Skip to main content

Help us improve the Digital Marketplace - send your feedback

DBAX LTD

NHS EPRR Major Incident Management System

The Major Incident Management System (MIMS) is a web app that enables real-time communication between hospitals and ambulance trusts during major incidents. It tracks emergency bed availability, allows Methane incident reporting, and provides incident management features. The system ensures effective coordination and information sharing among stakeholders.

Features

  • Real-time tracking
  • Bed availability monitoring
  • Methane incident reporting
  • Incident management tools
  • Role-based access control

Benefits

  • Improved communication
  • Enhanced situational awareness
  • Efficient resource allocation
  • Streamlined incident response
  • Secure data management

Pricing

£12,000 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ilia.ryzhkov@dbax.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

5 1 5 3 6 2 2 3 9 2 6 5 1 8 2

Contact

DBAX LTD Ilia Ryzhkov
Telephone: 07479563847
Email: ilia.ryzhkov@dbax.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
N/a
System requirements
Whitelist IP certain addresses.

User support

Email or online ticketing support
Email or online ticketing
Support response times
10 business days
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
No
Onsite support
No
Support levels
Immediate Support:

Response Time: Within 1 business day for urgent needs
Cost: £150 + VAT per hour
Personnel: Direct support from a technical account manager

Standard Support:

Response Time: Within 10 business days for regular inquiries
Cost: £80 + VAT per hour
Personnel: Response from a cloud support engineer
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Users receive comprehensive support to start using the service effectively. Onsite training provides hands-on guidance tailored to specific organisational needs, while online training cover essential features and best practices. User documentation, including detailed manuals, FAQs, and quick-start guides, ensures consistent reference material is available. Additionally, support teams are on hand to address queries and provide further assistance, helping to streamline the onboarding process and encourage successful adoption.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
Markup
End-of-contract data extraction
At the end of the contract, we provide a straightforward process for users to extract their data. We will work with your organisation to determine the preferred format for the data export, such as CSV, JSON, or XML files. Our team will then generate the data export files containing all user data stored within the system.
The export process will be initiated by an authorised representative from your organisation submitting a data export request. We will securely transfer the exported data files to the designated contact using encrypted file transfer protocols. This ensures the data remains protected during the export and transfer process.
Additionally, we will provide documentation outlining the structure and schema of the exported data. This documentation will assist your organisation in understanding and utilising the exported data effectively.
Our goal is to make the data extraction process as smooth and efficient as possible, ensuring your organisation has full control and possession of your data when the contract concludes.
End-of-contract process
At the end of the contract, we ensure a smooth transition by:

Conducting knowledge transfer through documentation and training;
Providing configuration files, and relevant artifacts;
Assisting in migrating the software and data to your infrastructure in required;
Offering renewal options for continued support and maintenance;

If you choose not to renew, we securely transfer all data and provide necessary assistance for a seamless transition.
The contract price includes:

Software development and implementation
Integration with existing NHS systems
User training and documentation
Standard support and maintenance
Secure cloud hosting and infrastructure
Data backup and recovery

Additional costs may apply for:

Significant changes in project scope
Custom third-party integrations
Extensive data migration from legacy systems
Premium support or SLAs
Ongoing maintenance and enhancements after the initial contract

We provide transparent communication regarding pricing and potential additional costs, working closely with you to understand your needs and offer a detailed breakdown of the pricing structure.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Our service distinguishes between mobile and desktop platforms to enhance user experience. The mobile version is optimised for touch interactions and smaller screens, featuring larger buttons and streamlined menus for ease of use on the go. It focuses on core functionalities, maximising efficiency and conserving battery life. Conversely, the desktop version leverages more powerful hardware to provide a comprehensive suite of features, offering finer control suited to mouse and keyboard interactions. This dual approach ensures that users have the appropriate tools for any context, maximising productivity and accessibility.
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The service provides a web-based interface designed for NHS users. The interface is intuitive and user-friendly, featuring a clear layout with accessible menus and options. Users can navigate effortlessly through different modules to manage workflows, configure settings, and access data. High-contrast themes, adjustable text size, and logical navigation ensure accessibility for all. The interface is responsive, adapting seamlessly to mobile or desktop devices, enabling users to interact with the service on the go or from the office. Real-time data visualisation and comprehensive dashboards empower users to monitor progress and make informed decisions efficiently.
Accessibility standards
WCAG 2.1 A
Accessibility testing
The service interface undergoes extensive testing with users who rely on assistive technology to ensure optimal accessibility. During these testing sessions, individuals may use screen readers, voice recognition software, and alternative input devices to navigate through various modules, customise settings, and interact with data visualisations.

Feedback is carefully analysed to identify potential issues and refine the design. Logical tab navigation, descriptive alt text for images, keyboard shortcuts for essential functions, and high-contrast themes are implemented based on this feedback. These enhancements ensure compatibility with a wide range of assistive technologies, helping to create an inclusive, user-friendly interface that meets NHS accessibility requirements.
API
Yes
What users can and can't do using the API
How users can set up the service through the API:
Users can initialise the service via the REST API by first authenticating using OAuth2.0 to ensure secure access. Following authentication, users can configure their settings by sending JSON payloads to the API endpoints that specify their requirements and integration parameters. Documentation and SDKs are provided to facilitate easy setup."

How users can make changes through the API:
Changes to the service configuration can be made by submitting PUT requests to the appropriate API endpoints. This allows users to update settings or integrate additional features as their needs evolve. The API supports dynamic modifications, enabling users to adjust parameters such as access controls and data preferences in real-time.

Any limitations to how users can set up or make changes through the API:
While the API offers extensive flexibility, there are some limitations to ensure security and performance. Changes that might affect data integrity or security protocols require administrative privileges. Additionally, rate limits are imposed to prevent abuse and ensure equitable access for all users. These constraints are detailed in API documentation to provide transparency.
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Users have the flexibility to customise various aspects of the service to tailor it specifically to their needs. Customisable features include user interface elements, workflow configurations, data management settings, and integration options with other systems. Customisation can be achieved through email requests. Additionally, the REST API allows for more in-depth customisations, suitable for technical users who wish to integrate or extend the functionality further. Administrative users within the client organisation have the authority to customise settings, ensuring that adjustments are managed securely and compliantly.

Scaling

Independence of resources
To ensure users aren't affected by others' demand, we leverage scalable cloud technology. Our architecture is designed to automatically scale resources based on real-time usage patterns. Load balancers distribute traffic evenly across multiple server instances, preventing overload. Auto-scaling mechanisms dynamically adjust the number of instances to handle increased demand seamlessly. Resource allocation is optimised to maintain consistent performance for all users. Additionally, we implement rate limiting and throttling techniques to protect against excessive or abusive usage. By utilising these scalable cloud technologies and best practices, we guarantee a reliable and responsive service for every user, regardless of overall demand.

Analytics

Service usage metrics
Yes
Metrics types
We provide comprehensive service metrics for transparency and performance monitoring:

Uptime and availability
Performance metrics (page load time, server response, concurrent users)
Error and issue tracking
User adoption and engagement
Security metrics (incidents, vulnerability patching, audit results)
Maintenance and support (tickets, response time, satisfaction ratings)

Metrics are collected using industry-standard tools and presented in clear, actionable reports and dashboards. We offer customisation based on your specific requirements and KPIs. Our team works closely with you to define and track the most relevant metrics aligned with your organisation's goals.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We offer a simple process for users to export their data in CSV format:

Your authorised representatives initiate the data export request.
We generate CSV files containing all user data.
Exported CSV files are securely transferred to your designated contact.
Comprehensive documentation detailing the CSV structure is provided.
Our CSV export process ensures all relevant data is included, correctly formatted, and securely transferred. Clear documentation facilitates understanding and utilisation of the exported data. We are committed to making the export process straightforward, allowing your organisation to have full control of your data in a commonly used, accessible format.
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee a high level of availability for our services, with a target uptime of 99.9%. This means that our services will be accessible and operational for at least 99.9% of the time, excluding scheduled maintenance windows.
We strive to maintain high availability and minimise any disruptions to our services. However, in rare circumstances, unforeseen issues or emergencies may impact our ability to meet the guaranteed availability levels.
Approach to resilience
It is available on request.
Outage reporting
In the event of any service outages or disruptions, we promptly notify our users through email alerts. As soon as our monitoring systems detect an issue, an automated email is triggered and sent to the registered email addresses associated with the affected user accounts.
The email alert includes essential information about the outage, such as:

The start time of the outage
The affected services or components
The current status and any known details about the cause
The estimated time for resolution, if available

We strive to keep our users informed throughout the outage, providing regular updates via email until the issue is fully resolved. Once the service is restored, a final email notification is sent, confirming that the outage has been resolved and the services are back to normal operation.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Access to management interfaces and support channels is strictly controlled. Role-based access control (RBAC) is implemented, granting permissions based on the principle of least privilege. Multi-factor authentication (MFA) is enforced for all administrative access. Support staff undergo background checks and security training. Access is limited to authorised personnel and regularly reviewed. Privileged access sessions are monitored and logged for auditing purposes. Strong password policies and regular access reviews ensure the ongoing security of management interfaces. Communication through support channels is encrypted, and sensitive information is handled securely. Continuous monitoring and anomaly detection mechanisms alert us to any unauthorised access attempts.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our approach to security governance is based on the ISO/IEC 27001 standard. We have established a comprehensive Information Security Management System (ISMS) that encompasses policies, procedures, and controls to safeguard the confidentiality, integrity, and availability of our clients' data. Regular risk assessments, internal audits, and management reviews ensure continuous improvement of our security posture. We maintain ISO/IEC 27001 certification, demonstrating our commitment to industry best practices. Our dedicated security team oversees the implementation and enforcement of security measures, ensuring a robust and resilient security framework.
Information security policies and processes
We adhere to a comprehensive set of information security policies and processes in line with ISO/IEC 27001. These include:

Access control policies to manage user permissions and prevent unauthorised access
Data classification and handling procedures to ensure appropriate protection of sensitive information
Incident management processes for prompt detection, response, and resolution of security incidents
Business continuity and disaster recovery plans to minimise disruption during unforeseen events
Security awareness training for all employees to foster a strong security culture
Regular vulnerability assessments and penetration testing to identify and address potential weaknesses
Strict vendor management processes to ensure the security of third-party integrations
Compliance with relevant legal and regulatory requirements, such as GDPR and DPA 2018

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our configuration and change management processes are designed to maintain the integrity and security of our services. We employ version control systems to track and manage the lifecycle of all service components. Proposed changes undergo rigorous assessment, including security impact analysis, before implementation. Changes are tested in isolated environments and approved by designated personnel before deployment to production. Detailed documentation, including change logs and configuration baselines, is maintained for traceability. Post-implementation reviews ensure the effectiveness of changes. Our change management process is regularly audited to identify improvements and ensure adherence to best practices.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Our vulnerability management process is proactive and comprehensive. We continuously assess potential threats using a combination of automated scanning tools, security feeds, and intelligence from reputable sources like the National Cyber Security Centre (NCSC). Vulnerabilities are prioritised based on their criticality and potential impact. Patches are thoroughly tested and deployed promptly, following a risk-based approach. Critical patches are applied within 48 hours, while lower-risk vulnerabilities are addressed within predefined timeframes. We subscribe to security advisory services and participate in information-sharing communities to stay informed about emerging threats. Regular vulnerability scans and penetration tests validate the effectiveness of our patching process.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We employ advanced tools like IDS, SIEM, and log analysis to detect potential compromises in real-time. Automated alerts notify our security team, triggering an immediate response based on our incident response plan. The severity is assessed, and containment measures are implemented within 30 minutes of detection. Thorough investigations identify the root cause and extent of the compromise. Remediation actions, including patching and control enhancements, are promptly executed. Incidents are documented, and lessons learned drive continuous improvement. Regular testing and refinement of our incident response procedures ensure effective and timely resolution of potential compromises.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management processes are well-defined for efficient resolution. Pre-established procedures for common incidents enable quick responses. Users report incidents via helpdesk, email, or phone. Trained staff log and categorise incidents based on priority and impact. Specialised teams investigate and resolve incidents, maintaining clear communication with users. Comprehensive reports detail the root cause, actions taken, and preventive measures. Reports are shared with stakeholders for continuous improvement. Post-incident reviews identify enhancements. Regular updates align procedures with best practices and emerging threats.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • Police National Network (PNN)
  • NHS Network (N3)
  • Joint Academic Network (JANET)
  • Scottish Wide Area Network (SWAN)
  • Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

Cultural Shift towards Sustainability: We foster a culture of environmental responsibility amongst employees and partners, making sustainability a core aspect of our operational ethos. Waste Reduction Initiatives: We aim to minimise, with the goal of eventually eliminating, our waste output. This includes banning single-use plastics and promoting comprehensive recycling practices. Sustainable Work Practices: Encouraging remote working and reducing travel through advanced video conferencing technology to lower our carbon footprint. Energy Efficiency: We implement guidelines to ensure that all technology is powered down when not in use to conserve energy. Tree Planting: We actively engage in tree planting initiatives to enhance our local and global environment, contributing to carbon offsetting efforts. Volunteering Days: We support and encourage staff to engage in volunteering days, contributing to local community projects and environmental conservation efforts.

Covid-19 recovery

Mental Health Support: We provide continuous mental health support, including access to wellbeing coaches and regular virtual social gatherings to maintain team morale. Adapting Work Environments: We adapt our workplace policies to ensure they support COVID-19 recovery efforts, including promoting effective social distancing and sustainable commuting options. Community Engagement: We support local community initiatives, such as sponsoring activities that provide relief and support to those affected by the pandemic.

Tackling economic inequality

Support for Entrepreneurship: We create opportunities for new and small businesses, focusing on sectors that are strategic to economic growth and recovery. Employment Opportunities: We particularly target employment and training opportunities to individuals from underrepresented or disadvantaged backgrounds.

Equal opportunity

Inclusive Hiring Practices: We are committed to equality, diversity, and inclusion at every stage of our recruitment process, ensuring that we draw from a diverse talent pool. Community and Leadership Development: We actively work to improve access to leadership roles for underrepresented groups, including substantial support for initiatives designed to increase diversity within leadership positions in the community.

Wellbeing

Active Leisure Days: We promote active leisure days to support the physical and mental wellbeing of our team, fostering a balanced lifestyle. Comprehensive Wellbeing Support: Initiatives include frequent virtual social events and access to wellbeing resources to support both physical and mental health.

Pricing

Price
£12,000 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
The free version of the service includes a fully-functional prototype tailored to your requirements. It enables you to test core functionalities and assess suitability. However, advanced features, customisation options, and integration capabilities are limited. The prototype is available for a 30-day period.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ilia.ryzhkov@dbax.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.