FITFILE GROUP LIMITED

Data Access

Data access from any source, any data type, any schema, to either store or further process the data (de-identify, link/integrate/unite, quality assure, etc.)

Features

• Real-time data access
• Distributed data access
• Remote data access
• Multi-purpose data access
• Asynchronous data access
• Infrastructure-agnostic data access
• Schema-agnostic data access
• Structured or unstructured data access
• Near-time data access
• Data access agnostic as to data source

Benefits

• Achieve fast data access from any source (e.g. db, filestore)
• Use classified and categorised data
• Work with experienced health data access specialists
• Re-use data connection for any authorised purpose
• Securely control internal and external data access
• Access unstructured and difficult-to-link data

£0 a unit a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at philip.russmeyer@fitfile.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

555227537399168

Contact

Philip Russmeyer
07771010007
philip.russmeyer@fitfile.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: 1) Automated Data De-Identification for Pseudonymisation or Anonymisation; 2) Data Processing - Linkage of Identifiable and De-Identified Data (Pseudonymised or Anonymised); 3) Structured and Unstructured Healthcare Data Annotation and Standardisation; 4) Data Analytics and Visualisation
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Software requires a Linux operating system on any cloud or on-prem hosting (e.g.VMWare)
• System requirements: Virtual or physical space to deploy a software appliance

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support is available from a single-click in web application. Different support options and SLAs are available depending on customer requirements.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support levels are variable and costed based on customer requirements. Technical account managers and engineers for all relevant service levels are available.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training and documentation is provided as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Secure transfer to the user or certified destruction where applicable.
• End-of-contract process: -Software ceases to function.; -Software is deleted.; -Data is destroyed or transferred to the customer.; *Additional cost applicable based on data volumes (only for transfer).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems: Linux or Unix
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The FITFILE software has an authenticated GraphQL API, covering the project management, audit reporting, data source connection, dataset upload and running pre-configured queries(QueryPlans). ; There is also an authenticated REST API for exporting resulting datasets. ; QueryPlans are currently created by FITFILE as part of the service, with a graphical interface allowing customers to create QueryPlans in development.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Fully customisable service. Users must work with FITFILE to customise the service.

Scaling

• Independence of resources: Independent software instances are deployed for each installation.; User load is usually low.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage counts.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Secure download.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Any reasonable format can be catered for
  • API access on request
  • Native PowerBI
  • Other BI tool integrations available on request
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Direct database connection
  • Appropriate APIs

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: SLAs defined based on user requirements, service credits for SLA breaches.
• Approach to resilience: We operate out of Microsoft UK datacentres. Resilience information is available on request.
• Outage reporting: Slack incident channel and email alerts to support staff.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: -Strictly controlled user list.; -Higher access credentials only by CEO and CTO approval and specified process on how to obtain, including sign-offs.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Approachable Certification
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: The full range of FITFILE services is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Data Security and Protection Toolkit (8KM90)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: -FITFILE own policies.; -ISO 27001 provisions.; -DSPT requirements.; -Cyber Essentials Plus requirements.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: FITFILE's configuration and change management policies and procedures are available upon request.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: -Pen tests, continuous monitoring, external specialist services.; -Patches applied as soon as they become available (change control process followed).; -Multiple threat information sources (e.g. NCSC).; -Software library security checks at every stage of software build.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Third party tools are used to monitor our platform and applications. Once a compromise is noticed, the incident management process is actioned. There are clearly defined response and timelines for different types of incidents.
• Incident management type: Supplier-defined controls
• Incident management approach: -Policy and pre-defined process used for incident management, defining ways to report depending on the type of incident.; -FITFILE is ISO27001 compliant (part of the certification is adherence to ISO 27001 incident management requirements).

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Accessing more health, social care and activity data that were previously locked into inaccessible silos presents immense potential. Whether the purpose of using data is direct care, healthcare planning or research, using more data and more detailed data can improve: ; 1)direct health and social care provision for potentially every individual in the UK by allowing clinicians and practitioners to consider all available information for their patients and respective groups in e.g. prescribing;; 2)health and social care planning by supporting central government and regional commissioners to make better, more detailed planning decisions across health and social care; and; 3)research by allowing researchers to examine a wider variety of data which can yield previously unknown insights for individual and population health, such as supercharging clinical trial insights.

Pricing

• Price: £0 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at philip.russmeyer@fitfile.com. Tell them what format you need. It will help if you say what assistive technology you use.