QLOG TECHNOLOGIES LTD

Equipment/Operational Compliance Management

QLog offers a unique collection of equipment, task management, collaboration and reporting tools for staff to use in their everyday roles and digitises paper checking. Consequently, this leads to significant time efficiencies in hospital teams, enabling clients to easily prioritise, control, and communicate their work processes and resources.

Features

• Real Time Location Services
• Task/Procedure Management
• Equipment/Asset Management
• Real time alerts
• Compliance Checks
• Inventory Management
• Process Visibility
• Management Dashboards
• QR Code Technology
• GS1 Barcode Ready

Benefits

• Improved equipment safety
• Reduction in inventory and equipment wastage
• Improved efficiency of task completion
• Improved compliance rates
• Improved visibility of operational readiness
• Increased equipment utilisation
• Significant staff time savings
• Improved visibility of equipment
• Improved Patient Safety
• Improved Quality Assurance

£5,000 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at amit@qlog.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

520007485918259

Contact

Amit Lehavi
(+972)0502061419
amit@qlog.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Devices must have access to internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to none priority services required within 24 hours during working hours. Priority calls will be answered within 2 hours during working hours. During weekends and bank holidays service calls will be answered within 48 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: QLog provide a customer success/technical support team that operates six days a week: Monday-Friday (9-5pm) and Sunday (7-3pm). We aim to respond to none priority services required within 24 hours during working hours. Priority calls will be answered within 2 hours during working hours. During weekends and bank holidays service calls will be answered within 48 hours.; ; The support levels provided are included in the initial contract price. Therefore it is not an additional fee and there is no ongoing service fee to use support.; ; We provide a team which consists of a customer success project manager and a technical account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: QLog works closely with the buyers team to collect all data and requirements as part of our onboarding service. The system is then configured accordingly following a series of workshops to build the platform to the customers specification. Following this onsite setup along with in person and online training is provided to support the users and management team to become familiar with how the system should be interacted with. Detailed user documentation is provided to support with the procedures and tasks required to be completed within both the mobile and desktop application.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The QLog technical support team can provide bulk downloads of data collected during the contract period. However users are able to extract data while using is CSV format.
• End-of-contract process: All end-of-contract processes are included within in the price of the contract. There are no additional costs if the decision is made to end the contract.; ; If the contract was to end, we have a process of transferring all of the data back to the organisation. All data belongs to the organisation and we keep audits of the entire length of work together.; ; Every Trust is different, and all have different processes. We would discuss this process with the customer to ensure the process is smooth and you get all of the data from the work we've done together in an efficient manner.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile application is used by the front end user completing tasks and the desktop application is used by administer and manage the services provided.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: QLog can be customised in a number of different ways to ensure that it is bespoke to the organisation utilising the solution.; ; Users can create predefined processes for specialist checks/equipment. Users can also create bespoke questionnaires that relate to a specific tasks. ; ; All of this is put into customisable reports and dashboards to ensure that staff see the insights that mean the most to them.; ; Permissions to customise the admin system on QLog are granted to NHS staff members so they have autonomy over managing their own service. Additionally, the service can work with QLog and the team at QLog can customise the system based on the service's requests.

Scaling

• Independence of resources: QLog distributed architecture for data collection, processing and reporting allows it to scale horizontally as the number of clients and volume of traffic increase. QLog uses multiple monitoring processes and tools to continuously track network resources, operating systems, applications and capacity. Systems are load balanced and scaled up when predetermined capacity thresholds are reached.

Analytics

• Service usage metrics: Yes
• Metrics types: The system monitors when task execution takes place along with the time taken to complete specified procedures. The system can be configured to run schedules against specific tasks/procedures to provide compliance metrics.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is functionality with the desktop application to export data captured directly.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We offer a best effort guarantee inside our SLA. This means, we will do everything we can to ensure our services are online 100% of the time, however we do not make any specific guarantees. We always aim for 100% availability, and in reality these services have an uptime record of 99.98% over the past 3 years - less than 2 hours downtime per year.
• Approach to resilience: Available on request
• Outage reporting: QLog experiences few outages. In the event of an outage, we promptly report through email alerts. Each email alert includes a formal explanation of the outage's cause, our plans for resolution and improvement, as well as assurances regarding our next steps to mitigate any resulting impacts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Each user is provided individual logins and then roles and permissions are used at each level to restrict or grant access as necessary.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The Standards Institution of Israel
• ISO/IEC 27001 accreditation date: 24/01/2024
• What the ISO/IEC 27001 doesn’t cover: Not applicable
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • DTAC
  • DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: QLog information security management system is based on ISO 27001. QLog maintains a general Information Security Policy, updated annually, that explicitly addresses the confidentiality, integrity and availability of client data and information technology resources, and details employee's responsibilities and managements' role.; ; Comprehensive technical policies govern various aspects of QLog SaaS Operations and corporate, which policies define security measures appropriate to the sensitivity of the data processed.; ; Policies are approved by senior management, communicated to all affected Personnel to whom the policies apply, and clearly state the consequences of non-compliance. All employees must review and sign QLOG' Information Security Policy during onboarding.; ; QLOG has adopted a decentralised approach to information security. QLOG's IT Director coordinates all security and privacy activities within QLOG. Responsibilities of this position include:; ; Driving security initiatives; Policy review; Security planning and program management; Review effectiveness of the security program; Coordinate QLOG security incident response plan; Perform annual security and privacy assessment and reviews; Implementation of security controls rests with the management of each relevant function. QLOG separates its SaaS Solutions production network and all associated functions from the general corporate IT. QLOG IT Director is responsible for policies and security implementation within the SaaS environment.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: QLog follows formal change management processes. All changes to the production environment (network, systems, platform, application, configuration, including physical changes such as equipment moves) are tracked/implemented by a dedicated team. All key business owners such as Technical Support, Engineering, DevOps, Security, and SaaS Operations are represented at the daily change management meeting. All deployments into production or change to the production environment (network, systems, platform, application, configuration, etc.) must be submitted to, reviewed and approved by the change management meeting team prior to implementation. QLOG operates an automated code deployment and configuration management system for its SaaS Solutions infrastructure.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: QLOG subscribes to manufacturers and independent security notification services to monitor potential external threats.; ; Vulnerabilities are logged as defects, resolved or mitigated, and verified and fixed.; ; Manual and automated vulnerability testing is performed during the development process. QLOG engages an independent third party security firm annually to conduct a vulnerability scan of all external-facing (public) infrastructure devices and application penetration test of its solutions.; ; QLOG uses in depth defence best practices and validates them using both internal and third party security vulnerability scans.; ; Our internal quality assurance function tests all application end-points for vulnerabilities, including those in OWASP Top Ten.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Network-based intrusion detection systems (IDS) monitor network traffic for intrusion, and QLOG SaaS Operations personnel utilise multiple monitoring tools to continuously scan for errors or suspicious activities. QLOG's hosted environment is separate from its corporate counterpart, accessible only to authorised SaaS Operations staff with separate authentication credentials. Centralised logging and monitoring systems enable alerting, trend analysis, and risk assessment. A network configuration management tool tracks changes, which are reviewed. Escalation procedures ensure timely communication of security incidents through the management chain and to affected clients.
• Incident management type: Supplier-defined controls
• Incident management approach: QLOG implements a robust Security Incident Response Process (SIRP) to swiftly and effectively address security and privacy incidents. The SIRP framework outlines deployment procedures, severity criteria, investigation workflows, documentation requirements, and contact information. Led by senior executives reporting directly to the CEO, the SIRP core team is activated and disbanded as needed, convening regularly for training and maintenance. Incidents are categorised based on severity, with tailored responses for critical, significant, and benign events. Following industry standards, the SIRP process encompasses six phases: Identification, Triage, Containment, Eradication, Recovery, and Notification, ensuring prompt action, containment, resolution, and client communication within defined timeframes.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Wellbeing

  Fighting climate change

  By utilising QLog, our customers are contributing to fighting climate change. ; ; We enable hospitals/departments to go paperless ensuring that checks on equipment and other procedures essential for safety and departmental readiness are digital.

  Wellbeing

  By using QLog, organisations not only streamline essential check procedures within hospitals but also prioritise the wellbeing of their staff. Currently, nursing staff are overwhelmed with extensive manual checks on equipment, rooms, temperatures, and various essential processes, which significantly impacts their workload and ultimately, their wellbeing. With QLog, these burdens are significantly alleviated. For instance, in a resuscitation service, we've reduced the time needed for daily checks on adult resuscitation trolleys from 2 minutes to just 15 seconds, and a full inventory check that previously took 30 minutes now averages only 8.8 minutes. This reduction in time spent on these tasks translates to a significant reduction in stress and workload for your staff, enabling them to allocate more time and energy to patient care, thus fostering a healthier work environment and enhancing overall staff wellbeing. Through these targeted interventions and support mechanisms, we've effectively cut staff burnout rates by 50% at a 1400 bed hospital.

Pricing

• Price: £5,000 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at amit@qlog.co. Tell them what format you need. It will help if you say what assistive technology you use.