Optimus IT Infra Ltd

Opti Data Share

OptiDataShare is a customer/patient data repository which is capable of storing the customer/patient related information. It is designed to send and receive information from any needful subscribers like e-commerce business owners, their suppliers and Healthcare subscribers like NHS Trusts, NHS Hospitals, GPs etc.,

Features

• real-time monitoring
• integration plugin
• system service reporting

Benefits

• Alerting
• Instance display of system/application issues

£500 to £5,000 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@optimusit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

560176128124380

Contact

Abhishek Tirumalapuram
07557333022
info@optimusit.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Complete end to end software development and managed services
• Cloud deployment model: Private cloud
• Service constraints: None applicable. Our software can be customized to support any configuration
• System requirements: Windows 7 or higher versions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour during business hours 9:00AM to 5:00PM Within 4 hours outside business hours 5:00PM to 9:00AM Within 8 hours on weekends and public holidays
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 9am to 5pm business hours support will be provided on a severity/priority basis.Our support is completely customized depending on the customer's unique needs. For those with standard support requirements, we offer 2 levels of support: ; 1. Standard - normal response times during business days, weekends; and public holidays - included as part of our standard contracts. ; 2. Enhanced - fast response times (1 hour maximum) during business days, weekends and public holidays - customized as per customer's setup. Normally 35% more than Standard level. A technical analyst overseen by a technical account manager is assigned to review all support issues raised by the customers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Application will be deployed onsite by our team and onsite training will be provided along with documentation and maintenance of the application will also be demonstrated
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data will be stored in customer required storage spaces, where required it can be extracted and stored where ever required.
• End-of-contract process: Application accesses will be disabled and necessary handover will be scheduled. Support will be provided until the notice is served as per the contractual agreement.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Tbc
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Tbc

Scaling

• Independence of resources: * Both horizontal and vertical scaling of hosts can be provisioned on demand basis.

Analytics

• Service usage metrics: Yes
• Metrics types: * Usage statistics
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported using ETL tools
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • FHIR
  • Custom formats
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HL7
  • FHIR

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Token based authorisation
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Token based authorisation

Availability and resilience

• Guaranteed availability: We offer a standard one level SLA. Our service availability is guaranteed at; 99.9% and is reported on a monthly basis. The customers can also report; unavailability which is assessed by our technical team. The refund is; calculated on a pro-rata basis and the users are refunded through a credit; note system.
• Approach to resilience: It’s available to customers on request.
• Outage reporting: Our service is constantly monitored and outages are extremely rare. The; outages can be either at customer level or organization level. Whenever; an outage is detected, an email alert is sent to the nominated users at; affected customer's organization.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Other
• Other user authentication: * OAuth
• Access restrictions in management interfaces and support channels: * Both authentication and authorisation models are supported.; Specific user level access privileges are applicable to various modules of the application to allow only authorized users and to avoid any unauthorized access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our organization security governance is managed by our IG team which is responsible for setting the operational security procedures based on a risk based approach. All the roles, responsibilities and segregation of duties are clearly defined and enforced. All the staff is made aware of the policy and is trained regularly to ensure their knowledge is up to date. The policies are reviewed regularly to ensure staff compliance and also compliance with the organisation's business strategy.
• Information security policies and processes: The following policies are adhered to at our organization: ; 1.Acceptable Use Policy ; 2. Electronic, Voice and Physical Communications Policy ; 3. Change Management Policy ; 4. Access Control Policy ; 5. Remote Access Policy ; 6. DR and BCP Head of IG is responsible for the overall policies and they; in turn report to the Director of IT. ; Staff are trained regularly on the policies which are also provided to them for reference. Whenever a policy is updated, a staff update session is; scheduled. A regular audit of the policy is undertaken by a third party to ensure compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration management tools are used to manage changes and every; change is accessed to not cause any business continuity issues. A change; release log is maintained throughout the lifetime of the product to ensure; all changes are uniquely identified and tracked. Each change is; thoroughly assessed by our development panel and rigorously tested to; ensure full compliance with the security protocols.; Change management is managed by Agile delivery model; Continous delivery model is used for deployment and management of services
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Using cloud based API Gateway management services; Patches are delivered using continuous delivery model ; Potential threats are detected using service and host logs; Vulnerabilities and threats are accessed on a regular basis based on the market research, support calls and proactive monitoring of the emerging threats. Its ensured that they are covered tested during the regular; penetration testing schedule. Patches and updates are released on; regular basis which is often customized to the needs of the customer.; Where required, critical patches are deployed rapidly. When changes are; required, change control processes and CAB approval based deployment; is strictly adhered to.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are detected and alerted from web console logs; We endeavor to respond to incidents as swiftly as possible; Potential compromises are mostly human error and processes are in; place to ensure there is minimal human intervention. However if there any; issues noticed, immediate and timely action is taken by alerting the; customer about the issue along with the required steps to take to avoid; such issues in the future.
• Incident management type: Supplier-defined controls
• Incident management approach: Processes are in place to ensure there is minimal human intervention.; However if there any incidents noticed, immediate and timely action is; taken by alerting the customer about the incident along with the required; steps to take to avoid such issues in the future. The users have access to; a dedicated support email where they can log any incidents around the; clock and follow up the status of those incidents. A detailed incident; report will be provided to the client as soon as each incident is closed. A; history of all the incidents is also maintained for the users.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  As a company delivering IT services to the organizations in need we value, recommend and be vocal and follow practices which help fighting climate change. As an organization we tend to minimize gas pollution and request staff to travel by public transport as much as possible, also advice staff from time to time to ensure no paper is printed unless it’s really required and ensure that the devices they use are not left switched on if not in use. We review with the staff every year to identify where we can do more to help with fight climate change and hear their suggestions also and implement further good practices as we go along.
• Covid-19 recovery:

  Covid-19 recovery

  Considering the nature of the pandemic and recurring lockdowns and restrictions in place during the occurrences, we ensured staff are working from home. As the government eases the restrictions we are requesting only essential staff to be onsite on a rota basis to have lowest possible strength at any given time for example 3-4 people in a 10 people office space. Practices are in place for effected and impacted staff so they are not overloaded with work while they are on leave. Also any new trainings that they have missed are recorded so they can review and assign a lead to help them with any further clarifications if needed.
• Tackling economic inequality:

  Tackling economic inequality

  As a supplier company it’s in our best interests to work with our clients and other suppliers and support staff to do well so we all can grow and prosper to deliver better results to the organizations we provide our services to collectively. We ensure good conduct and approachable environments so all senior to junior staff can collaborate and contribute while helping each other. We tend to look for resources with minimal experience train them at our own expense and deploy them within our projects so they can confidently deliver. We always encourage staff to do certifications and pay their fees to encourage them to learn more to deliver more effectively.
• Equal opportunity:

  Equal opportunity

  Where possible we as an IT services provider we have been considerable in hiring staff with disabilities and minority groups. We believe any physical disabilities or any other disadvantage do not hinder the technical skill set acquiring and delivering capability. Where needed we train staff before we deploy them into actual real-time work at our own expense. We look forward and welcome such application and take it a challenge to ensure they progress and be progressive.
• Wellbeing:

  Wellbeing

  We recommend staff to bicycle or walk to work where possible. We also plan team activities which are physical like hiking, walks and also play sports with other teams we work with like clients, suppliers, support staff etc.,

Pricing

• Price: £500 to £5,000 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@optimusit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.