NHS Arden & GEM CSU

Athena

Athena is an analytics and reporting platform that helps organisations navigate and utilise vast amounts of data for the benefit of real people. Athena helps you identify patients who require targeted clinical care, moving from broad population-level analytics to individual-level insights.

Features

• Internet facing web application
• Accessed by any internet browser
• Azure hosted for easy performance scaling
• Standardised release pattern using Azure for easy roll back
• Latest versions of Angular and .Net for improved performance/security
• Single sign on using OKTA
• Ability to save reporting filters as book marks
• Power BI and Tableau patient reidentification
• Personalised reporting experience with report favourites
• Dynamic report filtering based on users organisation

Benefits

• Tool agnostic platform, host multiple file types
• Authentication managed through OKTA platform
• Secure access on any device/at any time/anywhere
• Collaboration across analytics workforce, funnelled through a single publication route
• Data visualisation covering analytics from descriptive to prescriptive
• Co-designed with practitioners to directly impact patient care
• Accessible to multiple working roles, including executives, analysts and clinicians
• Content that describes the population, benchmarking, variation, opportunities for efficiency
• Identifying patient cohorts at risk who would benefit from intervention

£160,000 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at agcsu.commercial@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

553092911691789

Contact

Andrew Imrie
07766367120
agcsu.commercial@nhs.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Planned service interruptions / ongoing maintenance will be categorised as application upgrades, application bug fixes and security patches, additional hardware installation, etc.; ; All planned maintenance arrangements will be agreed with the Service Owner / Operations Manager, communication will be sent out to all users and notification will be posted on the application.
• System requirements:
  • Any internet browser
  • OKTA login which is set up at registration

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: At NHS Arden & GEM CSU, we prioritize prompt and reliable support for our clients. During standard business hours we provide immediate response (8:00AM to 6:00 PM on weekdays) with a resolution timeframe for incidents is 3-4 hrs on weekdays, and support on weekends is based on separate arrangements (SLA).; ; For inquiries outside standard hours, such as weekends, we aim to respond by the end of the next working day. This ensures that our clients receive timely assistance whenever they need it.; ; It would also depend on the service level agreements (SLAs) agreed for any additional/non-business hours support.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: At Arden & GEM CSU, we offer comprehensive support levels tailored to meet the diverse needs of our clients. Dedicated help desk support covering communications, end user support and training. We provide user guides, we have a business continuity plan and an escalation policy in place. However, support level for each customer is tailored to their specific requirements and costed accordingly. Our support tiers range from standard to premium, with varying levels of service and response times to accommodate different requirements. ; ; Standard support during business hours, with a guaranteed response time of 24 hours. Enhanced support offers faster response times and extended coverage, including phone support during specified hours. For clients requiring dedicated assistance, we provide the option to engage a technical account manager or cloud support engineer. These skilled professionals offer personalised support and guidance, ensuring that clients receive timely resolutions to their queries and proactive assistance in optimising their cloud environment. ; ; The cost of our support levels varies depending on the chosen tier and the scope of services required. We offer transparent pricing structures tailored to fit within our clients' budgets while providing the level of support they need to succeed.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The onboarding plan will include the Training Scope (for example which group of users will be covered in a session), Training Infrastructure required, Training Timelines, Trainers, Venues, Time-period of the training, post-event review, etc. ; We offer a range of self-paced training materials including ‘How to Guides’, videos, FAQs (Frequently Asked Questions), Troubleshooting, and direct support through our Help desk service, who will work with and beside you to optimise training. ; During training, the concept will be explained; a user demonstration of the functions available on the platform will be delivered and the sessions will include time for hands-on training. Training sessions will include evaluations to monitor the progress and ensure that all training objectives are met. Regular reviews of the training will be carried out and necessary improvements made.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: When the contract ends access to the reports is no longer available. However, if an organisation requires their data , we can download and provide them in an agreed format.
• End-of-contract process: The pricing for Athena is costed on an annual basis and when the contract ends we usually have a notice period for ending the contract. There isn't any additional cost associated with end of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AAA
• API: No
• Customisation available: Yes
• Description of customisation: - What can be customised - Reports & Data visualisation; - How users can customise - By using Tableau and Power BI; - Who can customise- Users with assigned reporting roles

Scaling

• Independence of resources: Athena is hosted on Azure platform which provides the flexibility and scalability to ensure service performance is not impacted. We use Azure monitoring and alerting to alert us when performance is being impacted.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide report utilisation on Athena for all our customers.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Other
• Other data at rest protection approach: Transparent Data Encryption encrypts your databases, backups, and logs at rest. The SQL Managed Instances will have this feature enabled to better protect data stored in the database.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Athena allows users to export their data via options available on the reports into different formats like csv, pdf etc.
• Data export formats:
  • CSV
  • Other
• Other data export formats: Pdf
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Users upload the data into SQL database
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee availability of Athena 99.999%. We have specific SLAs with different customers on how we refund them if we don't meet the guaranteed levels of availability. We will commit to this in the SLAs with the customer.
• Approach to resilience: It is a cloud based application and relies on Microsoft for datacentre resilience.
• Outage reporting: If there is any outage, we communicate with all users via email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Other
• Other user authentication: OKTA authentication
• Access restrictions in management interfaces and support channels: Managed identity is the preferred option as it means there is no need to store / manage credentials. Credentials are not accessible to developers, making the connectivity more secure. When using managed identity there are 2 options: “System-assigned” and “User-assigned”. Typically, we will use “System-assigned” as this is internally managed by Microsoft Entra ID and is directly assigned to the Azure resource. Deleting the resource would clean up any unused managed identity.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Other
• Description of management access authentication: Managed Identity

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • DSP toolkit
  • ISO 90001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: DSP Toolkit, Cyber Essentials Plus.
• Information security policies and processes: Responsibility for information security resides ultimately with the Chief Executive. This responsibility is discharged through the designated roles of Senior Information Risk Owner (SIRO) and Head of Corporate ; ICT Technology & Security as required by the Information Governance Data Security and Protection Toolkit (DSPT).; ; The Senior Information Risk Owner (SIRO) is responsible for information risk within Arden & GEM CSU and advises the Board on the effectiveness of information risk management across the Organisation.; ; The DPO has responsibility to inform and advise the organisation and its employees of their obligations pursuant to the General Data Protection Regulation and national data protection legislation. To monitor compliance with the General Data Protection Regulation and national data protection legislation. ; ; The role of the Associate Director of Integrated Governance supported by the Head of Cyber Security, and IT Assurance Team; Head of Cyber Security, and IT Assurance Team is responsible for developing, implementing and enforcing suitable and relevant information security procedures and protocols to ensure Arden & GEM CSU systems and infrastructure remain compliant with the Data Protection Act 2018

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We support change management process by effectively triaging change requests. Transparency in communication and involvement in key meetings, with real time updates, timeframes and statuses is required in order to deliver both Change Management and Release Management.; All change requests are submitted to the project’s Steering Committee for review and prioritisation. Any requests approved will be submitted to the Change Request Board for consideration.; An implementation plan is established for each Change Requests approved and monitored.; System Integration Testing will be carried out for each change to validate the new features as well as test on integration of new datasets.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Security measures will be taken to the protect the application from malicious activity.; ; “Azure Front Door Premium” will be the entry point for internet network traffic into the application. Azure Front Door sits on the Microsoft global edge network and offers security threat features such as distributed denial of service(DDOS) protection and integrated Web Application Wall(WAF) policies.; ; The WAF policies that come integrated with Front Door Premium will be configured specifically for Athena and designed to prevent against Open Web Application Security Project(OWASP) categories. These threats can also be overridden to prevent “false positives” being triggeres against the firewall rules.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Azure monitoring and alerting is used to notify the team when there is a potential issue with the platform or the application solution. Monitoring and alerting will be configured against production services.
• Incident management type: Supplier-defined controls
• Incident management approach: The CSU’s incident reporting system uses an incident report form that is used to report on incidents. With in 2 working days the subject matter experts will support the service in the investigation of the incident and advice on mitigation actions as necessary. Investigation of incident is completed in 2 weeks and added on to the incident tracker.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As part of our commitment to sustainability, NHS Arden & GEM CSU is dedicated to fighting climate change throughout our G-Cloud service provision. We recognise the urgent need to reduce greenhouse gas emissions and mitigate the impacts of climate change. In our operations, we prioritise environmental sustainability by implementing energy-efficient practices, reducing waste, and minimising our carbon footprint. Additionally, we advocate for environmentally responsible policies and practices throughout our supply chain and engage with stakeholders to promote sustainable behaviours. Through our efforts, we aim to contribute to a more sustainable future, protect natural resources, and mitigate the impacts of climate change on our planet. Specifically, we have in place: Implemented energy-efficient practices within office facilities, with energy-saving lighting, smart heating systems, and recycling programmes. Reduction of paper usage through digitalisation initiatives and encouraging electronic documentation and communication. Participation in net zero target required for NHS organisations by 2040. Collaboration with suppliers and partners to reduce environmental impact across the supply chain, such as sourcing sustainable materials or reducing packaging waste. Employee engagement activities, such as Virgin Pulse Go and Cycle to Work to reduce environmental impact . As part of our journey to achieving the Social Value Quality Mark Level 1, we have set out pledges to demonstrate our ongoing commitment to social value and these are to: Achieve the net zero target required for NHS organisations by 2040, for scopes 1 and 2, and 2045 for scope 3. Increase the availability of access to low and zero emission cars through our employee car schemes, by 2024. Divert 100% of ICT waste from landfill. * Expand flexible working options for employees.

  Covid-19 recovery

  Arden & GEM CSU is fully committed and has signed up to the government Social Value Portal, a platform that procures/measures/manages and reports social value at supply chain level. As an NHS organisation we see social value as a key requirement that we need to continue to deliver. Through both our work and our employment practices we address elements of several of the themes and policy outcomes described in the Social Value Model. For the Covid-19 recovery theme, our aim is to help staff, suppliers, customers, and communities to manage and recover from the impact of Covid-19. We will continue to support the recovery from the impacts of Covid-19. From the early stages of the pandemic, we supported the local/regional/national response by providing leading edge data and analytical solutions that provided insight on population health e.g., CPNS / NIVS / National Data cell / National population segmentation modelling. IT / digital support for home working. AGCSU’s Future Ways of Working group have formulated a Covid-19 business continuity plan that will be enacted should the need arise. This plan will benefit not only AGCSU but our customers too. Throughout any project lifecycle, we will explore any additional opportunities for digitalisation, reduced emissions, and resources. Consulting with our clients throughout to ensure an ongoing continuous improvement approach and maintain high-quality outcomes. In response to the Covid-19 outbreak our IT Service supported over 15,000 extra NHS Staff to be enabled to work from home. To support this, we built and delivered new equipment and tools, including: 2,000+ new devices; new mobile printing solutions; new support system for new laptops as well as this we have deployed Microsoft Teams to all users.

  Tackling economic inequality

  Arden & GEM CSU has skills policy focussed on increasing the average level of skills of the workforce and reduce inequalities in the way skills are distributed, keeping the supply of skills aligned/responsive to needs. We pay all our staff, the National Minimum Wage and have employment practices that promote fair pay/participation/progression. A)Local Employment Opportunities: We have provided local Work Experience Placements/Apprenticeships/Graduate jobs and have worked with local communities, as well as training/education institutions to provide opportunities for local employment/training. e.g., apprentice/graduate schemes, as well as offering undergraduates work-experience. At the University of Warwick, we are currently looking at developing opportunities for short-term masters placements and longer-term sandwich-year placements. We are committed to using local suppliers to provide equal opportunity and access for SMEs. We also support local charities and encourage staff to give back to local communities, providing allowances such as volunteering days. B) Social Benefits: We have a track-record of engaging with hard-to-reach groups and local communities to improve the local social fabric. We work in partnership with local organisations to develop creative solutions to tackle health-challenges and have a strong tradition of working with local suppliers and organisations including academia/Academic/Health Science Networks/third sector. C) Health/wellbeing of local communities: All employees and their families have access to our Employee Assistance Program that includes financial wellbeing/support. AGCSU was part of the team that delivered education and awareness sessions to the 1.3m NHS staff. The team are subject matter experts in wellbeing delivery and conducted Wellbeing webinars with a focus on financial health. D) Serving the local community: AGCSU is developing an employee volunteering policy to help local communities. We are offering all permanent Band 8a and above colleagues an opportunity to be trained in Value and Stewardship which is a key enabler to delivering the new Triple Aim duty.

  Equal opportunity

  Arden & GEM CSU has a skills-policy focussed on increasing the average level of skills of the workforce and reducing inequalities in the way skills are distributed, keeping the supply of skills aligned/responsive to needs. We will adopt this approach to each, and every call-off contract delivered under the framework. Equal opportunities AGCSU has been awarded the Social Value Quality Mark Level-1 for our commitment to measuring, growing/embedding social value. We are an equal opportunities employer and positively recruit disabled people and has both an Internal and External EDI Lead. We have a well-established and active BAME, LGBTQ+. Women, Armed Forces and Disability networks operating across our organisation. We are also active participants in NHSE Workforce Race Equality Standard experts’ network. AGCSU has been awarded Disability Confident Leadership Status. In addition, AGCSU has been awarded the prestigious ‘IIP’ and ‘IIP-gold for Wellbeing’ in overall recognition for how we invest in our workforce. We ensure people have the flexibility, skills, competencies and values to deliver our corporate objectives and deeply held organisational values. We pay all our staff, the National Minimum Wage and have employment practices that promote fair pay, participation and progression. Local Employment Opportunities We have provided local Work Experience Placements, Apprenticeships and Graduate jobs and have worked with local communities, as well as training and education institutions to provide opportunities for local employment and training. e.g., apprentice and graduate schemes, as well as offering undergraduates work-experience. Social Benefits We have a track-record of engaging with hard-to-reach groups and local communities to improve the local social fabric. We work in partnership with local organisations to develop creative solutions to tackle health-challenges and have a strong tradition of working with local suppliers and organisations including academia, Health Innovation networks (Academic and Health Science Networks) as well as the third sector.

  Wellbeing

  At NHS Arden & GEM CSU, we prioritise the health and wellbeing of our workforce and stakeholders. Throughout our G-Cloud service provision, we will actively promote physical and mental health initiatives within our organisation. Our approach includes comprehensive health and wellness programmes, access to mental health resources, and flexible work arrangements to support employee wellbeing. Additionally, we advocate for health and wellness in the communities we serve, engaging with local partners to promote healthy lifestyles and mental wellbeing. By fostering a supportive and inclusive environment, we aim to enhance the overall wellbeing of our workforce and contribute positively to the health of our communities. Specifically, we have in place: An Employee Assistance Programme (EAP) offering counselling services, mental health support, and resources for stress management; flexible working arrangements, including remote work options and flexible hours to support work-life balance; health and wellness workshops, seminars, and activities covering topics such as nutrition, mindfulness, and physical fitness; Access to online resources and platforms for mental health support and education, such as webinars or online counselling services; employee-led support groups or peer-to-peer networks focused on mental health awareness and support. As part of our journey to achieving the Social Value Quality Mark Level 1, we have set out pledges to demonstrate our ongoing commitment to social value and these are to: become a menopause friendly organisation; increase our support for our Armed Forces Network; Introduce a cycle to work scheme to promote active travel and offer employees the opportunity to spend time outdoors and to achieve ISO 45001, which will replace our existing OHSAS 18001.

Pricing

• Price: £160,000 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at agcsu.commercial@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.