NHS North of England Commissioning Support Unit (Hosted by NHS England)

NECS Appointment Booking System

This is a flexible web based system allows patients to book an appointment for any relevant test that is being commissioned. This could be anything from Covid antigen/antibody test, flu vaccinations to any public health related vaccination programme.

Features

• Test availability is customisable by region
• Access to various test settings e.g on-site/drive through
• Automated emails generated and sent by the system
• Configurable number of tests available per site
• Web based system so scalable at speed
• Fully hosted with no software installation requirements - quick implementation
• Minimal training required due to simplicity of system usability
• Developed by the NHS, for the NHS
• Ability to incorporate home testing delivery functionality
• Ability to deliver mass group test orders

Benefits

• Booking system can be accessed 24/7
• Web based system allowing for ease of access
• Quick and efficient process for booking tests
• Targeted access points into the system for staff and patients
• Flexible to swiftly configure new test locations/schedules

£30,000 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at necsu.busdev@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

619948686721883

Contact

Business Development
0191 3751789
necsu.busdev@nhs.net

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • For supported versions and browsers see Compatibility Matrix at help.k2.com
  • Azure Active Directory: K2 Cloud customers should use AAD authentication

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 working days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: During the implementation period, intense support levels will be provided to the customer. ; Following go-live, a high level of maintenance and support will be provided (along with a wrap around programme support where applicable) on an ongoing basis, to the customers requirement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: NECS will provide virtual training sessions, along with various user guides relevant to the end user.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers can request a backup of their database at the end of the contract.
• End-of-contract process: At the end of a contract a customer can either renew subscription or cancel.; ; Upon contract expiry or termination, the customer will be provided with a copy of all relevant information / data currently held within the system at that time if requested.; ; Environments and any data will be securely destroyed 30 days after termination of the agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Font size and lay-out scaled down for viewing on mobile devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Browser-based design tooling : ; ; Design and Build ; - Workflows; - SmartForms; - Integrations ; ; Administration; - Security and Compliance ; - Roles ; - Permissions; - Reporting ; ; Users; - Workspace ; - Forms ; - Mobile ; - Reporting
• Accessibility standards: None or don’t know
• Description of accessibility: Non-text content is supported through the inclusion of text based values to ensure the information is accessible
• Accessibility testing: We have not undertaken any interface testing with users of assistive technology
• API: No
• Customisation available: No

Scaling

• Independence of resources: K2 Cloud runs on a service that can be scaled based upon either short-term, forecasted demand OR more permanently due to growth usage and adoption.; ; K2 Cloud is currently deployed as a multi-tenant model; however, customer compute and data is segmented from other customers. However, customers are isolated in both the compute and data storage tiers.

Analytics

• Service usage metrics: Yes
• Metrics types: Reports around the status of each process and their instances can be provided upon request to monitor real-time process information and discover trends for process-improvement
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Standard TDE Azure SQL, full database encryption.; Optional database column encryption based on database engine (i.e. AES 256 on SQL Azure)
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: For an end user, The Testing System provide a capability to "Export to Excel" a list of results with filtering and paging options available. An export of a form displayed information can also be created in PDF format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: •Excel and CSV (via extensions)
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel and CSV (via extensions)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: NECS, via the K2 Cloud, provides customers with an Availability SLA of 99.9% within their production K2 Cloud tenant. Availability is defined as the ability for a customer to be able to access the production service environment irrespective of network connection or other intermediary issues outside of the control of K2. A Service Credit is available to customers should the K2 Cloud SLA not be met.
• Approach to resilience: NECS via the K2 Cloud makes use of SQL Azure as data store. SQL Azure creates automatic geo-redundant database backups. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes. The backup storage geo-replication occurs based on the Azure Storage replication schedule – handled by Microsoft. The retention period for the database is 30 days. The above means that we can do any point-in-time restore of the data with a 10-minute accuracy within the last 30 days. ; High availability (HA) is provided by default in the Production instance. Native Microsoft Azure capability is utilized in testing disaster failover (DR).; ; More details available in the K2 Cloud - Service Policies document. More details available on request
• Outage reporting: The Testing System on the K2 Cloud is hosted on Azure datacenters. Azure status, planned maintenance and outages are reported via the website: https://azure.microsoft.com/en-gb/status. An RSS feed is available.; Communications channels to customers are via the K2 Cloud status page (status.onk2.com) as well as direct email notifications to subscription administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: The K2 Management site allows you to manage your K2 environment and components such as workflows, worklist items, SmartObjects, users and security. These are administrative tasks that are performed by the K2 administrator. The Server Rights node is used to add, edit, remove and refresh Workflow server permissions for users or groups. These rights will determine which users and groups can administer a K2 workflow server, export new workflows or impersonate a user.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 26/04/22
• What the ISO/IEC 27001 doesn’t cover: 14.1.3 Protecting Application services transactions; 14.2.1 Secure development policy; 14.2.5 Secure development environment; 14.2.6 Outsourced development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC 2 type II attestation report

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security is an important part of our reputation, how we earn customer trust, how we do business and how we deliver our product. Our company must provide secure products and services for our customers. We are committed to maintaining a secure environment and improving our information security management system and security program.; ; K2 have a Security Committee who are responsible for providing support for the business by assuring the confidentiality, integrity, and availability of company information assets. The Security Committee discusses security topics, reviews key security metrics, and approves security policies.; ; The Information Security Management Systems (ISMS) Manager is; responsible for implementing and maintaining the ISMS.; ; Security Administrators include systems administrators, database; administrators, network administrators, and other application; administrators. These functional teams maintain the responsibility for the; management of security controls and configurations within the; information systems they support. They implement security mechanisms; and maintain the requisite technical expertise to support them. They; ensure systems and services comply with all approved corporate; information security policies, standards, and procedures.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to the Cloud environment are tracked, approved, tested, and implemented in accordance with ISO27001 specification are are independently audited annually against SSAE 16 SOC2 standards for 12 previous months prior to the audit. ; Changes by customers within the K2 Platform will be configured and operated by either customers or 3rd party suppliers.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: K2 performs annual vulnerabilty testing internally and externally, as well as contracts out to a third party to perform an annual penetration test of the product and standard environment. These are conducted in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within an SOC2 type II report.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring is conducted within Azure and consolidated within Elasticsearch for analysis.; Monitoring activities are handled in accordance with ISO27001 specifications and are independently audited annually against SSAE 16 standards for 12 previous months prior to the audit and reflected within an SOC2 type II report.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Customers can reach out to K2 support via web, phone or email to raise incidents. Incidents will be handled via K2's internal incident management policies and conducted in accordance with ISO27001 specifications. The processes are independently audited annually against SSAE 16 standards for the 12 previous months prior to the audit and reflected within an SOC2 type II report.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  NECS is committed to fighting climate change and has set up a Corporate Social Responsibility Group, chaired by our Organisational Development and Corporate Services Director to develop and track progress. This group and each initiative are supported by several recycling champions located across NECS estates; whose core objective is to raise awareness of the benefits of combating climate change amongst employees and encouraging participation in any initiatives.; ; We have rolled out innovative technologies that enable remote working such as Microsoft Teams, which combined with our new ways of working framework has led to a reduction in our energy consumption. We have also committed to removing all single use plastics across all our estates and no longer procure any product of this nature. To further reduce our impact, we have also committed to removing all bottled water facilities where an alternative fresh drinking water source is available.; The carbon emission reduction achieved by these schemes in 2019-20 equated to 865 tCO2e, a 38% reduction against the 2017-18 baseline. 2020-21 is likely to be an anomaly year due to the COVID-19 pandemic and national restrictions. To continue our progress to achieve Net Zero, we are adopting carbon reduction targets. We project that carbon emissions will decrease to 1073 tCO2e by 2025. This is a reduction of 54%.; ; All of these implemented measures will be in effect when performing any call-off contract.
• Covid-19 recovery:

  Covid-19 recovery

  As an organisation that is firmly embedded in the NHS, NECS directly supported NHS England and multiple Clinical Commissioning Groups and Foundation Trusts to manage and recover from the impacts of COVID-19. Often working at pace to challenging deadlines, NECS pro-actively managed available resources and internal capacity to ensure that our customers had access to the support they required to reduce the demand on health and social care services. Due to the restrictions that were in place during the pandemic, our employees swiftly embraced new and innovative ways of working to meet demands. ; ; NECS has worked in partnership with our trade union colleagues to produce a new ways of working framework to effectively manage our workforce whilst taking into consideration the implications of COVID-19. The framework sets out NECS’ core principles underpinning our ways of working which are significantly less office centric and aim to provide a better work-life balance for our employees and accelerate our carbon foot reduction. ; ; Lastly, to support sustainable travel, NECS has implemented a 'Cycle to Work' scheme. This allows NECS staff to loan bicycles and cycling safety equipment, as a tax-free benefit, as part of the Government’s initiative to promote healthier journeys to work and reduce environmental pollution.; All of these initiatives and policies will be in effect during delivery of any call-off agreement, and we would be happy to share best practice with suppliers and customers where possible.
• Tackling economic inequality:

  Tackling economic inequality

  NECS has a clear social purpose to create jobs and generate wealth for our communities. In response to COVID-19 we developed our NECS100 programme, providing employment and training opportunities to the communities we serve and particularly for those who reside in deprived areas. The programme has seen the recruitment of one-hundred apprentices and graduates into our organisation. Each of the new recruits engaged in a tailored development programme designed to help them integrate into the organisation, develop lifelong skills, and obtain recognised qualifications. ; Our aim is to continue to provide employment and training opportunities to the communities we serve. The third cohort of the programme is just about to commence, which will see an additional sixty-four apprentices and graduates join our organisation. ; ; To create opportunities for entrepreneurship and help new, small organisations grow, we are working closely with NHS England to support their Clinical Entrepreneur Programme. The programme aims to provide the commercial skills, knowledge and experience needed to successfully develop and disseminate innovative solutions to the challenges facing the NHS for the benefit of patients, staff and the wider NHS. More than 500 individuals including doctors, dentists, healthcare scientists, nurses and midwives, allied health professionals and pharmacists, have joined the programme since it launched in 2016. Through the programme, NECS will offer expert mentoring and bespoke training to help entrepreneurs develop innovative ideas into products and businesses.; ; Where possible, NECS will look to develop the skills of its employees and those within the NECS100 programme through the delivery of any call-off agreement.
• Equal opportunity:

  Equal opportunity

  NECS is committed to addressing inequalities in our organisation and to that end we have been reporting against the Workforce Race Equality Standard (WRES) since 2016, striving to make improvements year on year. We are now able to report effectively on every WRES indicator, giving us a much clearer view of the challenges we face in relation to the WRES and in creating a fairer, more inclusive workplace.; ; NECS is a disability confident employer and has taken measures to ensure that any opportunity for discrimination during the recruitment process is minimised. Personal information is removed from application forms prior to short listing and is used for monitoring purposes only. NECS ensure that objective selection criteria are used, the decision-making process is recorded, and it can be demonstrated that appointments are made on merit. We also utilise NHS Agenda for Change payrates, ensuring equal pay across the organisation.; ; To tackle inequality in training and development we refreshed our Talent Management Programme in 2020. The development included providing NECS employees with the opportunity to undertake stretch assignments to enhance core competencies and wider learning opportunities. Further to this and in addition to progressing our current mentoring offer by training and recruiting more mentors to the programme, a ‘reverse mentoring’ programme has been developed, providing opportunities to colleagues from under-represented groups to have a reciprocal mentoring relationship with senior level colleagues to share learning and enhance employment opportunities.; ; All of these initiatives and policies will be in effect during delivery of any call-off agreement, and we would be happy to share best practice with suppliers and customers where possible.
• Wellbeing:

  Wellbeing

  NECS recognises that good mental health and wellbeing are associated with improved outcomes for employees including longevity, physical health, and productivity and we are committed to implementing measures which encourage and promote a healthy workforce. ; ; NECS has a dedicated Health and Wellbeing Group that ensures that NECS has an integrated approach to the management of health and wellbeing, therefore, maintaining and improving the health and wellbeing of staff within the organisation. The aim of the group is to provide a framework for NECS to take a proactive and engaging approach to enhancing the health and wellbeing of our employees.; The group is supported by several health and wellbeing champions, who play a key role in supporting and developing a culture that contributes not only to improve the physical and mental health and wellbeing of their colleagues but also themselves. ; ; As part of our strategy to safeguard and support staff with mental health concerns, NECS has a number of employees trained as mental Health First Aiders (MHFA's), who provide responsive assistance to employees and managers in need of help and direction. Whilst MHFA's are not clinically trained in counselling, diagnosing, or treating mental health, they are able to spot the early signs of a mental health problem and signpost and direct to the appropriate and relevant intervention and support agencies.; ; All of these initiatives and policies will be in effect during delivery of any call-off agreement, and we would be happy to share best practice with suppliers and customers where possible.

Pricing

• Price: £30,000 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at necsu.busdev@nhs.net. Tell them what format you need. It will help if you say what assistive technology you use.