Skip to main content

Help us improve the Digital Marketplace - send your feedback



AMaT is a web based tool designed for the NHS that provides an easy to use platform for managing clinical audits, regular ward based audits, statements of compliance against NICE guidance, quality improvement projects, and actions resulting from inspections.


  • Registration of clinical audit and online data collection.
  • Paper free ward and area auditing and action planning.
  • Recording of long term audit projects and service evaluations.
  • Realtime dashboards showing all audit activity within the Trust.
  • Keyword search that interrogates every aspect of all audits.
  • Notification of overdue activities and actions.
  • NICE guidance compliance management.
  • Dashboards showing compliance with guidance.
  • Inspection recommendation and action management.
  • Quality Improvement project management.


  • Transparent view of all clinical audit activity in a Trust.
  • Significant reduction in overheads related to user management.
  • Instant identification and visibility of non compliance and risks.
  • Visibility of all overdue audit projects and action plans.
  • Optimisation for CQC inspections with instant visibility of compliance.
  • Quick, simple and paper free ward and area based auditing.
  • Users alerted to new and updated NICE guidance.
  • Tailored user 'to do' list detailing due and overdue items.
  • Share audits instantly between users and Trusts.
  • All audits and information can be accessed from smart devices.


£23,000.00 to £23,000.00 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 0 3 3 2 6 1 1 1 4 9 3 1 7 4


Telephone: 07767622674

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
Fortnightly outage for (typically) less than 1 minute for security patching.
Supports the following browsers: Chrome; Edge; Safari; and Firefox.
System requirements
  • One of the following browsers: Chrome; Edge; Safari; or Firefox.
  • An Internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 20 minutes, during normal working hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Web chat support
Onsite support
Support levels
There is a single support level, which is via our ticketing system. Depending on the nature of the issue, the response will come from the AMaT Programme Manager or the technical account manager.
Support available to third parties

Onboarding and offboarding

Getting started
The AMaT programme manager hosts a number of meetings, understanding how the Trust operates, and assists in the software configuration.

Separate training is provided for each module.

In addition to the above, open training sessions are held several times a year.
Service documentation
End-of-contract data extraction
AMaT's IT provider, Meantime IT, provides a data extract in human readable format - PDF or CSV - or as an SQL extract. The choice of format is down to the Trust.
End-of-contract process
Assuming this question refers to the circumstances in which the Trust doesn't renew, then :

The extract of the Trusts' data is provided to the Trust, and then the AMaT copy of the data is destroyed. There is no cost to the Trust for either of these activities. The Trust no longer has access to AMaT.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
AMaT uses responsive design, so the screen layout is different between monitors (landscape) and smart devices (portrait).

There are no functional differences.
Service interface
User support accessibility
What users can and can't do using the API
APIs can be used for extracting ward data. We will add new APIs on request from the Super User Group.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
There is a data management section in AMaT that allows Super-user level users to configure AMaT for their Trust.

Customisations include: Sites; Wards; Divisional hierarchy; help text; dropdown lists; and pro formas, but that is not an exhaustive list.


Independence of resources
Firstly, through the 'elastic' cloud infrastructure upon which AMaT is hosted, which enables additional resources - cores, etc - to be added when needed.

Secondly, we monitor the performance of scripts and queries, and update those as required to maintain a high level of service.


Service usage metrics
Metrics types
AMaT has a number of activity reports that detail information about which users have logged in and when, and what activities they have undertaken,
Reporting types
Real-time dashboards


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
We additionally AES-256 encrypt sensitive pro-forma data in AMaT
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
The data from any report in AMaT can be exported to spreadsheet.

Some data can also be exported via API.
Data export formats
Other data export formats
  • Spreadsheet.
  • XML for API extracted data.
Data import formats
Other data import formats
Some data can be imported via API using XML.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
AMaT's scheduled outage is typically one minute per fortnight for server patching. Otherwise we have 100% availability except where there has been an outage with the data centre: this totals six hours over the twelve months to May 2022.
There are no refunds.
Approach to resilience
This information is available on request.
Outage reporting
A public dashboard

Identity and authentication

User authentication needed
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Other user authentication
Username AND password
Access restrictions in management interfaces and support channels
Access to servers is defined by ISO27001 policies. Administrative access to servers is only possible with valid credentials while connected to Meantime IT's private network.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
Description of management access authentication
Username AND password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Alcumus Isoqar
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our information security policies and processes are ISO 27001 certified. This are not published here - as they are commercially sensitive, but they are available on request to NHS IT services.

All ISO 27001 related activity is monitored by our ISM Formu.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All scripts and database changes are tracked via PHPStorm and MySQL Workbench,
Impact analysis is carried out at the specification stage, and all changes are regression tested to ensure no security issues gave been introduced into the code base or database.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
A Nagios service (managed by Meantime IT) monitors all servers for issues with software updates, security patches, backups, disk usage and uptime. Email notifications alert Meantime IT when immediate action is required.

The development server is patched immediately and once the impact of any patch has been verified it is deployed to the other test environments and production server.

The servers run Ubuntu Pro Linux. All patches and updates are provided through Ubuntu's software update repo. Meantime IT is subscribed to daily email notifications containing Ubuntu security advisories.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
AMaT is monitored by Meantime IT using a real-time monitoring service to alert for security patches.

In the event where a compromise was reported via support ticket, Meantime IT would raise an incident and follow the business continuity plan. In the event of unscheduled downtime or data-loss, then the information security manager would notify Trust super users.

Incidents will receive an initial response in no more than 1 hour followed by updates where appropriate.
Incident management type
Supplier-defined controls
Incident management approach
Trust super users raise issues on a client ticketing system. Issues are classified as Query, Change or Defect. Responses are provided via the ticketing system and users receive email notifications when the status changes. They can track the progress by logging in and viewing responses.

Meantime AMaT's ISO27001 policy defines the incident management policy. The policy defines a number of key event types including unscheduled downtime, loss of data and data breach.

If a defect ticket is raised, the updates are provided to the user as the issue is investigated and resolved.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Meantime AMaT seeks to operate in a 'carbon neutral' manner.

AMaT (the system) reduces the use of paper within the NHS and also reduces the need for travel.
Covid-19 recovery

Covid-19 recovery

Tackling economic inequality

Tackling economic inequality

Equal opportunity

Equal opportunity

Meantime AMaT is an equal opportunities employer.


Meantime AMaT is focussed on staff well-being, avoiding any overtime, and monitoring that all staff maintain a healthy work-life balance.


£23,000.00 to £23,000.00 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.