Intelogy Limited

NHS & Healthcare - Clinical Policy Document Management solution

Our solution will manage SOP, guideline and policy documents within a clinical setting on Microsoft365. The solution manages the end-to-end document lifecycle, from creation, through authoring, review and approval processes, assignment of metadata and publication. Ultimately, it provides healthcare staff with a mechanism to retrieve trustworthy information quickly and efficiently.

Features

• Drafting of documents done via Microsoft Word with co-authoring
• Access to drafting area restricted to specific users
• Approval process predefined and configurable for each organisation
• All documents published as non-editable PDFs and linked supporting files
• All published content searchable via easy-to-use portal
• Administrator app used to manage complex back office processes
• Operates within the boundaries of the shared NHS tenant
• Deployable to other M365 tenants, independent of shared NHS tenant.

Benefits

• All content stored in Microsoft 365 (NHS or your own)
• Single library used to search for all content
• Advanced searching using filters e.g. organ , type, hospital site
• Familiar tools used for drafting and authoring documents
• Auto-conversion into immutable PDF records after approval
• Expiry dates trigger review workflow notifications
• Naming conventions for documents pre-defined, including unique ID
• Approval workflows notify pre-defined approvers with tasks
• Support for pre-scoped (e.g. hospital/department) searching
• Built-in versioning audit trail and update history

£4,550 to £30,240 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.tomlins@intelogy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

567276152320969

Contact

Andrew Tomlins
02037473506
andrew.tomlins@intelogy.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Microsoft 365 (either your own or the shared NHS tenancy)
• Cloud deployment model: Public cloud
• Service constraints: Being a cloud service, the system relies on access to the internet. All modern browsers are supported. ; It does require an Office 365 license to be in place for each user (such as the N365 licensing agreement already in place for 1.5M NHS users).
• System requirements:
  • Microsoft 365 licenses (Minimum SharePoint Plan1 for consumers and searchers)
  • Microsoft 365 licenses (E1/E3 for document authors and drafters)
  • Power Apps licenses (for Admin users only)
  • Microsoft Word (included with E3 licenses)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our help desk operates on UK Office hours only. Our response times are based on the following priority levels (as defined by the ticket raiser): P1 – (Urgent) - 2 hours response; P2 – (High) - 4 hours response; P3 – (Normal) - 10 hours response; P4 – (Low) - 10 hours response times.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide UK Office Hours support as per below: P1 – (Urgent) - 2 hours response; P2 – (High) - 4 hours response; P3 – (Normal) - 10 hours response; P4 – (Low) - 10 hours response times. ; ; We provide a technical account manager and a cloud support engineer as part of the response team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We run an initial workshop with the key stakeholders to define the required configuration for that particular organisation. This starts as a demo and then requirements gathering session to identify changes. The biggest challenge is usually then loading legacy content into the system and helping organisations to establish their actions for content owners. Beyond that we will run a pre-production validation session, user training webinars and discuss adoption strategies.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The customer's data will be stored within their own Microsoft 365 tenant and therefore they have control of it when the contract ends. Our value-add is the logic built into the system to manage the lifecycle of documentation in an appropriately governed manner. Therefore there is no data extraction process required on contract end.
• End-of-contract process: At the end of the contract, our logic apps (the things that process workflows for approval, versioning, naming and publication) will cease to operate, but the library of published content will still operate and be available for searching as before. Documents in the drafting library will also be available but cannot be processed to publication via the same means as before.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The mobile experience is optimised for browsing and searching for content rather than authoring it however, content can be authored and reviewed on mobile devices if required.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Workflows, document naming conventions, document types, any meta data and search experience can all be customised at part of the deployment per organisation.

Scaling

• Independence of resources: Approval and publication processes are run on associated Azure based services. These will be scaled according to the size of the organisation/ number of expected users. If performance becomes an issue the scale of the Azure resources can be increased at click of a button.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports of usage are available on request
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Should owners of the content wish to export data from the solution, this is possible and will only require the assistance of their own IT team (as it is their own Microsoft 365 tenancy).
• Data export formats: Other
• Other data export formats:
  • Office documents
  • PDF documents
  • CSV file (meta data, filenames etc)
• Data import formats: Other
• Other data import formats:
  • Word documents
  • CSV file for meta data mapping
  • PDF documents

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As per Microsoft's own SLAs for Microsoft 365 services - currently 99.99% uptime
• Approach to resilience: As per Microsoft own resilience plans for Microsoft 365 and Azure services
• Outage reporting: Microsoft 365 outage reports: https://status.office365.com/

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is limited to named users within an Active Directory Group, as defined by tenancy admins.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We hold Cyber Essentials Plus certification as an organisation. We are working towards ISO27001 standard, therefore all our security governance procedures are aligned to that. We set up all our systems on a least trust basis so only people who need access are provided it and only to the level required. Only a small subset of staff have admin access. Our support staff have undergone background checks by a third party (DBS).
• Information security policies and processes: We are working towards ISO27001 accreditation so we adopt the "Plan-Do-Check-Act" (PDCA) model, which is applied to all Information Security Management Systems (ISMS). We have a set of policies defined at a Board level and all staff are contracted to follow them. They are available via our internal ISMS and any breeches of policies should be reported to our Operations Director who will decide on the course of action. Our policies are reviewed and adapted annually. All changes are highlighted to staff via internal meetings.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are applied via standard processes. i.e. A set of potential changes are assessed for inclusion in a point release of a new version. Assessment of risk, value to the end users, technical feasibility and complexity are taken into account and changes batched into priorities as a result. Changes are conducted on an internal development environment and tested with pre-defined scripts. The changes to the application or configuration are then deployed by an authorised platform administrator to a staging environment, tested and signed off by a product manager, before repeating the process on a production environment in Azure.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: TBC
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Yes, we have a defined process for common events: 5.2 Detection * Identification and reporting of the incident. * Incident details must be captured. * Categorization of incident. * Classify the incident. High, Medium, Low * Identification of stakeholder who all should be involved for managing the incident 5.3 Response * Preventive action of the incident minimize the re-occurrence of the incident * Corrective Action 5.4 Analysis * Data collection * Root Cause Analysis of the incident 5.5 Report * Preventive action of the incident minimize the reoccurrence of the incident * Learning communicated to either whole organisation and stakeholders
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report incidents via phone, email and the helpdesk service. Detection * Identification and reporting of the incident. * Incident details must be captured. * Categorization of incident. * Classify the incident. High, Medium, Low * Identification of stakeholder who all should be involved for managing the incident Response * Preventive action of the incident minimize the re-occurrence of the incident * Corrective Action Analysis * Data collection * Root Cause Analysis of the incident Report * Preventive action of the incident minimize the reoccurrence of the incident * Learning communicated to either whole organisation and stakeholders

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  As well as encouraging less travel to work and use of physical consumables (like paper), the main way that our cloud services can help reduce carbon emissions is by lowering the energy consumption of IT infrastructure. According to a study by Microsoft, cloud computing can reduce the energy use and carbon footprint of IT operations by up to 93% compared to traditional on-premises data centres. This is because cloud providers can optimize the utilisation of their servers, use more efficient cooling systems, and leverage renewable energy sources. By contrast, on-premises data centres often have low utilization rates, inefficient cooling systems, and rely on fossil fuels for power generation. By moving to the cloud, businesses and individuals can save energy and reduce their environmental impact.

Pricing

• Price: £4,550 to £30,240 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andrew.tomlins@intelogy.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.