Bramble Hub Limited

Bramble Hub OpusVL - Odoo Open Source NHS Billing System

The Odoo Open Source NHS Billing System, currently underpinning the GPIT Futures Programme, is a powerful time and usage-based billing system that automatically accounts for any changes that happen throughout a contract, processing the highest resolution data in real-time therefore reducing the need for later adjustments.

Features

• End-to-end solution
• Fully integrated with existing operational systems
• Automated tri-party billing
• Holistic view of real-time data
• Open Source and Open Standards
• Time Period billing
• Rewindable transactions
• Customisable to fit around any way of working
• Joined-up operations
• Reporting functionality

Benefits

• Low effort and sustainable operations
• Able to process over £100m per year
• Unique off-the-shelf system with room for bespoke development
• No vendor lock-in
• No license fees
• Scalable
• Business decisions informed by highest resolution of real-time data
• Works with existing systems
• Open Source and Open Standards
• Manage tri-party billing

£30,000 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@bramblehub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

516235793989375

Contact

Geoff Couling
+44 (0) 2077350030
contact@bramblehub.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: No contraints
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times vary between 1 hour to 2 business days and are dependent on the existing support contract and ticket priority as agreed with the customer.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There are 3 different support levels that relate to the severity of the customer's issue. These will all be charged at an hourly rate of £120.; ; - Level 1: Issues causing a major impact on business - response time is 1 hour and we will allocate resources to resolving issues as a priority; - Level 2: Issues causing an intermittent impact on business- response time is 6 hours and we will allocate resources to resolving issues at the earliest opportunity; - Level 3: Minor issues - response time is 2 business days and we will allocate resources as mutually agreed with the customer
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We offer flexible training options, which includes the provision of a demo instance for users to test, onsite or online training and documentation. This are dependent on what the customer requires, however all needs are catered for.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Data can be extracted either through spreadsheet or database export, at the discretion of the customer.
• End-of-contract process: Data can be exported and information held within the system at no extra cost, as this is included in the customer contract. There is also the opportunity for us to provide data processing services, however this does come at an additional cost to the customer.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Dedicated mobile interface optimised for touch screen use.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: All functions available from the user interface are also available via the REST API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: This service is fully customisable to meet individual needs through the development of the user interface, relevant modules and the code. Anyone with the necessary user permissions can make customisations as required.

Scaling

• Independence of resources: Our change management process ensures that the customer's needs are always met, therefore should they need further refinements to cope with additional load, then this isn't a problem. We also use a task management system to monitor service usage in order to maintain the optimum level of performance, so users aren't affected.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide metrics such as service availability and uptime, as well as service reviews that analyse our service performance, exploring factors such as response times, number of incidents raised and number of incidents closed/resolved.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users are able to easily group, filter and select the required data then choose which fields to export. If data exports are to be a regular occurrence, the search fields and filters can be saved to enable this process to take a matter of seconds, which can be done for multiple data schemas.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • XML
  • J-SON
  • XLS
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Every service level agreement is unique to the customer and is dependent on the service they require, however any refunds are the result of commercial negotiation between ourselves and the customer.
• Approach to resilience: The platform and service is specifically designed with resilience in mind. To ensure business continuity, we have a DRBD disk clustering with a front-end load balancer. For disaster recovery, we use an off-site replication backup to make sure nothing is lost.
• Outage reporting: We use an automatic monitoring tool that notifies our team of any outages, and this can also be extended to automatically notifying the customer of outages too. Alternatively, we can notify customers either via email, phone call, or in person, this is dependent on the service they choose.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We keep a managed list of all authorised users that is monitored and tracked to ensure nobody without permissions has access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 1/1/16
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Nothing.
• PCI certification: Yes
• Who accredited the PCI DSS certification: Lloyds Bank
• PCI DSS accreditation date: 21/12/2016
• What the PCI DSS doesn’t cover: Nothing
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: Cyber Essentials, Influenced by IG toolkit and GDPR
• Information security policies and processes: We have a dedicated specialist security team in-house, where regular testing is carried out by both our in-house team and CHECK and CREST testers. Customers are immediately notified about any security issues and we then agree upon an appropriate resolution to ensure they get solved.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Dedicated project managers oversee this process and all activities are tracked in order for maximum oversight. Following initial set-up, necessary changes can be requested at any time, which will be submitted then evaluated. Once the commercial and security impact is reviewed, this submission is then accepted or rejected.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We have a dedicated team of specialists who manage potential vulnerabilities and also benefit from responsible disclosure should anyone notice potential issues, which are then resolved as soon as possible.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We utilise intrusion detection tools that alert us of a compromise which we then report and respond to within the hour.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Using an online tracker that enables inputs from both supplier and customer, incidents can be reported instantly, then the help desk, which is always managed and audited, will then provide an incident report.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  All of the technology we use to deliver our service is selected for their potential longevity, as we always ensure our hardware is re-usable, from our servers to our laptops. A typical server lasts around 3 years, but using Open Source servers that can be continuously improved and re-purposed throughout their lifespan, we are able to make our servers last from anywhere between 10-12 years, saving an estimated 3 tonnes of embedded CO2.
• Tackling economic inequality:

  Tackling economic inequality

  Our service is delivered through freely-available Open Source software, ensuring that there are no financial barriers that would prevent anybody from accessing this tool-set, such is the altruistic nature of the Open Source approach.
• Equal opportunity:

  Equal opportunity

  As the software we use to deliver our service is built on Open Source software that's able to be downloaded for free anywhere in the world, this means that anyone can use the some tools that we do, whether that's building on and improving pre-existing software or adopting it to serve their own needs, there's no barriers.

Pricing

• Price: £30,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@bramblehub.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.