Skip to main content

Help us improve the Digital Marketplace - send your feedback

NHS North of England Commissioning Support Unit (Hosted by NHS England)

NECS Appointment Booking System

This adaptable web-based system enables patients to schedule appointments for various commissioned tests, including Covid antigen/antibody tests, flu vaccinations, and other public health-related vaccination programs.

Features

  • Customise test availability based on region
  • Choose from different test settings such as on-site or drive-through
  • System generates and sends automated emails
  • Configure the number of tests available per site
  • Scalable web-based system for rapid expansion
  • Fully hosted, no need for software installation, ensuring quick implementation
  • Minimal training needed due to system's user-friendly interface
  • Developed by the NHS, tailored for NHS use
  • Option to include home testing delivery functionality
  • Capability to fulfil mass group test orders

Benefits

  • Access the booking system round the clock, 24/7
  • Utilise a web-based platform for convenient access
  • Streamlined and speedy test booking process
  • Specific entry points for both staff and patients
  • Easily adaptable to set up new test locations or schedules

Pricing

£30,000 a licence

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at necsu.busdev@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

4 4 3 8 6 9 3 0 5 0 5 3 5 6 3

Contact

NHS North of England Commissioning Support Unit (Hosted by NHS England) Business Development
Telephone: 0191 3751789
Email: necsu.busdev@nhs.net

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • For supported versions and browsers see Compatibility Matrix at help.k2.com
  • Azure Active Directory: K2 Cloud customers should use AAD authentication

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 working days
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
No
Support levels
Throughout the implementation phase, we will offer extensive support to the customer, ensuring a smooth transition. After the system is up and running, we will continue to provide robust maintenance and support, tailored to the customer's needs, along with comprehensive ongoing assistance, including wrap-around programme support as needed.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
NECS will provide virtual training sessions, along with various user guides relevant to the end user.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Customers can request a backup of their database at the end of the contract.
End-of-contract process
Upon contract completion, customers have the option to either renew their subscription or terminate it. If the contract expires or is terminated, customers can request a copy of all pertinent information/data stored in the system at that time. Environments and associated data will be securely removed 30 days after the agreement's termination.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Font size and lay-out scaled down for viewing on mobile devices.
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
Browser-based design tooling :

Design and Build
- Workflows
- SmartForms
- Integrations

Administration
- Security and Compliance
- Roles
- Permissions
- Reporting

Users
- Workspace
- Forms
- Mobile
- Reporting
Accessibility standards
None or don’t know
Description of accessibility
Non-text content is supported through the inclusion of text based values to ensure the information is accessible
Accessibility testing
We have not undertaken any interface testing with users of assistive technology.

Non-text content is supported through the inclusion of text based values to ensure the information is accessible
API
No
Customisation available
No

Scaling

Independence of resources
K2 Cloud operates on a scalable service that can adjust to short-term fluctuations in demand or long-term growth in usage and adoption. While it is currently deployed as a multi-tenant model, customer compute and data are segregated from those of other customers, ensuring isolation in both the compute and data storage tiers.

Analytics

Service usage metrics
Yes
Metrics types
Upon request, reports detailing the status of each process and their instances can be provided. These reports enable real-time monitoring of process information and facilitate the identification of trends for process improvement.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Standard TDE Azure SQL, full database encryption.
Optional database column encryption based on database engine (i.e. AES 256 on SQL Azure)
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
For an end user, The Testing System provide a capability to "Export to Excel" a list of results with filtering and paging options available. An export of a form displayed information can also be created in PDF format.
Data export formats
  • CSV
  • Other
Other data export formats
•Excel and CSV (via extensions)
Data import formats
  • CSV
  • Other
Other data import formats
Excel and CSV (via extensions)

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
NECS, via the K2 Cloud, provides customers with an Availability SLA of 99.9% within their production K2 Cloud tenant. Availability is defined as the ability for a customer to be able to access the production service environment irrespective of network connection or other intermediary issues outside of the control of K2. A Service Credit is available to customers should the K2 Cloud SLA not be met.
Approach to resilience
NECS via the K2 Cloud makes use of SQL Azure as data store. SQL Azure creates automatic geo-redundant database backups. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes. The backup storage geo-replication occurs based on the Azure Storage replication schedule – handled by Microsoft. The retention period for the database is 30 days. The above means that we can do any point-in-time restore of the data with a 10-minute accuracy within the last 30 days.
High availability (HA) is provided by default in the Production instance. Native Microsoft Azure capability is utilised in testing disaster failover (DR).

More details available in the K2 Cloud - Service Policies document. More details available on request
Outage reporting
The Testing System on the K2 Cloud is hosted on Azure datacenters. Azure status, planned maintenance and outages are reported via the website: https://azure.microsoft.com/en-gb/status. An RSS feed is available.
Communications channels to customers are via the K2 Cloud status page (status.onk2.com) as well as direct email notifications to subscription administrators.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
The K2 Management site allows you to manage your K2 environment and components such as workflows, worklist items, SmartObjects, users and security. These are administrative tasks that are performed by the K2 administrator. The Server Rights node is used to add, edit, remove and refresh Workflow server permissions for users or groups. These rights will determine which users and groups can administer a K2 workflow server, export new workflows or impersonate a user.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
26/04/22
What the ISO/IEC 27001 doesn’t cover
14.1.3 Protecting Application services transactions
14.2.1 Secure development policy
14.2.5 Secure development environment
14.2.6 Outsourced development
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
SOC 2 type II attestation report

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our policies and procedures ensure adherence to both UK and NSA law and professional requirements and are fully compliant with, but not limited to, the latest GDPR, Data Protection Act (DPA), Caldicott Principles and the 10 Data Security Standards (National Data Guardian). We hold an IG Toolkit score of Level 2 and the governance of our ICT service is underpinned by a workforce of engineers with ITIL version 3 certification. Whilst we have not sort formal certification for information security governance, the majority of our policies and procedures have been designed to adhere to ISO 27001 Security Standards.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Changes to the Cloud environment are tracked, approved, tested, and implemented in accordance with ISO27001 specification are are independently audited annually against SSAE 16 SOC2 standards for 12 previous months prior to the audit.
Changes by customers within the K2 Platform will be configured and operated by either customers or third party suppliers.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
K2 performs annual vulnerabilty testing internally and externally, as well as contracts out to a third party to perform an annual penetration test of the product and standard environment. These are conducted in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within an SOC2 type II report.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Monitoring is conducted within Azure and consolidated within Elasticsearch for analysis.
Monitoring activities are handled in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within an SOC2 type II report.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Customers can reach out to K2 support via web, phone or email to raise incidents. Incidents will be handled via K2's internal incident management policies and conducted in accordance with ISO27001 specifications. The processes are independently audited annually against SSAE 16 standards for the 12 previous months prior to the audit and reflected within an SOC2 type II report.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

NECS is dedicated to assisting customers, though the delivery of our services, in achieving their strategic and operational objectives and ultimately enhancing outcomes and efficiency.

Led by NECS' Organisational Development and Corporate Services Director our Corporate Social Responsibility (CSR) Group, is responsible for ensuring we meet our CSR Strategy. Our Strategy underscores our commitment to environmental sustainability. We aim to achieve 'Net Zero' carbon emissions, within our control, by 2040 and 'Net Zero' for emissions, we can influence, by 2045. To fulfil this pledge, we continually adapt our processes, harnessing digital platforms to minimise emissions and resource consumption.
To digitalise service delivery, we leverage tools like SharePoint and Microsoft Teams to create accessible real-time digital collaboration workspaces. This fosters seamless communication and enables sharing of insights, comments, and revisions, whilst minimising our carbon footprint.

By embracing digitalisation processes and Artificial Intelligence, we enhance efficiency, accessibility, and collaboration, while simultaneously reducing the environmental impact associated with traditional paper-based processes.

We continuously monitor and analyse our environmental impact, employing proven continuous improvement techniques to mitigate any increase in emissions or resource consumption.
We commit to a 20% reduction in our carbon footprint, a 30% decrease in paper consumption, and a 15% improvement in overall operational efficiency.

Our method statement includes implementing cloud-based project management tools, minimising in-person meetings through Microsoft Teams, reducing paper usage by adopting electronic documentation, optimising travel routes to minimise transportation emissions, and transparently monitoring and reporting on Key Performance Indicators for continual improvement.

Our healthcare procurement team ensures compliance with the Social Value Act 2012, considering economic, social, and environmental factors in commissioning services. We support clients to achieve health improvements, reduce health inequalities, and meet Net Zero and Carbon Reduction targets. Our team have gained invaluable knowledge and experience which we utilise when delivering our solutions.

Covid-19 recovery

As an integral part of the NHS, NECS played a pivotal role in supporting NHS England, Integrated Care Boards and Foundation Trusts in navigating and recovering from the challenges posed by COVID-19. We took a proactive approach in managing resources and internal capacity, ensuring our customers received the necessary support to alleviate pressure on services. Despite pandemic restrictions, our employees swiftly adapted to new working methods, embracing innovation to meet evolving demands.

We continue our commitment in supporting COVID-19 recovery efforts in several ways:
1. Providing Strategic Guidance: We offer guidance and support to navigate the complexities of COVID-19 recovery planning. This includes assisting the development and implementation of recover strategies tailored to each providers unique needs and challenges.
2. Delivering Operational Support: We provide operational support to help providers manage and recover from the impacts of COVID-19. This involves assisting with workforce planning, resource allocation and service redesign to meet challenging demands.
3. Facilitating Innovation: We encourage innovation in solution delivery to address the challenges posed by COVID-19. This includes supporting the adoption of digital solutions to improve efficiency.
4. Promoting Health and Well-being: Our mental health "first aiders" provide support and signposting to resources to promote physical and mental wellbeing. We collaborated with trade unions to develop a new framework for flexible working, reflecting our commitment to adaptability amidst COVID-19 and the recovery period. Our framework emphasises decentralisation from traditional office setups, prioritising wellbeing, and accelerating carbon footprint reduction efforts.

NECS is dedicated to playing a proactive and supportive role in COVID-19 recovery efforts, leveraging its expertise, resources, and partnerships to help provider organisations and communities emerge stronger from the pandemic. We are keen to share our experiences and best practices with both providers and customers, fostering collaborative efforts toward sustainability and efficiency.

Tackling economic inequality

NECS, as an NHS organisation, is guided by core values of professionalism, honesty, integrity, and high-performance standards. We prioritise both short-term objectives and long-term sustainability, striving for a balance between acquired skills, employment opportunities, and societal impact.

Embracing a culture of continuous learning, we offer an online platform with diverse courses for NECS employees and customers. We track participation and completion rates to inform future course offerings, aiming for an 8% annual increase in course completions over the next two years.

Recognising the importance of hands-on experience, we launched the NECS100 Programme for Graduate trainees and Apprenticeships in 2020. In the first year, this programme saw the recruitment of 100 graduates and apprentices into our organisation. We continue to increase apprenticeships and graduate trainee opportunities annually, ensuring diversity in recruitment and providing mentorship for knowledge sharing and skill development.

We conduct periodic assessments of staff skills and expertise to identify gaps and areas for improvement. Collaborating with contracting authorities helps us tailor services to evolving customer needs. Our Business Development Team and members of our Executive Team have access to HSJ intelligence, which is a digital platform offering real-time information exchange. This helps us anticipate market needs and adapt the services that we provide accordingly.

Feedback loops with customers provide insights into service effectiveness and emerging needs.

Our method statement outlines ongoing efforts to enhance online learning platforms, strengthen apprenticeship programs, conduct needs assessments, and address inequalities in skill development. Through measurable Key Performance Indicators, we ensure transparency, accountability, and adaptability in achieving desired outcomes.

Overall, our skills policy aims to elevate the overall skill level of our workforce, bridge gaps, and reduce inequalities in skill development, creating a diverse, inclusive, and adaptable workforce prepared for the dynamic healthcare environment.

Equal opportunity

NECS is committed to addressing inequalities within our organisation, evidenced by our ongoing reporting against the Workforce Race Equality Standard (WRES) and Workforce Disability Equality Standard (WDES). Through continuous efforts, we strive to enhance performance across all WRES and WDES indicators, gaining crucial insights into the challenges we face and working towards fostering a fairer, more inclusive workplace.

Our recruitment and selection policy reflects our commitment to positive discrimination through the Disability Confident scheme, ensuring that candidates are assessed solely based on their skills and relevant experiences. We take proactive measures to minimise opportunities for discrimination during recruitment by anonymising application forms and applying objective selection criteria. Furthermore, we maintain equitable pay across the organisation by adhering to NHS Agenda for Change pay rates.

Our training programmes prioritise Equality, Diversity, Inclusion, and Respect, creating an environment where diversity is celebrated, and equal opportunities are provided. We establish ground rules within teams to cultivate safe and inclusive learning environments, empowering every individual to realise their full potential.
To address inequality in training and development, we revamped our Talent Management Programme in 2020, offering stretch assignments and mentoring opportunities. Additionally, we introduced a 'reverse mentoring' programme, facilitating knowledge-sharing and enhancing employment prospects for colleagues from under-represented groups.

NECS focuses on enhancing experience, culture, and outcomes for all colleagues through an equality lens to support both protected and vulnerable groups. Leveraging insights from various reports and surveys, we have developed an Inclusion and Equality strategy encompassing communication pathways, workplace accessibility improvements, educational enhancements, workforce development support, and promotion of inclusive leadership.

These initiatives and policies are fundamental to our operations and will be upheld during the delivery of any call-off agreement. We remain open to sharing best practices with our suppliers and customers, fostering a culture of inclusivity and equity across our ecosystem.

Wellbeing

NECS prioritises good mental health and wellbeing among our employees, recognising the impact we have on wellbeing, longevity, physical health, and productivity. We are committed to implementing measures that encourage and promote a healthy workforce.

Our approach to managing health and wellbeing is integrated and comprehensive, overseen by our Health and Wellbeing Group who ensure that NECS takes a proactive and engaging stance towards enhancing the health and wellbeing of our employees, thereby fostering a supportive and nurturing work environment.

Our health and wellbeing champions play a pivotal role in promoting a culture that prioritises both the physical and mental health of our workforce. These champions not only support their colleagues but also receive support and development opportunities themselves, contributing to a mutually beneficial environment.

In line with our commitment to supporting mental health concerns, NECS has trained several employees as Mental Health First Aiders (MHFAs). While MHFAs are not clinically trained in mental health treatment, they are equipped to recognise early signs of mental health issues and provide responsive assistance, including signposting individuals to appropriate support services.
To further support employee wellbeing, we offer an Employee Assistance Programme, providing access to online Cognitive Behavioural Therapy (CBT), mindfulness exercises for mental health, a virtual gym, advice on sleep and nutrition for physical health.
We encourage employees to engage in volunteering initiatives through allocated time and funding. Since launching this programme in July 2023, employees have reported improvements in self-esteem, confidence, and work-life balance, along with the opportunity to learn new skills.

These initiatives and policies are integral to our operations and will be upheld during the delivery of any call-off agreement. Furthermore, we are committed to sharing our best practices with suppliers and customers, fostering a collaborative approach to promoting mental health and wellbeing across our ecosystem.

Pricing

Price
£30,000 a licence
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at necsu.busdev@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.