Cyber Media Solutions Ltd.

Theseus: Social Prescribing

Theseus: Social Prescribing is designed for social prescribing link workers, health and wellbeing advisors and community navigators to efficiently assess and refer citizens to health and wellbeing providers, volunteers and other community assets. Theseus: Social Prescribing has integrated outcome reporting features and data dashboards for easy insight and management.

Features

• Securely send social prescriptions directly to partners and community assets
• Social prescribing assessment forms tailored to your organisation’s requirements
• Partner Portal enables referrals and outcome tracking with external partners
• Integrated score-based assessments, including WHO-5, WEMWBS, PHQ-9, GAD-7, Q-LES-Q-SF
• Supports PRSB Social Prescribing Standard recording and sharing of data
• Service Directory included. Initial population from spreadsheet. Private and/or public.
• Self-Assessment module empowers clients to identify their wellbeing challenges
• Client Portal and website modules available for increasing client engagement
• Modules available for primary care system integration (EMIS, SystmOne, etc.)
• Diary and Booking System module facilitates appointment booking for teams

Benefits

• Easily deployable online social prescribing case management system
• Easy onboarding for non-technical partners receiving social prescribing referrals
• Delivers greater consistency and visibility for social prescribing programmes
• Supports initiatives including exercise on prescription and loneliness prevention
• Outcome visualisation for meaningful follow-up discussions with service users
• Powerful social prescribing management reporting features and data dashboards
• Scalable, powerful and flexible social prescribing case management
• Integrated, granular consent features for GPPR-compliant caseload management
• Platform governed by Information Security and Clinical Safety management systems
• Integrates with other Theseus G-Cloud offers - search ‘Theseus’

£9,000 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cyber-media.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

598299546069394

Contact

Tony Bonser
01785 222350
enquiries@cyber-media.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: No.
• System requirements:
  • Web browser
  • Internet / data connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target response times are summarised as follows. Critical Priority Level: 2 hours, High Priority Level: 4 hours, Medium Priority Level: 1 day, Low Priority Level: 2 days, Request for Enhancement: 14 days. Support is available Monday - Friday, 9am - 5pm (excluding Bank Holidays).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We operate a universal support offer for all clients identified in our SLA:; Critical priority issue (system unavailable): 2 hours; High priority issue (partially unusable, significantly affecting operation): 4 hours; Medium priority issue (aspect causing difficulty): 1 day; Low priority issue (a general question): 2 days; Request for enhancement: 14 days; ; Support is included in the Theseus licence.; ; We have a dedicated product support team that provides professional support to clients.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our standard offer includes high quality online training materials, plus live webinar 'train the trainer' training to nominated Superusers.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Video media
• End-of-contract data extraction: Data may be extracted by the customer using Theseus Key Data Extracts. We will provide a complete CSV extract of service data and arrange for secure transfer to the user via an agreed secure method.
• End-of-contract process: We will provide a complete CSV extract of service data and arrange for secure transfer to the user via an agreed secure method. If additional data migration or extraction services are required, these are available via our Rates Card.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile service is orientated around ease of use and responsiveness. Management features are available on a desktop or laptop machine.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: APIs are available to link Theseus Case Management with other systems. A Data API is available for integrating Theseus with business intelligence systems.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: A Flexible Forms Builder module is available and Theseus has other customisable functions to tailor the workflow in line with organisational and local requirements.

Scaling

• Independence of resources: We use reliable and reputable suppliers. Environments are actively monitored and resources allocated to ensure service standards are maintained. Each deployment features a separate application instance to maximise resilience and security.

Analytics

• Service usage metrics: Yes
• Metrics types: A comprehensive range of service usage metrics can be provided by the product, for example, total number of service users, follow-ups completed, follow-ups outstanding, etc.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data may be extracted from Theseus in CSV format from: Standard and bespoke reports, standard and bespoke dashboards, form extracts and system data extracts. Data may be exported as a CSV export of all form data submitted.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The in service availability has been, and is planned to be, better than 99.95%; ; We operate a transparent SLA. In all cases the times indicated are targets and we will make best endeavours to meet or exceed these targets.
• Approach to resilience: Information available on request.
• Outage reporting: System maintenance and upgrades are performed outside of business hours. Customers are informed of any planned service outage in advance via email. In the event of unplanned outage, customers will receive a report on the cause of the outage and its remediation.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: IP restricted and time-sensitive access is also offered to customers.
• Access restrictions in management interfaces and support channels: The product features secure account management features that enables configuration of user permissions throughout the system to restrict access to management interfaces (and data) by role.; ; In line with our Information Security Management System, all support channel users must be pre-registered by authorised contacts in order to raise support tickets.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Description of management access authentication: IP restricted and time-sensitive access is also offered to customers.

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 22/02/2024
• What the ISO/IEC 27001 doesn’t cover: NA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: DSPT

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have a comprehensive approach to security governance which we manage through an Information Security Management System developed in line with ISO 27001 and Government Cyber Essentials best practice.; ; Our Information Security Management System is annually assessed via the DSPT (Supplier reference 8HP72).
• Information security policies and processes: We operate an Information Security Management System developed in line with ISO 27001 best practice.; ; Our Information Security Policy (CM 0003 - Information Security Policy) is supplemented with detailed security policies and procedures that all staff receive training on, including:; ; • 0004 - Policy on Transfer and Receipt of Personal or Sensitive Information; • 0019 - Policy on Visitors to Cyber Media; • 0030 - Policy on the Use and Disclosure of Personal and Sensitive Information; • 0035 - Change Management and Control Policy; • 0038 - Internal ISMS Audit Policy; • 0041 - Access Control Policy; • 0043 - Network Access Policy; • 0044 - Password Policy; • 0045 - Acceptable Use Policy; • 0051 - Network Security Policy; • 0052 - Remote Access Policy; • 0053 - Mobile Computing Security Policy; • 0054 - Remote Working Policy; • 0057 - Policy on Written Contracts and Information Governance Responsibilities; • 0065 - Information Security Incident Management Policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We maintain detailed change logs for all our components and services.; ; Significant change must be assessed through compilation of a testing plan with clear acceptance criteria and security impact assessment via a Change Request Form.; ; The individual responsible for testing must be identified and briefed regarding the testing they will need to undertake.; ; The asset owner obtains approval for the change, taking into account any technical considerations, the costs of the exercise, the potential benefits and security impact.; ; Once the change request is approved by the Team Manager, approval is recorded and logged (RECF0101).
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our infrastructure is scanned once per month using Nessus. All new software is risk assessed in line with our software management policy. Security patches are applied within 14 days of the update being made available by a vendor. To identify potential threats the NVD and CVE databases are regularly reviewed. Public facing applications are subject to third party penetration tests.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a multilayer approach including firewalls and Symantec Endpoint protection.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Information Security Incident Management Policy (0065) that defines our response.; All staff will be made aware through their contract of employment, training and by their team manager of what is considered to be an incident.; Information Security weaknesses, events and incidents will be reported immediately by staff to the ISM as soon they are seen or experienced.; The ISM will also be responsible for closing out the incident. This includes reports to external authorities.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Cyber Media is committed to minimising adverse environmental impacts and a proactive approach to implementing measures with ongoing positive environmental benefits.; ; All our environmental commitments are measurable and demonstrable as we operate an Environmental Management System (‘EMS’).; ; Any non-conformities are logged, monitored and efficiently resolved.
• Covid-19 recovery:

  Covid-19 recovery

  We recognise Covid-19 has significant ongoing impacts for physical as well as mental health. Theseus supports public health teams to efficiently deliver health and wellbeing interventions through professional case management.
• Tackling economic inequality:

  Tackling economic inequality

  We appreciate the importance of understanding the causes and symptoms of health inequalities and Theseus’ robust episodic structure is optimised for accurate reporting and analysis. In addition to the powerful reporting tools within Theseus, a Theseus Data API is available should teams wish to conduct detailed analysis in a business intelligence system.
• Equal opportunity:

  Equal opportunity

  As a company we are committed to equal opportunities within our recruitment process and professional development functions.
• Wellbeing:

  Wellbeing

  Theseus supports wellbeing agendas with caseload management and data collection and through enablement of joined-up, holistic service delivery. Theseus readily supports inter-agency referrals where a patient will benefit from multiple sequential or concurrent interventions, i.e. support for smoking cessation and for the establishment of a more active lifestyle.

Pricing

• Price: £9,000 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@cyber-media.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.