Care Banking

Care Banking : Safeguarding

Software supporting individualised care.
The social prescribing module can link to CHC, PHB or GP Clinical systems. The product is used to support Primary Care Networks PCNs and Social Prescribers or CCGs / LA teams.
Supporting : Social Prescription, invoicing, Self Care

Features

• Social prescribing marketplace
• Patient Empowerment
• Client Empowerment
• Monitoring and reporting capabilities for commissioners
• Accessible on laptop, PC, mobile and tablet
• Full auditing capabilities
• Improved client or patient outcomes

Benefits

• Creates a competitive marketplace for social prescriptions
• Aligns commissioners internal processes with aims of social prescriptions.
• full visibility of all transactions
• Improved visibility of spend
• Commissioners are able to monitor the quality of services/providers
• Increases flexibility and choice
• Full audit capability from assessment to service provision and invoicing

£1,000.00 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Info@carebanking.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

488755032717021

Contact

Sales
0203 633 1766
Info@carebanking.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Any software application used to capture Clinical needs or any brokerage software
• Cloud deployment model: Public cloud
• Service constraints: The most significant constraint relate to the versions of browser supported. Please contact us for a list of the browsers currently supported.
• System requirements:
  • A FTP link will need to be established
  • Certificates for encryption will need to be exchanged

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24 hours but not available at weekends
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Rate are set out in the rate card
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Documentation is provided along with web guides, onsite training can be provided.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A request is made to the supplier and we provide a single extract from the database, data is provided back in the format it was uploaded, ie single file un-indexed data.
• End-of-contract process: The provision of a single data extract is included in the price, additional effort would be charged on a day basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Only the screen format will change,its designed to adjust to the various user interfaces available
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Users can link clinical systems to the application to automate data transfers
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: The system architecture ensures scaling does not impact existing users.

Analytics

• Service usage metrics: Yes
• Metrics types: System usage by user or client
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: It depends on the users admin rights, most users can export data using the GUI export functions
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We can provide a service 24/7 although this does not allow for scheduled downtime for updates and customer requested stoppages. The guarantee is 90% against contracted hours. Contracted hours are agreed with the customer.
• Approach to resilience: Available on request
• Outage reporting: Outages are reported via email

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
• Access restrictions in management interfaces and support channels: The system has the concept of roles and responsibility, we use the roles to limit access to management interfaces and host critical applications separately to the main service.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS Digital, Information Governance toolkit requirements level 2,; Cyber essentials Plus
• Information security policies and processes: We have a information Governance steering group that reviews all policies and audits the application of them.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The code base is modular in construction, any module being updated is operationally tested offline for a month before being released to the live environment. Automated testing scripts are used to check security impact.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: The partnership with Santander Plc ensures we are informed of any security threats known to the banking sector.; Patches can be deployed as rapidly as 4 hours but typically take 24 hours.; Live monitoring of any threats is provided through monitoring software.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The system architecture prevents a large scale compromise, however we have continuous monitoring software to identify incidents and have been able to respond instantly.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are reported to the information governance steering group, these can be generated by users via email or though our own monitoring software.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  The organisation is working towards net zero greenhouse gas emissions and its founders proactively support the protection and redevelopment of woodlands. The long term aim is for the organisation to also champion the redevelopment of woodlands, when revenue and profits enable this commitment.
• Covid-19 recovery:

  Covid-19 recovery

  The organisation has undertaken to build upon its existing processes and to continue to ensure its recruitment practices and employment conditions are based on fair pay, participation and progression, voice and autonomy. We also aim to increase the opportunity for others via student placements, internships and apprenticeships In terms of mental wellbeing and improving workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions, we offer fully flexible working conditions; ie at home or office locations. For staff choosing to utilise the office environment we offer free breakfast, free drinks and evening bar, squash courts and Gym. Various internal training sessions, meditation, yoga and counselling when needed.
• Tackling economic inequality:

  Tackling economic inequality

  We aim to offer work experience and provide apprenticeships along with support for educational attainment relevant to the contracted work, including training schemes that address skills gaps and result in recognised qualifications. We are also offering secondment and volunteering opportunities.
• Equal opportunity:

  Equal opportunity

  Care Banking actively supports disabled people in developing new skills, in fact through our growth and product development phases we have work with severely disabled colleges to ensure our products meet the needs of our end users.
• Wellbeing:

  Wellbeing

  Care Banking provides a large range of wellbeing services for its staff, these include Gyms, Squash Courts, Breakfast, Social events, mindfulness courses, Yoga and a range of other activities specifically targeted at staff wellbeing.

Pricing

• Price: £1,000.00 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Info@carebanking.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.