K2 Medical Systems Ltd

Hampton

K2 Hampton provides a platform that saves time for both women and their clinicians, freeing up time for other tasks. It has been proven to save up to £300 per week per patient by reducing spend on transport, childcare and missing time off work.

Features

• Remote access
• Real time observation monitoring
• accessible anywhere from any device

Benefits

• Clinical oversight
• Multi-disciplinary team working
• Clinical decision support
• Cost savings

£3,950 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@k2ms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

540944668216829

Contact

Robert Whitney
01752397800
sales@k2ms.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There a no specific service constraints.
• System requirements: Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: All support queries are automatically raised as tickets immediately, our SLA dictates that these tickets are categorised and responded to in line with priority. We aim to respond based on the category; high (10 minutes), medium (4 hours), low (2 business days).; ; The infrastructure platform provided is monitored 24/7 by the platform team.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There is a single lever of support provided, we do not tier our support services. Each client will have an account manager and direct access to all departments within our organisation as and when needed. The application is supported Monday-Friday 8am-6pm and the cloud infrastructure is supported 24/7 365.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide the project services to deliver a clinically suitable/safe system. ; Training is provided as train the trainer to enable the teams within the client organisation to meet their training requirement.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We do not use proprietary storage within our solution, if a client ends contract, they will receive an extract of data stored
• End-of-contract process: There are no services included within the contract for end of contract other than providing information. The client will need to work with their account manager and the K2 support team (whilst still in contract) to plan for their future state, We will support clients in making these decisions, even when they have signaled intent to terminate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Application is web based and has been specifically designed to scale on all common mobile screen dimensions.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our cloud platform utilises Azure services rather than virtual machines and is built upon a Kubernetes cluster, as such it has been designed with scalability in mind. The platform can be scaled up or down within seconds and is monitored 24/7 for performance and errors.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide reports upon request detailing all relevant SLA objectives and how they relate to the SLA. This may be details of service tickets, categorisations, closure rate, SLA compliance etc.; ; We can also provide metrics on system utilisation (processing power, storage limits etc.) upon request.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export using front end application reporting tools
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Managed Services are provided to guaranteed Availability Service Levels of 95.5% as standard. Enhanced availability up to 99.9% is available by arrangement for business-critical services.
• Approach to resilience: Architecture and details pertaining to resilience can be made available on request
• Outage reporting: Managed Services are monitored 24x7 by our Services Team using our bespoke monitoring system. This means we have often resolved an issue long before our customers are even aware of a problem.; All service reporting is carried out through our service web-portal where customers can log on and raise or view live issues and set alerting preferences.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted by ascribing role-based access to the user profile/account.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: All systems and supporting services are compliant to the NHS DSPT and Cyber Essentials Plus Frameworks as well as ISO13485 and we observe the underlying principles of ISO 270001:2022 certification . We are working with our central compliance team and supporting companies to gain certification in 2024.
• Information security policies and processes: K2's business practice is underpinned by a suite of processes that govern our information management system that observes the underlying principles of ISO27001:2022 as well as DSPT and Cyber Essentials Plus.; ; These are subject to regular internal audit by our full-time Corporate Assurance Manager and are overseen by our Board of Directors.; ; In addition all audits are subject to rigorous external review by a third party Auditor in the course of maintaining our ISO standard(s).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: K2's ISO13485 accredited Quality Management System contains a set of processes which underpin our business practice, including our Release Management Procedure and Configuration Management Procedure.; ; These processes are regularly audited to ensure compliance by our Corporate Assurance Manager.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Regular Penetration Testing by a certified third party forms the foundation of our vulnerability management approach. In addition we regularly apply software vendor issued security patches to a quarterly schedule for routine security maintenance and immediately in the case of emergency patches. K2 are members of the NHS Digital Care CERT scheme and receive and review weekly cyber security reports regarding current threats. In addition K2 review the National Cyber Security Centre Threat and Vulnerability Reports on a weekly basis.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: K2 maintain a suite of best-of-breed anti-malware software in order to detect potential compromises. The capability to review access control logs ensures a full audit trail is maintained for all staff interactions with internal and external systems. Security Incidents are managed in accordance with K2's Security Incident Management Procedure which forms a part of our accredited Quality Management System. According to this process our dedicated IT Services Team respond immediately to any security incident.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are handled in accordance with K2's Incident Management Process, which forms a part of our accredited Quality Management System. According to this process, incidents are reported to a nominated individual who investigates the issue and produces a full report to the board of directors within prescribed timescales. The incident is tracked and managed to resolution using the appropriate toolset which ensures a thorough audit trail is maintained throughout the process. This information is then used to capture any continuous improvement opportunity.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  K2 Medical systems are committed to the implementation of an effective environmental policy and our Environmental Policy is part of our ISO13485 accreditation. We have significantly decreased our environmental impact, employing measures such as: • Moving office premises to a shared location, selecting a provider with a focus on sustainability. • Adopting a hybrid, working from home/office policy. • Reducing unnecessary travel related activities. Where travel is required, employees are encouraged to seek a green method (train rather than car etc.). • Consolidation of older, higher power, lower efficiency, on premises servers, moving to a cloud hosted environment scaling to the business requirements. Selecting providers with a greener approach. Our additional commitments include: • Paper light: We are significantly reducing the amount of paper we use as a business, whilst still maintaining the appropriate records required for ISO13485 compliance. • Continuous improvement: Measuring and continuing to reduce our impact on the environment. • Digitisation: We have a track record in reducing environmental impacts through service digitisation. • Supplier Selection: We audit all suppliers, this includes auditing their carbon footprint and sustainability measures, selecting those who share and align to our environmental values.

  Equal opportunity

  K2 Medical Systems are committed to ensuring equal opportunity is supported for our employees, applicants and for the end users of all our products. ; This broadly interpreted policy not only prohibits discrimination on the basis of race, colour, religion, sex, sexual orientation, gender identity, age, national or ethnic origin, disability or any protected category under applicable law, but also ensures that competent individuals will be given the opportunity to join K2 and will be supported to discover their potential, by providing career progression advice and advancement opportunities..; ; We have put in place a people and culture team that is dedicated to ensuring diverse, equitable, equal and inclusive environment is maintained for all to thrive and progress their careers without barriers.; ; Our products are designed to remove barriers where possible to ensure the end user is afforded equal access to the products removing limitations on device type, environment access, language and other accessibility challenges.

  Wellbeing

  K2 Medical Systems are committed to encouraging an inclusive and compassionate working environment, with wellbeing at the core of our focus. Our aim is to empower our people to focus attention on taking care of themselves, each other, and importantly to feel safe in raising any concerns or requests with their leader. This is fundamentally underpinned by the core values our parent company upholds for all businesses that it owns. Our collective approach includes: • Regular communication: The whole organisation meets regularly as a full team, then within departments and 1:1s with managers. At each forum we remind people of the importance of looking after their wellbeing, this is further supported by our people and Culture teams to ensure equity and inclusion. • Training: All staff, including leaders, are encouraged to attend mental health training. Helping them identify where people may be struggling and to prepare them for compassionate conversations. • Surveys/Feedback: we regularly ask our people anonymously to rate their wellbeing, and track shift/changes and we provide multiple channels for feedback, both named and anonymous. • Flexibility: we understand that life commitments can impact our wellbeing. All our people have the potential to flex their work around life commitments with support from their leader. Our parent company understands the value and importance of the people who work within the business units. As such they provide further Benefits to help support our staff: o Access to a confidential and trusted wellbeing provider which provides services such as: GP appointments, physiotherapy, mental health support. o Private medical insurance with a reputable provider. o Lifestyle rewards. £325 per employee per year to spend annual on lifestyle/wellbeing activities of their choosing

Pricing

• Price: £3,950 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@k2ms.com. Tell them what format you need. It will help if you say what assistive technology you use.