Medical Banks Limited

Soft Recruit (Vendor Management Software) copy

Soft Recruit vendor management system manages the provision of agency staff for hospitals. The VMS manages the entire agency framework process from the publishing of job requests to frameworks, candidate submission and confirmation, electronic time sheets, invoice validation, direct engagement and real-time reporting.

Features

• Simple intuitive user interfaces (desktop, tablets)
• Captures exact staffing requirements and publishes to agency framework
• Cascades jobs in accordance with your framework agreements
• Automation of job allocation with framework agency
• Real-time compliance – Manages agency compliance
• Performance management – calculates agency fill rates
• Highly configurable to match the precise needs of the customer
• Communicates automatically with agency framework
• Real-time roster and financial reports
• Booking, Timesheet and Billing management

Benefits

• Risk Management - Keeps you compliant to your framework agreement
• Provides clarity and visibility on agency expenditure
• Facilitates multiple rate cards and rate caps across multiple professions
• Agency VAT Recovery - facilitates direct and indirect engagement contracts
• Vastly reduces administration overhead
• Real-time access to customisable management information reports
• Provides agencies with direct online access to vacant shifts
• Ensures accurate billing and compliance to hourly rates
• Instant invoice reconciliation

£25,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rod@medibanks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

473164497815739

Contact

Rod McGovern
02033550582
rod@medibanks.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Internet Access
  • PDF reader
  • Excel for M.I. reports

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 Hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Our web chat is accessible from the user online portal and will connect you to our support centre during operating hours or you can leave a message during out of hours.
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: Level 0 is provided by the system i.e. automated system support. This is included in the subscription cost; ; Level 1 support is provided by trained client administrators. This is also the escalation point for higher levels of support provided by MediBanks technicians. ; ; Level 2 and 3 (and, where relevant Level 4 support) is provided by MediBanks. Access to these support levels is via formal escalation from level 1 support. This is included in the subscription cost.; ; Onsite training can be provided in accordance to our rate card. ; ; MediBanks provides technical account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: During implementation the implementation team will define and implement an agreed training schedule. This training is required for administrative staff only. ; ; From an end user perspective, this system is highly intuitive and therefore guidance is provided via user help guides such as FAQ's and video tutorials embedded throughout the system.
• Service documentation: No
• End-of-contract data extraction: Upon termination of a contract all client related data can be provided in CSV format.
• End-of-contract process: At the end of the contract, data extraction to CSV is provided at no extra cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile Site; If accessed via a web browser on a mobile device the users will have full functionality.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our service interface provides users with access to a full control to manage their account.
• Accessibility standards: None or don’t know
• Description of accessibility: Our service interface is accessible via a login portal we provide to active clients.
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: An API is available for the framework agencies to receive, confirm and cancel bookings. Timesheet API's are also available.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Clients can configure the system to meet their custom requirements/workflows within the constraints of the overall system. Configuration options are available through the client administrator portal. Client users with appropriate administrative access can edit configuration options.

Scaling

• Independence of resources: MediBanks is hosted by Sungard Availability Services. Sungard AS are a recognised market leader in global cloud hosting services. Our SLA with Sungard includes:; ; 1. Redundancy - a minimum level of redundancy on our servers to allow for peaks in service or system failure. ; ; 2. 99.8% up time/availability; ; 3. Access to sufficient servers to allow us to maintain our redundancy and uptime standards as we increase the number or service clients.

Analytics

• Service usage metrics: Yes
• Metrics types: Yes we do provide service usage metrics. ; ; User reports detail the number of active users, user logins, browsers employed and so forth.; ; Booking and placement reports detail the number of jobs placed on the system and their associated fill rates.; ; Financial reports detail the amount of money processed via MediBanks also detailing accruals, savings achieved and future liabilities.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data via the reports tab of their online portal. These reports can be customised to the users preferences via a data picker and are exported in a standard excel format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The hosting platform is based in Sungard Availability Services. This provides high availability failover and failback options that keep critical applications up and running.; ; The infrastructure is based on dedicated high availability devices providing packet filtering and load balancing service.; ; Uptime is over 99.8% and in the unlikely event of failure refunds for downtime are provided on a pro-rata basis of the licence fee.
• Approach to resilience: The hosting platform is based in Sungard Availability Services. Full details are available on request.
• Outage reporting: In the event of an outage we depend on email to notify user of system outages and service updates.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces and support channels are restricted by IP address. This is addition to the normal user login processes and user profile permissions.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 27001: 2013

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are in the process of obtaining ISO/IEC 27001 accreditation. We currently hold ISO 9001:2008 accreditation.
• Information security policies and processes: We currently hold ISO 9001:2008 accreditation. This certification is audited annually. ; ; Our staff are well versed in these policies with regular training provided for the same. ; ; Managers are responsible for the day to day adherence of our security policies. Any breaches of policy must be reported to the IT Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an active Product Development Roadmap. Changes to the system are subject to our Change Control Process (CCP). ; ; Enhancements to the system arise from one of three main sources:; ; • Anticipated Needs; • Client Issues; • Client Opportunities; ; Enhancements are assessed against:; • Benefit ; • Client impact; • Development Cost ; • Development duration ; • Regression impact ; • Risk Assessment (including risks associated with the regression impact); ; Approved enhancements are integrated into the development roadmap. ; ; Enhancements are developed in accordance with our overall development model: (1. Discovery, 2. Develop, 3. Test (including regression testing), 4. Deploy and 5. support handover).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a threat manager service on our hosted platform which monitors, analyzes and logs security events based on non-SSL traffic to customer identified nodes in real time using hardened security appliances. ; ; This service is comprised of ; ; i) a hardened sensor appliance; ; ; ii) logical and dynamic system analysis; ; ; iii) sensor tuning and optimization; ; ; iv) on-going threat and vulnerability signature updates; ; ; v) intrusion detection services; ; ; vi) asset identification and criticality ranking; ; ; vii) vulnerability assessments and reporting; ; ; vii)web portal; ; ; ix) customer selected notification of detected threats via e-mail or page;; ; x) Service-software patches, upgrades and updates;; ; Patches are deployed immediately/ASAP
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are monitored via our threat monitor service. Also internally we have monitors for network traffic to identify potential DOS attacks, server and db usage information, fileserver throughput - often times significant traffic from a particular source is indicative of an attack. ; ; Potential compromises are always examined immediately upon discovery. Responses start by analysing server logs, to running different commands on the server to identify any bottlenecks caused. ; ; Response time is immediate, with focus on returning the service as soon as practicable, resolution time often is determined by the seriousness of the compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: The company maintains an incident register where all incidents are logged and managed. ; ; All incidents are reported by users or staff are recorded on the incident register where the severity of the incident is asssessed and appropriate action is taken by the manager responsible. ; ; Incident reports are available electronically are the register is electronic and incident reports with their resolution are issued to the user in question if applicable.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  At Medibanks, we’ve long believed that capital and talent will increasingly shift from organizations that only create value for shareholders to those who create long-term value for all stakeholders, including employees, customers, suppliers and communities. We are constantly learning through our own purpose journey and applying the long-term value framework to help define and measure our own ambition.; Employment; • Implementing recruitment practices and employment conditions, such as the five foundational principles of quality work set out in the Good Work Plan that will attract good candidates from all backgrounds, minimise turnover of staff and improve productivity.; ; • Offering opportunities for work experience or similar activities.; ; • Providing apprenticeships, and traineeships.

Pricing

• Price: £25,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rod@medibanks.com. Tell them what format you need. It will help if you say what assistive technology you use.