AMaT
AMaT is a web based tool designed for the NHS that provides an easy to use platform for managing clinical audits, regular ward based audits, statements of compliance against NICE guidance, quality improvement projects, and actions resulting from inspections.
Features
- Registration of clinical audit and online data collection.
- Paper free ward and area auditing and action planning.
- Recording of long term audit projects and service evaluations.
- Realtime dashboards showing all audit activity within the Trust.
- Keyword search that interrogates every aspect of all audits.
- Notification of overdue activities and actions.
- NICE guidance compliance management.
- Dashboards showing compliance with guidance.
- Inspection recommendation and action management.
- Quality Improvement project management.
Benefits
- Transparent view of all clinical audit activity in a Trust.
- Significant reduction in overheads related to user management.
- Instant identification and visibility of non compliance and risks.
- Visibility of all overdue audit projects and action plans.
- Optimisation for CQC inspections with instant visibility of compliance.
- Quick, simple and paper free ward and area based auditing.
- Users alerted to new and updated NICE guidance.
- Tailored user 'to do' list detailing due and overdue items.
- Share audits instantly between users and Trusts.
- All audits and information can be accessed from smart devices.
Pricing
£23,000.00 to £23,000.00 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
6 0 3 3 2 6 1 1 1 4 9 3 1 7 4
Contact
MEANTIME AMaT LIMITED
Fenner Pearson
Telephone: 07767622674
Email: fenner.pearson@amat.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Fortnightly outage for (typically) less than 1 minute for security patching.
Supports the following browsers: Chrome; Edge; Safari; and Firefox. - System requirements
-
- One of the following browsers: Chrome; Edge; Safari; or Firefox.
- An Internet connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within 20 minutes, during normal working hours.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
- There is a single support level, which is via our ticketing system. Depending on the nature of the issue, the response will come from the AMaT Programme Manager or the technical account manager.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
The AMaT programme manager hosts a number of meetings, understanding how the Trust operates, and assists in the software configuration.
Separate training is provided for each module.
In addition to the above, open training sessions are held several times a year. - Service documentation
- No
- End-of-contract data extraction
- AMaT's IT provider, Meantime IT, provides a data extract in human readable format - PDF or CSV - or as an SQL extract. The choice of format is down to the Trust.
- End-of-contract process
-
Assuming this question refers to the circumstances in which the Trust doesn't renew, then :
The extract of the Trusts' data is provided to the Trust, and then the AMaT copy of the data is destroyed. There is no cost to the Trust for either of these activities. The Trust no longer has access to AMaT.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
AMaT uses responsive design, so the screen layout is different between monitors (landscape) and smart devices (portrait).
There are no functional differences. - Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- Yes
- What users can and can't do using the API
- APIs can be used for extracting ward data. We will add new APIs on request from the Super User Group.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
There is a data management section in AMaT that allows Super-user level users to configure AMaT for their Trust.
Customisations include: Sites; Wards; Divisional hierarchy; help text; dropdown lists; and pro formas, but that is not an exhaustive list.
Scaling
- Independence of resources
-
Firstly, through the 'elastic' cloud infrastructure upon which AMaT is hosted, which enables additional resources - cores, etc - to be added when needed.
Secondly, we monitor the performance of scripts and queries, and update those as required to maintain a high level of service.
Analytics
- Service usage metrics
- Yes
- Metrics types
- AMaT has a number of activity reports that detail information about which users have logged in and when, and what activities they have undertaken,
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- We additionally AES-256 encrypt sensitive pro-forma data in AMaT
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
The data from any report in AMaT can be exported to spreadsheet.
Some data can also be exported via API. - Data export formats
- Other
- Other data export formats
-
- Spreadsheet.
- XML for API extracted data.
- Data import formats
- Other
- Other data import formats
- Some data can be imported via API using XML.
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
AMaT's scheduled outage is typically one minute per fortnight for server patching. Otherwise we have 100% availability except where there has been an outage with the data centre: this totals six hours over the twelve months to May 2022.
There are no refunds. - Approach to resilience
- This information is available on request.
- Outage reporting
- A public dashboard
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Identity federation with existing provider (for example Google Apps)
- Other
- Other user authentication
- Username AND password
- Access restrictions in management interfaces and support channels
- Access to servers is defined by ISO27001 policies. Administrative access to servers is only possible with valid credentials while connected to Meantime IT's private network.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Identity federation with existing provider (for example Google Apps)
- Other
- Description of management access authentication
- Username AND password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Alcumus Isoqar
- ISO/IEC 27001 accreditation date
- 08/11/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Our information security policies and processes are ISO 27001 certified. This are not published here - as they are commercially sensitive, but they are available on request to NHS IT services.
All ISO 27001 related activity is monitored by our ISM Formu.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All scripts and database changes are tracked via PHPStorm and MySQL Workbench,
Impact analysis is carried out at the specification stage, and all changes are regression tested to ensure no security issues gave been introduced into the code base or database. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
A Nagios service (managed by Meantime IT) monitors all servers for issues with software updates, security patches, backups, disk usage and uptime. Email notifications alert Meantime IT when immediate action is required.
The development server is patched immediately and once the impact of any patch has been verified it is deployed to the other test environments and production server.
The servers run Ubuntu Pro Linux. All patches and updates are provided through Ubuntu's software update repo. Meantime IT is subscribed to daily email notifications containing Ubuntu security advisories. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
AMaT is monitored by Meantime IT using a real-time monitoring service to alert for security patches.
In the event where a compromise was reported via support ticket, Meantime IT would raise an incident and follow the business continuity plan. In the event of unscheduled downtime or data-loss, then the information security manager would notify Trust super users.
Incidents will receive an initial response in no more than 1 hour followed by updates where appropriate. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Trust super users raise issues on a client ticketing system. Issues are classified as Query, Change or Defect. Responses are provided via the ticketing system and users receive email notifications when the status changes. They can track the progress by logging in and viewing responses.
Meantime AMaT's ISO27001 policy defines the incident management policy. The policy defines a number of key event types including unscheduled downtime, loss of data and data breach.
If a defect ticket is raised, the updates are provided to the user as the issue is investigated and resolved.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
Meantime AMaT seeks to operate in a 'carbon neutral' manner.
AMaT (the system) reduces the use of paper within the NHS and also reduces the need for travel. - Covid-19 recovery
-
Covid-19 recovery
N/A - Tackling economic inequality
-
Tackling economic inequality
N/A - Equal opportunity
-
Equal opportunity
Meantime AMaT is an equal opportunities employer. - Wellbeing
-
Wellbeing
Meantime AMaT is focussed on staff well-being, avoiding any overtime, and monitoring that all staff maintain a healthy work-life balance.
Pricing
- Price
- £23,000.00 to £23,000.00 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No