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at support@cinnamondigitalapplications.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.