TMS Healthcare
Optimised and secure platform for managing regular and ad-hoc NEPTS transport to and from health and care appointments using optimised planning. Empowering users through technology with role-based permissions and mobile applications to manage their journeys. Fully auditable including real-time configurable reporting. Robust risk and incidents management integrated across the system
Features
- Best-in-class integrated platform for appointments, transfers, discharges, and admissions
- High-quality versatile software for both ad-hoc and regular bookings
- End-to-end activity tracking from booking to invoice validation
- Real-time dynamic reporting and analysis for optimisation
- Integrated, automated route planning tool using configurable parameters
- Clear display of real-time GPS tracking of all resources
- Risk and incidents management module to underpin safety
- Dedicated mobile apps for drivers and passengers
- User access configurable by contract type with data segregation
- Finance tool to calculate fees for staff and Commissioners
Benefits
- Quality and Governance module driving compliance across all contracts
- Cloud-based – accessible on connected devices, no local server costs
- Self-management app – book, manage and control own transport
- Oversight - passenger and parent/guardian apps linked with school portals
- Live mapping to track drivers, passengers and all resources
- Marketplace module - dynamic purchasing system for additional resource
- Auto-planning for optimised management of all resources
- Fully auditable, with user defined access rights driving visibility
- Real-time reporting and live communications between driver and user
- Scalable, pay-as-you go highly flexible model with rapid on-boarding
Pricing
£8,000 to £8,000 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 5 9 0 8 1 1 8 3 9 5 8 2 5 5
Contact
Allocate Software Limited
UK Sales
Telephone: +44 (0)20 7355 5555
Email: bid.manager@rldatix.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- Allocate will normally perform Scheduled Maintenance activities during Out of Hours. Emergency Maintenance may be required as a result of identifying a problem through on-going monitoring and management that could potentially cause an outage or failure of the SaaS Services. Allocate will use reasonable endeavours to provide the Customer advance notification if possible and manage such Emergency Maintenance in such a way as to minimise impact on the Customer's operations. Emergency Maintenance may be conducted at any time.
- System requirements
- Please see Service Definition for full details.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Support is provided Monday to Friday, 08:30 – 05:30 including UK Bank Holidays (Support Service Hours). Support is telephone and web-based. Operational Support Services Response and Resolution Target Service Level: * Priority 1 - Within one (1) hour - Four (4) Support Service Hours * Priority 2 - Within one (1) hour - Sixteen (16) Support Service Hours * Priority 3 - Within one (1) Business Day - Forty-eight (48) Support Service Hours * Priority 4 - Within one (1) Business Day - Within the next Software release
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- No
- Support levels
-
We provide a single all-inclusive Level of Support. The cost depends on customer size and usage as determined by the Pricing Document. Help desk facility available between 09:00 to 17:00 Monday to Friday with a 24/7 Out-of-Hours emergency line. Our team provide the following support:
• Assist Users with configuration of the platform
• Assist Users with any issues related to proper use of the platform
• Determine and fix errors in the platform
Our team will respond to requests made through the help desk in accordance with the following support levels:
Critical: within 60 minutes e.g. where the website portal is inaccessible, returning 500 error or 404 error.
Serious: within 8 hours e.g. where the website portal is accessible, but unable to perform vital function such as assign staff member to journey.
Moderate: within 12 hours e.g. where the website portal is accessible, but unable to perform functions which are not vital to service delivery such as access staff record details.
Minor: within 48 hours e.g. where the website portal is accessible, but unable to perform functions which are not vital to service delivery.
We provide a named account manager as part of our service. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- Allocate adopts and delivers many forms of training regimes based on the requirement of a project. Following implementation, Allocate will deliver a comprehensive training plan that will ensure the customer is fully trained in the use of our system and able to achieve the full benefits of the solution. • During implementation, training will be delivered by the Implementation Consultant on a face-to-face, classroom training basis • Training will be delivered to the project management team to ensure ongoing centrally managed delivery • Expert knowledge will be provided in each functional area • User guides and system documentation will be provided Following implementation, Allocate will provide ongoing training via the Allocate Academy, which is designed to provide organisations with the formal training and accreditation needed to ensure that they have the confidence and skills to fully utilise our system. Moreover, our training and accreditation programmes are focused on job roles and career progression within the customer’s teams, guaranteeing that members of the team are trained to the highest standards, are empowered with knowledge, and achieve an in-depth understanding and confidence of the solution.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- As part of the termination process, and as part of a thorough and complex exit management process, an offer will be made to provide a data extract to the customer. If accepted a CSV data extraction will be compiled, strongly encrypted and securely delivered to the customer. We are also able to offer an archive service for an agreed number of months.
- End-of-contract process
-
As part of the termination process, an offer will be made to provide a data extract to the customer. If accepted a CSV data extraction will be compiled, strongly encrypted and securely delivered to the customer. Thorough and complex exit management plans will be delivered for all Enterprise level customers.
The customer will be offered the option of 365 response securely hosting the encrypted termination data extraction for a specified period.
At the date of termination all customer data will be fully and irreversibly deleted from the platform and no further live use of the platform will be possible by the customer.
A termination agreement will be signed by both parties. There is an additional cost for data extraction which is determined as per the Pricing Document.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None via the browser, but specific mobile apps are available.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
-
Our API is RESTful, it is encrypted with an SSL TLS 1.2 SHA256 with RSA and secured using token based authentication, which the user (requester) can request using a valid username and API key within a GET request. The token will remain valid for 180 minutes after which a new token will need to be requested.
The API allows access to journey information, enabling the requester to GET and/or POST journey details and timestamps. The requester will not be able to Get any patient identifiable data, DELETE journey data or ACCESS the API without an authenticated token. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Users with authority to customise (as determined by their security settings) can fully configure our service by setting up their own values in the system fields. Users can create tailored lists of options to allow for entry of bespoke user-specific terminology, enabling the application to be customised to their business sector.
For example, users can customise the values provided in drop-down menus with the contracts they have, the services they provide, the bases they operate from etc. Within certain areas of the system, the user can setup user defined fields which allow the label, data type and validation of the new field to be configured. Users can also set up customised logos and welcome messages
Scaling
- Independence of resources
- We continuously monitor the performance analytics of the system for customers and if due to increased load the performance metrics deteriorate we are able to provision additional system capacity on demand to restore performance.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Access to live information such as resource utilisation, page loading times and response times, number of successful request and bad request. The system also records the number of live and active users which is available to view on the system by other administrators.
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with CSA CCM v3.0
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- In normal use, users can export data through inbuilt export tools such as MDS export templates. Data extracts can also be supplied by 365 Response as an additional service where the user does not wish to or is unable to complete a complex bespoke export.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We guarantee the following level of availability:
Monthly uptime guarantee 99.9%
Monthly Uptime % = (Maximum Available Minutes-Downtime) / Maximum Available Minutes
Scheduled maintenance excluded. If service availability falls below the guaranteed level, customers are recompensed via service credits. - Approach to resilience
- Our service is designed with a high level of resilience with primary hosting in UK South (London) and continuously carries out geo-replication to UK West (Cardiff). In the event of UK South failure, hosting will restart without interruption in UK West. Sessions are stored within the database to ensure continuity in the event of failover.
- Outage reporting
- Customers are notified of outages within 60 minutes during core hours via email.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Inbuilt user security using Role Based Access Controls (RBAC) allows customisation of access to all areas. This can be used to restrict access in management interfaces and support channels, to read only, full control or no access to each screen.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- CFA
- ISO/IEC 27001 accreditation date
- 30/1/2017
- What the ISO/IEC 27001 doesn’t cover
- All areas of our service are covered by ISO/IEC 27001 certification.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 20/06/2017
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- All parts of our service are covered by the CSA STAR certification.
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- NHS Data Security and Protection Toolkit
- CREST-certified Annual Penetration Testing
- ISO9001
- IASME GDPR Self-assessment
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
Cyber Essentials
Cyber Essentials Plus
NHS Data Security and Protection Toolkit
CREST Certified Annual Penetration Testing
ISO9001 - Information security policies and processes
-
Our information security policies and processes are as follows:
• Information Governance and Framework Policy
• Acceptable Use Policy
• Access Control Policy
• Confidentiality and Data Protection Policy
• Disaster Recovery and Business Continuity Plan
• Information Security Policy
• Information Sharing Policy
• Information Quality and Record Management Policy
• Privacy Policy
• Safeguarding Policy
• Subject Access Requests Policy
Policies are ratified at Board Level and cascaded to all staff by means of access to a shared policy folder. All new employees are notified of the process at induction. All policies are reviewed annually.
As part of our ISO27001, Cyber Essentials Plus and our ISO 9001 accreditation, regular audits are carried out on each department; this enables us to ensure that policies are being adhered to correctly.
All staff are notified of any changes to policies and are informed by the Information Governance Lead when they are updated. All staff are responsible for accessing policies and ensuring they remain aware of them.
Our reporting structure is in line with Information Governance requirements. The Accountable Officer has overall responsibility and is supported by our Caldicott Guardian, Senior Information Risk Officer and Information Governance Lead.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Our configuration and change management is a documented process that is overseen internally and externally through audit cycles as part of accreditation with ISO27001 and ISO 9001. This provides guidance for how components of the system/service are tracked through their lifetime and how changes are assessed for potential security impact.
All system and service changes are impact and security assessed before they are introduced, logged and approved for action. The process is highly regulated, regular and audited on systematic audit cycles.
All service components are tracked through a secure and auditable version control log during their lifetime. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Our vulnerability management process conforms to the ISO 27001 standard. Our operational oversight is managed by controlled procedures assured by ISO9001.
Risks and vulnerabilities are continually reviewed, tested and resolved through an established continuous quality management and authorised Audit cycle.
Alongside continual monitoring regular internal and external audits are conducted including annual CREST Penetration Testing and identification of any vulnerabilities for potential threats to services.
All identified issues are managed through an assured ISO9001 and ISO27001 quality and technical governance process that identifies, analyses and deploys fixes on a regular basis with any high priority issues identified resolved immediately. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Our products use protective controls as part of a continuous policy framework and standard operating procedures that are accredited externally and certificated by ISO27001 and ISO9001.
Continual internal monitoring and external auditing of all cloud-based and internal systems are conducted in regular documented processes that identify any potential compromises.
Potential compromises are logged under auditable event and incident management processes. All staff are trained to identify operational or technology related risks; we implement anti malware and virus technology, firewalls and technical vulnerability scanning.
We respond to incidents and events immediately to investigate, classify and act upon the threat as necessary. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Our Incident Management process is internally and externally audited and certified by ISO9001. This ensures all incidents are managed and investigated correctly; and a quality management cycle is embedded into the organisation.
There are pre-defined, auditable processes in place for common events and staff are trained and audited for compliance.
On incident report, details are securely recorded and an investigation process is initiated by the Compliance Team. Root Cause Analysis is undertaken and a full incident review process is followed. External agencies are notified.
Incident management reports are provided including investigation, analysis, shared-learning, monitoring and closing of actions, written feedback.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
Fighting climate change Fighting climate change and supporting Net Zero RLDatix recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. To achieve this, RLDatix has completed the following: • RLDatix has an Environmental Policy that is reviewed on an annual basis to ensure it is relevant to the business • RLDatix has engaged our travel partners to ensure travel is as carbon efficient as possible, i.e., recommends trains rather than flights • Throughout all RLDatix offices we provide waste receptacles for recycling and general waste, supporting the reduction of waste to landfill • We encourage the reduced use of water and electricity and actively encourage the staff to consider the environment whilst printing • Many of our solutions assist our customers in reducing their own carbon footprint, i.e., assisting with route planning for community-based staff • RLDatix is working to be carbon neutral in the next few years and achieve ISO 14001 accreditation Many of these environmental proposals help us and will help you in your path to Net Zero. We are firmly committed to carbon reduction, as demonstrated by our Carbon Reduction Plan, published here: https://rldatix.com/en-uke/corporate-responsibility/
Pricing
- Price
- £8,000 to £8,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No