WEGUIDE PTY LTD

WeGuide Software

WeGuide is a SaaS, intuitive platform that allows users in digital health to quickly build and deploy an app, including questionnaires, patient engagement modules, data collection modules, reminders and custom alerts in order to run a clinical trial, research protocols and health intervention.

Features

• Data collection via mobile native application IOS and Android
• Patient engagement module for messaging, reminders and alerts
• Questionnaire and protocol builder modules including building validated instruments
• Wearable data collection in addition to user reported data collection
• Clinician and admin portals for research and clinical trial management
• Multi-language support including right to left languages
• Configurable dashboards and reporting for admin and clinician
• Consent and screening module to assist with clinical trials
• Adaptable platform for protocols and carepathways for diverse conditions

Benefits

• High adherence achieved from users (participants and patients)
• Changes to protocols and engagements made in minutes
• Content published to patients app in minutes
• Self service admin and clinicians able to make changes
• Quick deployment of customised applications within weeks

£9,500 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sanji@weguide.health. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

520321624641438

Contact

Sanjeevan Kanagalingam
0468785690
sanji@weguide.health

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: WeGuide conducts semi regular maintenance, but this is usually done on a quarterly basis and is scheduled to have minimal impact on users. WeGuide is hosted on a private cloud managed by third party.
• System requirements:
  • Mobile App requires IOS version less than 3 years old
  • Mobile App requires Android version less than 3 years old

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support tickets are graded based on severity. Severity classification will trigger different response times range from 1 day to 10 days. Standard support offered with the software license via the standard SLA is during business hours (Monday to Friday 9am to 5pm at the local time zone of the client) however SLA can be modified at additional costs to cover extended times including weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: Our standard SLA provides the following:; Definitions:; Business Hour: each hour during a Business Day.; Business Day: 9:00 a.m. and 5:00 p.m. Monday through a Friday, excluding weekends & local public holidays ; Error: means any Severity Level S1,S2,S3,S4 errors, as defined in the Error Severity Definition Table below.; Product: means WeGuide or Whitelabel Software, as applicable to Customer’s Subscription.; Error Severity Definition Table:; S1: System Outage, Production system outage; Product is unusable and is severely impacting other critical business functions, and no workaround is available.; S2: Functionality Impaired; No Workaround:; Error affects key functionality and/or causes some performance degradation. Other product features are still functional.; S3: Moderate Impact with Workaround; The issue has a moderate or minor impact on usage, and the product remains functional.; S4: Minor Impact or change; Includes minor, cosmetic, or documentation-related issues.; ; Response Time after first Ticket Login (once User submits Ticket on support portal):; S1: Within 1 Business Day; S2: Within 2 Business Days; Maximum Resolution Time Critical Functionality:; S1: Within 3 Business Days; S2: Within 10 Business Days; Clients will be assigned a support manager.; Extended hours and/or weekend coverage will attract an additional cost (10%-25%) of annual license fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: WeGuide has a Customer Success Team which is responsible for onboarding new clients. The onboarding process involves customer training sessions delivered via online via our trainers. In addition there are online self guided training modules covering the modules of the system. The training is customised for each user depending on their application and solution.; Each client onboarding is managed by a dedicated project manager who will be responsible for the implementation of the client solution. The client will provide the content and/or protocol that they want to use WeGuide to deliver, and the onboarding team will implement the client requirements on the system together with the client providing practical training during the implementation service.; Implementation includes working with the client to define the outcomes required, any design of reporting requirements and implementation of customised settings on the platform (eg. language support, data collection using external devices - for the ones supported by WeGuide) and any data exporting requirements.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Clients can export their data using a built in data export functionality.; Clients will be provided with an export of their data by WeGuide following contract end.; Data will be permanently deleted from the system after 30 days of client confirmation of receipt of data export, unless another agreement is in place
• End-of-contract process: End of contract process covers the decommissioning of the client from the WeGuide platform.; Process is managed by the Customer Success Team's; 1. Confirm with client the contract end date.; 2. Provide the client with the decommissioning fact sheet including confirmation access for all users will be removed as of the agreed date in Item 1.; 3. Confirm with the client that all user details, participant details and the data collected in the program, any forms, protocols or questionnaires incorporated into the program, any other content provided for the program will be deleted after agreed number of days with the client. Confirm with the client that the Apps will be removed from the App Stores.; 4. De-list the App on the Apple App Store and Unpublish the App from the Google Play Store; 5. Remove access to all of the clients team members via the Admin portal.; 6. Assign Technical member responsible for Steps 7-9; 7. Mark all data deletion in the WeGuide system after 30 days notice of customer acknowledgement.; 8. Remove Whitelabel PWA (config from front end code repository, remove from deployment pipeline, S3 bucket, configuration from cloudflare DNS).; 9. Remove Mixpanel and Metabase accounts.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop service is accessed via a browser and is a web based application. The mobile service is accessed via a native mobile application downloaded from the Apple / Google stores.; There is no biometric authentication for the web based application, only for the native mobile applications.; Push notifications are only available for the mobile native applications.
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: Yes
• What users can and can't do using the API: Via the WeGuide API customers can: ; ; Enrol users into the system (patients / participants) and associate them to care pathway program, research program or patient engagement data collection research protocol.; -; Customers can export data from the system via the API.; ; Customers can configure API credentials in the administration interface that can then be used with their API client.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The WeGuide platform allows the following customisation:; Clients can customise the cloud based application with branding and client information (program contact information, privacy policy, how to use etc.); Clients can customise the system to adapt it to their required care pathway program, research protocol, data collection requirements, engagement frequency, messaging, user types and roles relating to their specific program.; Clients can also configure default language and languages to be available to the users (from the languages that are supported by WeGuide.); Users can customise the reminders frequency.; ; WeGuide can customise the mobile applications created to allow the clients to engage with their users (participants, patients, clinicians etc). This customisation includes customer branding, colour scheme, method of user enrolment, and languages availability for the client.

Scaling

• Independence of resources: Through the cloud provider, we have numerous scaling options available to us. We are able to scale vertically, tuning server specifications to the desired level to meet the demand. We are also able to scale horizontally via auto-scaling technology. Both these levers ensure we can optimise the system to meet the demand of customers quite easily.

Analytics

• Service usage metrics: Yes
• Metrics types: The metrics provided by WeGuide at the system level include (but not limited to) are usage metrics for the system covering users and user types. Metrics on engagement for particular tasks can also be provided depending on the use case.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Within WeGuide the admin user has an option to export data that has been inputted by the users as well as any other data collected by the system as defined by the use case of the client.; This is a function available to the admin user at any time.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The guaranteed availability is 98.5%.; WeGuide does not provide service outage SLA and resolution times to meet the 98.5% availability. These are detailed in the SLA description section.; WeGuide currently does not provide refunds for failure to meet SLA but these can be negotiated with a client on a case by case basis.
• Approach to resilience: The WeGuide platform -database backup procedures:; ; Continuous protection - WeGuide takes advantage of the cloud provider’s continuous protection mechanism, whereby snapshots are taken constantly throughout the day. It enables point in time recovery to a minute interval for the preceding 7 day period from the current point in time.; Nightly backups are performed and a rolling retention is maintained for the most recent 7 days.; Weekly backups are retained for 1 year.; All backups are securely encrypted and located within the customers jurisdiction.; ; WeGuide platform -file storage backup procedures:; ; Continuous point in time recovery - WeGuide takes advantage of the cloud provider's continuous point-in-time recovery (PITR), whereby snapshots are taken throughout the day. It enables point in time recovery to a second interval for the preceding 35 day period.; Nightly backups are performed and a rolling retention period of 35 days is maintained.; Monthly backups are retained for a period of 1 year.; All backups are securely encrypted and located within the customers jurisdiction.; ; During runtime application servers and database servers are operated in a cloud infrastructure making use of availability zones. In addition there is a live read replica of the production database that adds another layer of resiliency.
• Outage reporting: Service outages are reported via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: The system has its own internal roles that can be configured to restrict access.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 4/4/2022
• What the ISO/IEC 27001 doesn’t cover: We are accredited to ISO 27001:2013. The following are not applicable under our certifications:; ; Section A 14.1.2 Securing application services on public networks; Section A 14.1.3 Protecting application services transactions; Section A 14.2.7 Outsourced development; Clause A.14 System acquisition, development and maintenance,
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are an ISO 27001 certified organisation. We have defined an ISMS organisational chart. The ISMS group consists of the following roles within the organisation:; ; - Head of operations; - Sr IT Manager; - Sr Human Resource Manager; - Compliance and Security Officer; - QARA Manager; - Regulatory Consultant; ; The team constantly works across the organisation to maintain the ISO27001 accreditation and maintain a high level of security posture for the organisation.; This team reports to the CEO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The following ISO27001 documents within our QMS define the configuration and change management approach:; ; - QSCS0002 - Cloud Change Management Procedure Rev 101; - QSCS0003 - Cloud Instance Provisioning Procedure - Rev 101; - QSCS0004 - Cloud Change Tracker - Rev 101; ; The cloud change management procedure contains a impact analysis step where to identify positive and negative impacts; in the cloud environment if such changes are implemented. Provisioning and changes to the service components are tracked via the procedures and tracking tools mentioned above.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The following ISO27001 documents within our QMS define the vulnerability management approach:; ; - QSIS0007 - Vulnerability Management Procedure - Rev 102; ; SLA's for remediation are dependant on the risk categorisation, ranging from 60-90 days for a vulnerabilty rated as minimal to <= 1 day for a vulnerabilty rated as critical.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are monitored through logging and alerting across the various systems composing of the overall software system. The following ISO27001 document within the QMS define the procedure for dealing with incidents:; ; - QSIS0008 - Incident Management Procedure - Rev 102; ; A step in the process evaluates the severity of the incident. Timing for remediation is dependant on the severity. High impact within 48 hours. Negligible impact - 15 - 30 days.
• Incident management type: Supplier-defined controls
• Incident management approach: The following ISO27001 document within the QMS define the procedure for dealing with incidents:; ; - QSIS0008 - Incident Management Procedure - Rev 102; ; The process defines how users report by sending an email to a specified email address. Based on the classification and severity of the incident the customer and potentially relevant government authority will be notified.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Wellbeing

  Covid-19 recovery

  The WeGuide software is being used to conduct research trials including a COVID-19 recovery care pathways and other research activities to support the health and well being of people affected by COVID-19.; The functionality of conducting remote trails by the WeGuide software (any health research trials that is suitable to be conducted with the platform) improves research workplace conditions by providing effective social distancing, remote working and sustainable travel solutions for both participants and researchers.

  Wellbeing

  The WeGuide platform and applications are used to both conduct medical research into a range of conditions including Mental Health. It has been used to deliver mental health workplace improvements programs, as well as mental health intervention and care pathways.; WeGuide program implementation involves a collaborative co-design process with the client and its users to ensure the digital product created for the specific use case of the client, delivers the best outcome for the users.

Pricing

• Price: £9,500 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sanji@weguide.health. Tell them what format you need. It will help if you say what assistive technology you use.