NHS EPRR Major Incident Management System
The Major Incident Management System (MIMS) is a web app that enables real-time communication between hospitals and ambulance trusts during major incidents. It tracks emergency bed availability, allows Methane incident reporting, and provides incident management features. The system ensures effective coordination and information sharing among stakeholders.
Features
- Real-time tracking
- Bed availability monitoring
- Methane incident reporting
- Incident management tools
- Role-based access control
Benefits
- Improved communication
- Enhanced situational awareness
- Efficient resource allocation
- Streamlined incident response
- Secure data management
Pricing
£12,000 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 1 5 3 6 2 2 3 9 2 6 5 1 8 2
Contact
DBAX LTD
Ilia Ryzhkov
Telephone: 07479563847
Email: ilia.ryzhkov@dbax.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- N/a
- System requirements
- Whitelist IP certain addresses.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- 10 business days
- User can manage status and priority of support tickets
- No
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
-
Immediate Support:
Response Time: Within 1 business day for urgent needs
Cost: £150 + VAT per hour
Personnel: Direct support from a technical account manager
Standard Support:
Response Time: Within 10 business days for regular inquiries
Cost: £80 + VAT per hour
Personnel: Response from a cloud support engineer - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Users receive comprehensive support to start using the service effectively. Onsite training provides hands-on guidance tailored to specific organisational needs, while online training cover essential features and best practices. User documentation, including detailed manuals, FAQs, and quick-start guides, ensures consistent reference material is available. Additionally, support teams are on hand to address queries and provide further assistance, helping to streamline the onboarding process and encourage successful adoption.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- Other
- Other documentation formats
- Markup
- End-of-contract data extraction
-
At the end of the contract, we provide a straightforward process for users to extract their data. We will work with your organisation to determine the preferred format for the data export, such as CSV, JSON, or XML files. Our team will then generate the data export files containing all user data stored within the system.
The export process will be initiated by an authorised representative from your organisation submitting a data export request. We will securely transfer the exported data files to the designated contact using encrypted file transfer protocols. This ensures the data remains protected during the export and transfer process.
Additionally, we will provide documentation outlining the structure and schema of the exported data. This documentation will assist your organisation in understanding and utilising the exported data effectively.
Our goal is to make the data extraction process as smooth and efficient as possible, ensuring your organisation has full control and possession of your data when the contract concludes. - End-of-contract process
-
At the end of the contract, we ensure a smooth transition by:
Conducting knowledge transfer through documentation and training;
Providing configuration files, and relevant artifacts;
Assisting in migrating the software and data to your infrastructure in required;
Offering renewal options for continued support and maintenance;
If you choose not to renew, we securely transfer all data and provide necessary assistance for a seamless transition.
The contract price includes:
Software development and implementation
Integration with existing NHS systems
User training and documentation
Standard support and maintenance
Secure cloud hosting and infrastructure
Data backup and recovery
Additional costs may apply for:
Significant changes in project scope
Custom third-party integrations
Extensive data migration from legacy systems
Premium support or SLAs
Ongoing maintenance and enhancements after the initial contract
We provide transparent communication regarding pricing and potential additional costs, working closely with you to understand your needs and offer a detailed breakdown of the pricing structure.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Our service distinguishes between mobile and desktop platforms to enhance user experience. The mobile version is optimised for touch interactions and smaller screens, featuring larger buttons and streamlined menus for ease of use on the go. It focuses on core functionalities, maximising efficiency and conserving battery life. Conversely, the desktop version leverages more powerful hardware to provide a comprehensive suite of features, offering finer control suited to mouse and keyboard interactions. This dual approach ensures that users have the appropriate tools for any context, maximising productivity and accessibility.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- The service provides a web-based interface designed for NHS users. The interface is intuitive and user-friendly, featuring a clear layout with accessible menus and options. Users can navigate effortlessly through different modules to manage workflows, configure settings, and access data. High-contrast themes, adjustable text size, and logical navigation ensure accessibility for all. The interface is responsive, adapting seamlessly to mobile or desktop devices, enabling users to interact with the service on the go or from the office. Real-time data visualisation and comprehensive dashboards empower users to monitor progress and make informed decisions efficiently.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
-
The service interface undergoes extensive testing with users who rely on assistive technology to ensure optimal accessibility. During these testing sessions, individuals may use screen readers, voice recognition software, and alternative input devices to navigate through various modules, customise settings, and interact with data visualisations.
Feedback is carefully analysed to identify potential issues and refine the design. Logical tab navigation, descriptive alt text for images, keyboard shortcuts for essential functions, and high-contrast themes are implemented based on this feedback. These enhancements ensure compatibility with a wide range of assistive technologies, helping to create an inclusive, user-friendly interface that meets NHS accessibility requirements. - API
- Yes
- What users can and can't do using the API
-
How users can set up the service through the API:
Users can initialise the service via the REST API by first authenticating using OAuth2.0 to ensure secure access. Following authentication, users can configure their settings by sending JSON payloads to the API endpoints that specify their requirements and integration parameters. Documentation and SDKs are provided to facilitate easy setup."
How users can make changes through the API:
Changes to the service configuration can be made by submitting PUT requests to the appropriate API endpoints. This allows users to update settings or integrate additional features as their needs evolve. The API supports dynamic modifications, enabling users to adjust parameters such as access controls and data preferences in real-time.
Any limitations to how users can set up or make changes through the API:
While the API offers extensive flexibility, there are some limitations to ensure security and performance. Changes that might affect data integrity or security protocols require administrative privileges. Additionally, rate limits are imposed to prevent abuse and ensure equitable access for all users. These constraints are detailed in API documentation to provide transparency. - API documentation
- Yes
- API documentation formats
-
- Other
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Users have the flexibility to customise various aspects of the service to tailor it specifically to their needs. Customisable features include user interface elements, workflow configurations, data management settings, and integration options with other systems. Customisation can be achieved through email requests. Additionally, the REST API allows for more in-depth customisations, suitable for technical users who wish to integrate or extend the functionality further. Administrative users within the client organisation have the authority to customise settings, ensuring that adjustments are managed securely and compliantly.
Scaling
- Independence of resources
- To ensure users aren't affected by others' demand, we leverage scalable cloud technology. Our architecture is designed to automatically scale resources based on real-time usage patterns. Load balancers distribute traffic evenly across multiple server instances, preventing overload. Auto-scaling mechanisms dynamically adjust the number of instances to handle increased demand seamlessly. Resource allocation is optimised to maintain consistent performance for all users. Additionally, we implement rate limiting and throttling techniques to protect against excessive or abusive usage. By utilising these scalable cloud technologies and best practices, we guarantee a reliable and responsive service for every user, regardless of overall demand.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
We provide comprehensive service metrics for transparency and performance monitoring:
Uptime and availability
Performance metrics (page load time, server response, concurrent users)
Error and issue tracking
User adoption and engagement
Security metrics (incidents, vulnerability patching, audit results)
Maintenance and support (tickets, response time, satisfaction ratings)
Metrics are collected using industry-standard tools and presented in clear, actionable reports and dashboards. We offer customisation based on your specific requirements and KPIs. Our team works closely with you to define and track the most relevant metrics aligned with your organisation's goals. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
We offer a simple process for users to export their data in CSV format:
Your authorised representatives initiate the data export request.
We generate CSV files containing all user data.
Exported CSV files are securely transferred to your designated contact.
Comprehensive documentation detailing the CSV structure is provided.
Our CSV export process ensures all relevant data is included, correctly formatted, and securely transferred. Clear documentation facilitates understanding and utilisation of the exported data. We are committed to making the export process straightforward, allowing your organisation to have full control of your data in a commonly used, accessible format. - Data export formats
-
- CSV
- ODF
- Data import formats
-
- CSV
- ODF
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We guarantee a high level of availability for our services, with a target uptime of 99.9%. This means that our services will be accessible and operational for at least 99.9% of the time, excluding scheduled maintenance windows.
We strive to maintain high availability and minimise any disruptions to our services. However, in rare circumstances, unforeseen issues or emergencies may impact our ability to meet the guaranteed availability levels. - Approach to resilience
- It is available on request.
- Outage reporting
-
In the event of any service outages or disruptions, we promptly notify our users through email alerts. As soon as our monitoring systems detect an issue, an automated email is triggered and sent to the registered email addresses associated with the affected user accounts.
The email alert includes essential information about the outage, such as:
The start time of the outage
The affected services or components
The current status and any known details about the cause
The estimated time for resolution, if available
We strive to keep our users informed throughout the outage, providing regular updates via email until the issue is fully resolved. Once the service is restored, a final email notification is sent, confirming that the outage has been resolved and the services are back to normal operation.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Access restrictions in management interfaces and support channels
- Access to management interfaces and support channels is strictly controlled. Role-based access control (RBAC) is implemented, granting permissions based on the principle of least privilege. Multi-factor authentication (MFA) is enforced for all administrative access. Support staff undergo background checks and security training. Access is limited to authorised personnel and regularly reviewed. Privileged access sessions are monitored and logged for auditing purposes. Strong password policies and regular access reviews ensure the ongoing security of management interfaces. Communication through support channels is encrypted, and sensitive information is handled securely. Continuous monitoring and anomaly detection mechanisms alert us to any unauthorised access attempts.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- Between 1 month and 6 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Our approach to security governance is based on the ISO/IEC 27001 standard. We have established a comprehensive Information Security Management System (ISMS) that encompasses policies, procedures, and controls to safeguard the confidentiality, integrity, and availability of our clients' data. Regular risk assessments, internal audits, and management reviews ensure continuous improvement of our security posture. We maintain ISO/IEC 27001 certification, demonstrating our commitment to industry best practices. Our dedicated security team oversees the implementation and enforcement of security measures, ensuring a robust and resilient security framework.
- Information security policies and processes
-
We adhere to a comprehensive set of information security policies and processes in line with ISO/IEC 27001. These include:
Access control policies to manage user permissions and prevent unauthorised access
Data classification and handling procedures to ensure appropriate protection of sensitive information
Incident management processes for prompt detection, response, and resolution of security incidents
Business continuity and disaster recovery plans to minimise disruption during unforeseen events
Security awareness training for all employees to foster a strong security culture
Regular vulnerability assessments and penetration testing to identify and address potential weaknesses
Strict vendor management processes to ensure the security of third-party integrations
Compliance with relevant legal and regulatory requirements, such as GDPR and DPA 2018
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Our configuration and change management processes are designed to maintain the integrity and security of our services. We employ version control systems to track and manage the lifecycle of all service components. Proposed changes undergo rigorous assessment, including security impact analysis, before implementation. Changes are tested in isolated environments and approved by designated personnel before deployment to production. Detailed documentation, including change logs and configuration baselines, is maintained for traceability. Post-implementation reviews ensure the effectiveness of changes. Our change management process is regularly audited to identify improvements and ensure adherence to best practices.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- Our vulnerability management process is proactive and comprehensive. We continuously assess potential threats using a combination of automated scanning tools, security feeds, and intelligence from reputable sources like the National Cyber Security Centre (NCSC). Vulnerabilities are prioritised based on their criticality and potential impact. Patches are thoroughly tested and deployed promptly, following a risk-based approach. Critical patches are applied within 48 hours, while lower-risk vulnerabilities are addressed within predefined timeframes. We subscribe to security advisory services and participate in information-sharing communities to stay informed about emerging threats. Regular vulnerability scans and penetration tests validate the effectiveness of our patching process.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- We employ advanced tools like IDS, SIEM, and log analysis to detect potential compromises in real-time. Automated alerts notify our security team, triggering an immediate response based on our incident response plan. The severity is assessed, and containment measures are implemented within 30 minutes of detection. Thorough investigations identify the root cause and extent of the compromise. Remediation actions, including patching and control enhancements, are promptly executed. Incidents are documented, and lessons learned drive continuous improvement. Regular testing and refinement of our incident response procedures ensure effective and timely resolution of potential compromises.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Our incident management processes are well-defined for efficient resolution. Pre-established procedures for common incidents enable quick responses. Users report incidents via helpdesk, email, or phone. Trained staff log and categorise incidents based on priority and impact. Specialised teams investigate and resolve incidents, maintaining clear communication with users. Comprehensive reports detail the root cause, actions taken, and preventive measures. Reports are shared with stakeholders for continuous improvement. Post-incident reviews identify enhancements. Regular updates align procedures with best practices and emerging threats.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- Police National Network (PNN)
- NHS Network (N3)
- Joint Academic Network (JANET)
- Scottish Wide Area Network (SWAN)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Cultural Shift towards Sustainability: We foster a culture of environmental responsibility amongst employees and partners, making sustainability a core aspect of our operational ethos. Waste Reduction Initiatives: We aim to minimise, with the goal of eventually eliminating, our waste output. This includes banning single-use plastics and promoting comprehensive recycling practices. Sustainable Work Practices: Encouraging remote working and reducing travel through advanced video conferencing technology to lower our carbon footprint. Energy Efficiency: We implement guidelines to ensure that all technology is powered down when not in use to conserve energy. Tree Planting: We actively engage in tree planting initiatives to enhance our local and global environment, contributing to carbon offsetting efforts. Volunteering Days: We support and encourage staff to engage in volunteering days, contributing to local community projects and environmental conservation efforts.Covid-19 recovery
Mental Health Support: We provide continuous mental health support, including access to wellbeing coaches and regular virtual social gatherings to maintain team morale. Adapting Work Environments: We adapt our workplace policies to ensure they support COVID-19 recovery efforts, including promoting effective social distancing and sustainable commuting options. Community Engagement: We support local community initiatives, such as sponsoring activities that provide relief and support to those affected by the pandemic.Tackling economic inequality
Support for Entrepreneurship: We create opportunities for new and small businesses, focusing on sectors that are strategic to economic growth and recovery. Employment Opportunities: We particularly target employment and training opportunities to individuals from underrepresented or disadvantaged backgrounds.Equal opportunity
Inclusive Hiring Practices: We are committed to equality, diversity, and inclusion at every stage of our recruitment process, ensuring that we draw from a diverse talent pool. Community and Leadership Development: We actively work to improve access to leadership roles for underrepresented groups, including substantial support for initiatives designed to increase diversity within leadership positions in the community.Wellbeing
Active Leisure Days: We promote active leisure days to support the physical and mental wellbeing of our team, fostering a balanced lifestyle. Comprehensive Wellbeing Support: Initiatives include frequent virtual social events and access to wellbeing resources to support both physical and mental health.
Pricing
- Price
- £12,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- The free version of the service includes a fully-functional prototype tailored to your requirements. It enables you to test core functionalities and assess suitability. However, advanced features, customisation options, and integration capabilities are limited. The prototype is available for a 30-day period.