Dendrite Clinical Systems Limited

Clinical databases and registries

Clinical databases and registries for clinical data collection, reporting, research, audit and benchmarking. Databases are easily customisable for each customer/project and can be integrated with other clinical information systems

Features

• web-based
• cutomisable
• integrated with local clinical systems
• real-time analysis/reporting
• auto-calculations and risk scores
• clinician-friendly and easy-to-use
• information sequrity
• data submission to external databases/registries

Benefits

• robust clinical data collection
• easy clinical reporting and benchmarking
• cost-effectiveness
• integration
• reporting to national databases

£4,800 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at peter.walton@e-dendrite.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

523506474952418

Contact

Dr Peter Walton
01491 411288
peter.walton@e-dendrite.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Implementation scope including support hours agreed for each project
• System requirements: Local secure Windows 2012 server, latest IIS and OS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: UK Office hours 9-5:00 Monday to Friday (Support can also cover weekends and public holidays at extra cost); A Priority 1 (P1) call warrants a response within 15 minutes, and we will endeavour to have the system up-and-running within four hours. ; A Priority 2 (P2) call will warrants response within 4 hours and we would endeavour to fix within 5 working days. ; A Priority 3 (P3) call - Dendrite will endeavour to respond within 8 working hours for faults, and a response within five days.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via company website www.e-dendrite.com
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Standard support includes:; A P1 call is where the system is “down” and non-operating. ; A P2 call is a fault which has an impact upon day to day operation of the system. ; A P3 call is either a fault which has no serious impact upon the day to day usability of the system or a request (ie simple training issue or support request etc). ; All calls are logged through the Dendrite Call Logging / Tracking System and prioritised according to severity or service level agreed.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite training, online/remote training, user documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Power Point
  • MS Word
• End-of-contract data extraction: Users can export their data from the database at any time (including in the end of the contract) in various formats including HTML, Excel, CSV
• End-of-contract process: Data hand-over (and any assistance to extract data from the database) i included

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: User on mobile and tablet devices can use/access Dendrite's system via browser
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: HTMLv5 internet-browser (e.g. Google Chrome, Firefox, Microsoft Edge, Safari)
• Accessibility standards: None or don’t know
• Description of accessibility: The system can be accessed by registered users through a web-browser from a computer or tablet device (such as iPad) with HTMLv5 internet-browser (e.g. Google Chrome, Firefox, Microsoft Edge, Safari) connected to the internet/N3/intranet (depending on the type of installation). Users can (depending on their security profile):; • Enter, edit, view data; • Export data; • Analyse data
• Accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: TBC
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: System Administrator can customise the design and content of the databases including:; Creating, editing, moving removing forms/pages; Creating, editing, moving removing questions; User access/account

Scaling

• Independence of resources: Dendrite's system allows an unlimited number of registered users.; Server capacity is defined by the number of Dendrite's concurrent user licenses implemented in the server. As long as the number of active users (users who are logged into the system) does not exceed the number of concurrent user licenses on the server, users aren’t affected by the demand other users are placing on the system. The number of required concurrent user licenses on the server is estimated for each project beforehand and can be increased/adjusted at any time.

Analytics

• Service usage metrics: Yes
• Metrics types: User session reports; Concurrent usage; System audit trail
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can export their data at any time in various formats including CSV, Excel, HTML. All data can be exported, data can also be filtered by required fields.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • HTML
  • Excel
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Data import specification is designed for each database
  • Data validation/check is performed as part of data import

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 97% 24/7 excluding scheduled server upgrades
• Approach to resilience: This information is available on request.
• Outage reporting: Email alert and APIs

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: User authentication is performed with the customer BEFORE user registration in the system to check that the user is relevant for this particular service (database).
• Access restrictions in management interfaces and support channels: Via a dedicated VPN connection with a token
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • IG Toolkit Assessment level 2
  • Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IG Toolkit accreditation Level 2; Cyber Essentials
• Information security policies and processes: Dendrite follows its In-House Network Security Policy; The Company is committed to implementing security controls that conform to best practice, as set out in the ISO/IEC 27002:2005 Information Security Techniques – Code of practice for information security management. The Company has drawn up an information security toolkit in order to provide advice and guidance on the technical aspects of information security. ; The Toolkit is based on the information security toolkit of the NHS IT Governance Toolkit and adheres to the standards of ISO/IEC 27002: 2005: it is available at: http://rs2.edendrite.com/csp/public/igtdocs/index.csp; The Board of Directors has ultimate responsibility for information security within the Company. ; The Company has established this policy to promote information security and compliance with relevant legislation, including the Data Protection Act. The Company regards any breach of information security requirements as a serious matter, which may result in disciplinary action. ; Compliance with this policy should form part of any contract with a third party that may involve access to network or computer systems or data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Dendrite follows its in-house:; - Quality Manual; - Information Security Policy; - Standard Operating Procedure 'Managing Deliverables (Incorporating Software Development, Testing and QA Process); - Network Security Policy; Copies can be provided on request
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Dendrite’s service delivery and information governance complies with IG Toolkit accreditation and hosting security structure is aligned alongside ISO27001. Internal audits are completed approximately every 3 months. ; As part of our IG process, Dendrite conducted a risk assessment; the application has been independently penetration tested to ensure the software design and implementation is suitably robust. Patches to Dendrite’s services are applied weekly.; Dendrite’s s product has an internal audit log of failed and successful login activity. This is audited as part of our internal governance procedures, as documented in the Security policy, and NHS IG Toolkit assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified as part of ongoing implementation activity, weekly implementation reviews and customer/user feedback. Any potential breach is immediately reported to the member of the Information Governance group verbally and in writing, and logged as an information breach onto the company “Call tracking System”, for the Information Governance Group to manage. Breaches are also notified to the relevant DPO (Data Protection Officer) at the data controller (specific for each database project) . The Information Governance Group or the Data Controller will report breaches to the ICO.
• Incident management type: Supplier-defined controls
• Incident management approach: Dendrite has an Information Security Policy, a training program and ongoing assessment to ensure that all staff are aware of the policies and processes in place to handle personal and confidential data. These processes are reviewed annually using the NHS IG Governance toolkit. Each database project has a defined process for reporting events (including incidents) which includes reporting from end-users. The defined process for common events covers user registration and verification, data processing/sharing and incidence reporting.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: NHS Network (N3)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Dendrite is dedicated to fostering a culture that encourages our employees to embrace health-conscious and environmentally sustainable practices. Recognising the interest among our staff in adopting cycling as a means of commuting, we proactively enrolled in the "Cycle to Work" scheme.; Three of our team members have since become regular cyclists, commuting to and from our offices in New Malden and Henley-on-Thames. This represents about 20% of the traffic between the office and home. Combined this reduced the total miles travelled by approximately 34 per day. ; In response to the challenges posed by the COVID-19 pandemic, Dendrite has also implemented strategic adjustments to our operational framework. We have facilitated remote work options for our staff and transitioned to online software application training for our customers conducted via platforms such as Zoom and Teams. This deliberate shift has yielded a significant reduction in our implementation carbon footprint both in the UK, and internationally.; Presently, our office hosts a team of four, while fifteen staff members work remotely. This arrangement translates to an estimated weekly savings of approximately 300 miles in travel to and from the offices. ; The impact of remote software training to customers is also significant – e.g. just one contract with a hospital in Karachi will have saved 10,000 air miles as all the training has been done remotely rather than face-to-face.

  Equal opportunity

  Dendrite is an equal opportunities employer committed to a policy of treating all its employees and job applicants equally – this is documented in the company documentation including Dendrite’s ‘Employee Handbook’. Dendrite does not have any gender pay gap in the company, we are happy to commit to the following 6 initiatives to further improve recruitment and progression of women and reduce the gender pay gap:; ; 1. Including multiple women in shortlists for recruitment and promotions; When putting together a shortlist of qualified candidates, we will make sure more than one woman is included; ; 2. Using skill-based assessment tasks in recruitment; We are already actively practicing this initiative - rather than relying only on interviews, we ask candidates to perform tasks they would be expected to perform in the role they are applying for. We use their performance on those tasks to assess their suitability for the role. We have standardized the tasks and how they are scored to ensure fairness across candidates.; ; 3. Using structured interviews for recruitment and promotions; We are already actively practicing this initiative - we use structured interviews that:; • Ask exactly the same questions of all candidates in a predetermined order and format; • Grade the responses using pre-specified, standardized criteria. ; This makes the responses comparable and reduces the impact of unconscious bias.; ; 4. Encouraging salary negotiation by showing salary ranges; We are already actively practicing this initiative - for each new role, we communicate the salary range on offer to encourage negotiation – this applies to all candidates ; ; 5. Practicing transparency to promotion, pay and reward processes; Promotion, pay and reward processes are published in the company documentation and available to all employees ; ; 6. Flexible (family friendly) work practices; We allow flexible (family friendly) work practices to help retain and attract female talent

Pricing

• Price: £4,800 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Dendrite provides free trial access to existing demo databases for various clinical specialities. This trial access is normally provided for a month but can be extended on request. Any customisation is not included.
• Link to free trial: Example databases are presented on http://www.e-dendrite.com/Databases-&-Registries

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at peter.walton@e-dendrite.com. Tell them what format you need. It will help if you say what assistive technology you use.