SRCL LIMITED

FPM Core

FPM Core is a complete policy management and distribution system that comes with over 1000 policy templates, toolkits and letter templates to help you run a healthcare organisation.

Features

• Over 1000 policy templates, toolkits, letter templates and forms
• Automated policy content update from FPM.
• Assign policies to users for periodical review policy content
• Create custom policies to distribute to users
• Centralised policy variables allows your organisation to update multiple policies
• Assign policies to user to read and electronically sign
• Task system informs users for actions they need to complete
• System notifications to reminder user of outstanding tasks
• Policy compare and publish notes summarises changes to policy content
• Real times reporting on policy reviews and reading assignments

Benefits

• Policies kept current and aligned with applicable laws and regulations
• Ensure the organisation has visibility on policy compliance and adoption
• Centralised policy management reducing user administration effort
• Policy life cycle can be consistently managed and reviewed
• Manage and read policies content from multiple devices
• Manage and publish content from multiple devices
• Reduce environmental impact and compliance with NHS Paperless Agenda 2023

£320 to £595 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.twells@stericycle.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

503854924751788

Contact

Michael Twells
07595033735
michael.twells@stericycle.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: There are no constraints on using the FPM Core. It fully supports all web browsers (incl. IE11 and above) and mobile devices. Maintenance windows are outside of core hours.
• System requirements:
  • Internet Access
  • Basic Hardware

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support queries are monitored Monday to Thursday 9.00AM to 5.00PM and Friday 9:00AM to 4:30PM (excluding bank holidays). ; ; Support tickets are instantly acknowledged and customers issues a unique reference ID. A support engineer will contact the customer within 24 hours if they need further information, with resolutions confirmed or resolution time agreed within 48 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support queries are monitored Monday to Thursday 9.00AM to 5.00PM and Friday 9:00AM to 4:30PM (excluding bank holidays).; ; Support tickets are instantly acknowledged and customers issues a unique reference ID. Tickets are allocated on a first come first served bases by a department of technical support engineers. There is universal support for the service that is included in the annual price.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training can be arranged as required, however our system is designed with intuitiveness and user-friendliness in mind.; ; Full documentation for system configuration and workflows is provided in online help guides.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of the contract, if the customer wishes not to renew they will have two option.; ; Option 1: Request an extract of all custom policies they have created during their contact. They will be provided with an extract containing their custom policies in a word format. This extract will be done at no charge.; ; Option 2: Request an extract of all policies in the customers instance. This will incur a cost equal to 1 year subscription fee.
• End-of-contract process: The customer subscription, training, documentation, support (if applicable) and product updates are all included in the single subscription price. Contracts are a minimum of 1 year. At the end of the year, if the customer does not wish to renew they are required to give 90 days notice. All data is archived and then securely deleted after a predefined period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The product uses responsive design so it will display on all mobile devices allowing users to complete policy workflows and access policy content.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service can be accessed via a web browser interface. Supported browsers are Internet Explorer 11, Microsoft Edge, Firefox, Chrome, Safari and Opera. The service has been designed to also be used on mobile devices.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Platform has been tested using multiple accessibility compliance tools such as aXe.
• API: No
• Customisation available: No

Scaling

• Independence of resources: We have over a 50% resource buffer on our platform to cover anomalous spikes in use. We monitor the systems for average use, and have the capacity for growth if and when needed.

Analytics

• Service usage metrics: Yes
• Metrics types: Policy and user based reporting are accessible via real time dashboard within the application.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Software encryption
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: FPM Core provides a standard set of reports within the application that can be exported to CSV files.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% up time guarantee
• Approach to resilience: Available on Request
• Outage reporting: If there was an unplanned service outage we would contact affected customers via an email alert and help centre notifications. Affected customers would also see in application information alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Management portal is limited to internal access via our private network/VPN Tunnel, additionally requiring specific user group permissions, and still requiring a username and password.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Wordplay
• PCI DSS accreditation date: 07/10/2021
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance is subject to best practice and leading industry standards but not officially accredited
• Information security policies and processes: Our security policies are independent and in-house but ensure:; ; Authorised access is enforced,; All sensitive data is encrypted and verified,; All access is recorded and audited,; All data is transferred securely

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Software changes are subject to a standard requirements definition process and reviewed by senior functional and security design resource before being approved for development.; ; Once developed, changes are assigned to a specific release, with this release passing through a defined 'path to live' - escalating from development to test environment before being placed in a stage environment for final checks.; ; New changes, once developed are reviewed by a security test specialist and also subject to ongoing vulnerability scanning and penetration testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We subscribe to several security information outlets to help remain agile in response to emerging threats. Our third party host also keeps all clients informed of identified threats and remediation. We do standard patching on a monthly basis and have procedure in place for "emergency patching" if necessary.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Have third party threat solution that does regular scanning of the system and we receive alerts if a threat is found. We would respond immediately to any realised threat.
• Incident management type: Supplier-defined controls
• Incident management approach: User are able to report any incidents through normal customer service channels, and we will follow our triage process - escalating to relevant mangers etc where necessary. Any reports will be distributed to relevant parties.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a major supplier to the NHS we are committed to reducing cost but also to reducing our impact on the environment. We are continuously developing solutions and assessing the marketplace to identify opportunities to reduce the impact of our services on the environment. FPM has reduced its carbon emissions by migrating our infrastructure resulting in the need to less servers. All FPM solutions are designed to help NHS organisations reduce their carbon footprint, from online consultation via their website or online policies and procedures reducing the need for paper copies which feed in the NHS paperless agenda. FPM has also shifted the majority of the training business online to reduce travel of trainers and participates to attend the training.

  Covid-19 recovery

  As frontline service providers for the NHS, both FPM and Stericycle were deeply engaged in the NHS’ response to the COVID 19 pandemic. Both organisations adapted their services and support to ensure that their NHS customers were able to continue to deliver services during that period of unparalleled pressure. The learnings and enhancements made to the whole Stericycle business as a result of the pandemic have resulted in a more robust and resilient structure that will mitigate the risks of any future pandemic.

  Tackling economic inequality

  We are committed to ensuring that we support all our staff and their families with pay packages and associated benefits packages that ensure that they never experience economic inequality. All FPM staff are paid well above the real living wage and we are committed to ensuring that this remains in place and will do so for the duration of the framework. ; ; Additionally, we are committed to supporting the local economies in which we operate. We utilise local SME businesses to provide ancillary support services such as facilities management and courier services.; ; We are fully compliant with requirements to identify and tackle Modern Slavery in our business and in our supply chain. We conduct detailed due diligence on all suppliers and will, where possible, provide support and guidance for our SME suppliers in identifying and tackling Modern Slavery in their supply chains.; ; On a number of Stericycle’s NHS contracts we run projects to support job seekers in their endeavours. Our highly skilled recruitment team work with the Trust and local employment and/or disability groups to deliver CV writing and interview preparation courses. The courses are designed to build confidence for candidates and to help them build job seeking skills.

  Equal opportunity

  We are committed to driving and delivering equal opportunities across all businesses and areas of operations. As part of a global PLC, headed by Cindy Millar, FPM is required to adhere to and promote the employee Code of Conduct that details our corporate commitments to diversity and equality. Across the whole business, there are established committees working to promote the voices and successes of all communities that make up the Stericycle family.; ; To ensure we are promoting wider equal opportunities, part of all due diligence of our suppliers is that they agree to adhere to our Supplier Code of Conduct which requires them to have documented equality and diversity policies.

  Wellbeing

  Across the whole Stericycle business in the UK we have implemented a wellbeing enhancement programme that incorporates mental health support initiatives, fair work practices and financial support initiatives.; ; At every Stericycle facility we have sought volunteers to become mental health champions. Volunteers go through 25 hours of paid-for training with an external provider to help them identify and support colleagues who may be experiencing mental health difficulties. To date we have trained 13 champions across our business and also can provide this facility to our customer base as part of our Social Value commitments.; ; Across many areas of our business we offer preferred shift patterns and, where appropriate, home or remote working to support wellbeing. These initiatives are well received and have resulted in better outcomes for both employees and the business.; ; To support employees that may experience unexpected financial difficulty we have instituted a programme called SteriCares that can provide short-term, immediate financial support to struggling colleagues and their families. The programme is funded through salary sacrifice from colleagues across our whole business. To date, the fund has generated over £20,000 in donations in the UK and has been used to support any colleagues that need it. Although not in massive demand it provides an extra level of comfort and support for our personnel.; ; As part of a wider organisation, Stericycle, that is committed to good corporate citizenship, we have access to significant resources that develop programmes across our NHS customer base to deliver against the social value objectives. We will utilise the skills and knowledge developed across our business to tailor or develop specific programmes for our new customers that deliver actual social value to their communities.

Pricing

• Price: £320 to £595 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.twells@stericycle.com. Tell them what format you need. It will help if you say what assistive technology you use.