DIGITAL CO-PRODUCTION LIMITED

Neuro-Development Pathway Management System

Case management software to manage referrals and "waiting-well signposting* for Neuro-Developmental conditions, such as Autistic Spectrum Disorder (ASD) and Attention-Deficit/Hyperactivity-Disorder (ADHD). Four stages in the tool, related to identifying issues / needs, gathering evidence, waiting well suggested support, decision on whether to make a referral and recording diagnosis decision.

Features

• Admin for approved organisations can create their own users
• Cases can be created by 'trusted' users or admin approved
• Stage 1 enables identification of needs / issues
• Stage 2 gathers information and signposts to appropriate local support
• Stage 3 enables a decision on submission for relevant referral
• Stage 4 steps through the diagnosis decision
• Case creator can invite other professionals to contribute online
• The majority of the text and dropdowns are configurable
• Details of each stage are available in PDF/CSV (and API)
• Citizens and all users are alerted and can track progress

Benefits

• Working in stages allows thinking and understanding before action
• PDF outputs allow passing of information to other professionals
• Online system allows patients and several professionals to work together
• More secure than hand-written form which is posted/passed around
• Gathered data used to interrogate Services Directory for suggested support
• Each area can use their own configuration for their cases
• Pathway assessors can give case lead feedback before final submission
• Data not stored indefinitely, passed to secure location on completion
• Management information available to manage referral processes
• Signposting to reduce reliance on and volumes of assessment

£49,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@digitalcoproduction.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

503080309845196

Contact

Ian Singleton
07747560429
ian@digitalcoproduction.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Place Based Directory of Services, which allows the information about local support and advice to be re-used more widely across other referrals or/and as a stand-alone Directory tool.; ; This enables a focus on "waiting well" to support people and reduce need for / reliance on assessment / diagnosis.
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: None other than a browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: As part of ticket submission, the user indicates their priority for resolution of the issue. The options; ; Business critical. Represents a complete loss of service or a significant feature that is completely unavailable, and no workaround exists. Does not include development issues / problems in test environments. Target resolution time - 2 hours; ; Degraded service. Includes intermittent issues and reduced quality of service. A workaround may be available. Does not include development / test environments. Target resolution time - 48 hours; ; General issue. Includes product questions and development issues. Respond within 24 hours with estimate of resolution.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: The ticketing system is part of the product costs. The resolution / response times are outlined in the previous question.; ; 6 half-days of on-site support is available during implementation.; Additional time can be made available, subject to SFIA rates - which equate to an average of £550 per day for non-development and £600 for development.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Implementation includes 6 half-days of on-site implementation support (for all implementation of any extension or new pathway), which will cover; o Kick-off meeting with stakeholders to agree roll-out plans and ambitions; o Training for place administrators; o Train-the-trainer training – for training of organisation administrators and for training of professionals ; o Importantly, it will include populating and agreeing the rules for reviewing and updating the Local Directory (of services to which households can be signposted) ; o Setting up agreed reporting.; The fees also include; • Online support videos and user documentation; • Online help-desk ticketing for the place administrators and any organisation administrators; • An annual review of the Place Based Directory – carried out as a one-off workshop with stakeholders to be identified by the client.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The data is always available through APIs. On an ongoing basis, it is expected that the client will be re-using the information as part of the process for carrying out the assessment, and to hold the records related to any ongoing treatment or support that may be provided. ; ; The details of this will be agreed at the outset - in terms of how the API outputs are re-used. The current set-up is the NDP Triage Manager system does not hold client details after the referral and sign posting is completed.; ; During implementation, it will be agreed how the data is handled at the end of the contract. Any data held inside the system for incomplete referrals will be made available in whatever format and whatever process is agreed.; ; The details held for all email addresses for all roles within the solution will be deleted.; In addition, the data for any referrals that remain in progress at contract end, will be made available in a format as requested by the client.
• End-of-contract process: Access to the solution will disabled to an agreed schedule with the client. ; ; In particular, we envisage that after an agreed date, that no new referrals will be started into the solution - to minimise the number of referrals that may start in a solution that is about to be disabled.; ; Access by different professionals will also disabled to an agreed schedule.; ; The data related to any referrals that remain live within the system on the contract end-date will be extracted and made available to the client through an agreed process in an agreed format.; ; Email addresses of all roles will be deleted.; ; Where the client wishes to maintain access to the information for any reason (but not update it), then this can be enabled at a highly discounted rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: It is the same software that is just responsive.; Some elements are designed with mobile in mind first and others with desktop in mind.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Common user design patterns have been used to promote familiarity and ease of use. Colour and themes are prioritised to identify calls to action, alerts and information notices whilst adhering to accessibility contrasts standards. Where icons are used tooltips are provided to explain their context.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The software is undergoing a program of work to invest in aria-labels for HTML standard bootstrap tags in our effort to constantly improve our accessibility and access via screen readers. This work is being tested with our product user group, which includes the needs of users who use assistive technology.
• API: Yes
• What users can and can't do using the API: The software supplies RESTful APIs and PHP that are fully functional, allowing both the read and write of application data. The RESTful API allows users with an authorised API key to access service data through GET, POST, PUT DELETE methods.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Implementation will ensure that the solution is interfaced for the Healthcare providers as necessary. This will focus on how they want to use the API.; ; The system is set-up to maximise the control that the local Place Administrators have on the ongoing maintenance of the solution. ; During initial implementation, we will support initial configuration (in particular the access and permissions for different "contributors" to the referrals (such as schools and Special Education Needs Co-Ordinators). Thereafter this type of configuration can be controlled by the client.; ; In addition, the interface and drop-down lists that drive the interface to the Local Directory (for local signposting), can also be configured and maintained locally.

Scaling

• Independence of resources: We maintain multiple scalable hosting resources whilst monitoring service performance. We are also able to temporarily disable or block users that may be abusing the service beyond the terms of reasonable usage.

Analytics

• Service usage metrics: Yes
• Metrics types: Total referral, signposting and assessment volumes - split both by referring organisations and each assessment provider.; ; Outcomes (percentages and split by different referring organisations) in terms of whether they are referred onward for assessment and the outcomes (to identify referrers frequently making referrals that do not meet the thresholds).; ; Average time and max and min time to completion of referrals – that is split out by referring organisations and split by assessment provider (where multiple healthcare providers carry out assessments for the same ND pathway). ; ; Analysis of signposting undertaken - both by volume and most used local support.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Data at rest is encrypted using an industry standard AES-256 encryption algorithm
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Use the APIs
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Infrastructurally, we leverage AWS’s IAM role restrictions and access keys to grant appropriate access

Availability and resilience

• Guaranteed availability: The application is a hosted by AWS and provides a 99.99% availability guarantee. It is, therefore, expected that the application will be available 24/7 but if the software does go down then it will be a priority for us to get it back as soon as possible. ; The performance should ensure that a frontline worker can use the software without causing frustrations.; If a client experiences inadequate performance or availability and can produce evidence to this end then they may exit their subscription at the end of that month.
• Approach to resilience: We use the AWS best practice for data redundancy including point-in-time backup and restore and by horizontally scaling resources. We also leverage a micro-service architecture.
• Outage reporting: Our infrastructure provides near-real-time email reports to our service support team who investigate and resolve any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to system management interfaces is restricted to individual static IP addresses accessible from our offices or via AWS IAM role restriction and access keys (for home workers).
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance is administered and operated by our Data Protection Officer and our assigned board member. Collectively they ensure that Digital CoProduction adheres to the Cybersecurity plan and mitigates any identified risks
• Information security policies and processes: We provide an Information Security policy, available upon request. Our assigned Data Protection Officer ensures enforced user access control via Google cloud and workspace and promotes systemwide use of cloud-based tools, for asset and content management. Our Data Protection Officer also conducts regular security reviews across Digital CoProduction.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration changes are tested on DEV systems. Once passed these changes are deployed into a STAGING host, then checked and undergo a step by step Quality Assurance testing process and finally after customer approval to LIVE. Further Quality assurance checks are carried out within LIVE before being made available to the customer.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are identified through internal development and testing and also AWS continually monitor, alert and patch our infrastructure
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified through internal development and testing, supplier notification or customer notification through our support system; The potential compromise is assessed to identify if there actually has been a compromise, and if so the severity. Remedial action is considered on a case-by-case basis; Potential compromises are logged as urgent priority.
• Incident management type: Supplier-defined controls
• Incident management approach: An incident can be reported via our support portal and then will be identified by our service desk team. The service desk team will analyse the incident and gather as much information as possible from log files, investigations etc. Following an incident, a report will be compiled and shared with the customer and any further actions clearly identified. All incidents are reviewed and discussed by our Security governance team on a quarterly basis in accordance with our security governance plan and risk tables.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  Post COVID 19, there has been a significant rise in diagnosis rates for both Autism Spectrum Disorder (ASD) and Attention Deficit, Hyperactivity Disorder).; ; Our solution enables people to be signposted to local support whilst they await their assessment. This supports the concept of "healthy waiting" - such that people can be supported with their needs from the outset, which does not rely upon a diagnosis.

  Equal opportunity

  As part of the set up of the Local Directory, we will support an exercise to increase an understanding across these local VCFSE providers of the need for them to deliver reasonable adjustments such that people with a wider set of disabilities / needs can access their support.; ; This will provide more equality of access to local support to people who are not neuro-typical.

  Wellbeing

  The solution enables signposting to local support from Voluntary, Community, Faith and Social Enterprise organisations (VCFSE).; ; This provides links for the user and their family to identify support for them - either in dealing with their needs / diagnosis. This may well prevent further escalation of their needs.; ; In addition, as part of the set up of the Local Directory, we will support an exercise to increase an understanding across these local VCFSE providers of the need for them to deliver reasonable adjustments such that people with a wider set of disabilities / needs can access their support.

Pricing

• Price: £49,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 1 month free access to the system for one email domain and max of 10 users.; ; The data will be test data only but can be transferred into the live version as part of the implementation.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@digitalcoproduction.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.