DRUGS AUDIT LIMITED

Drugs Audit

Drugs Audit is a digital platform for audits (e.g. controlled drugs, IPC, medical gases) in all healthcare settings. Web based with advanced data analytics the system allows audits to be carried out via the web and analysed instantly for continual review and transparency of progress in any period.

Features

• Responsive Web Audits
• Real Time Analytics using Microsoft PowerBI
• Wide range of Audit Templates
• Mirror organisation structure for easy data linkage
• Self-serve management of organisation structure
• Bespoke audit setup
• Action Planning for ongoing management - September 2022

Benefits

• Removes the need for paper audits
• Delivers instant insight on medication audit results
• Save significant time on audit data entry
• Prevent input errors and illegible answers
• Identify missing or failed audits quickly
• No physical storage required - data stored in cloud
• Access using any device, PC, Tablet or Phone
• No IT requirements other than internet connection

£20.00 to £30.00 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at helen@drugsaudit.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

623702664052114

Contact

Helen Dargie
07584 343526
helen@drugsaudit.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: There are no significant constraints to the system. ; Old versions of unsupported Internet Explorer (or other) browsers will not be supported.
• System requirements:
  • Devices must have internet access via WiFi or 3/4/5G
  • White listed availability of Drugs Audit platform
  • Manufacturer supported browsers in use

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Helpdesk available by phone or email Monday - Friday 9am-5pm with 48 hour standard response time; Critical Issues - Within 4 Working Hours Response Time; Urgent Issues - Within 8 Working Hours Response Time; ; Evenings/Weekends - emergency OOH support via contact number
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We pride ourselves on providing outstanding support. We employ an operations/technical director and a cloud support engineer alongside our partner support team who are available for technical support when required.; ; Every partner has the same service level agreement included in their licence fee which covers day to day service requests (e.g. add a new user), error reporting and report/data queries.; ; On Site Support - while rarely required we do offer on site support for partners. Priced at £50 per hour plus travel costs.; ; When additional or non-standard requests are made (e.g. add a feature to platform or make changes to an audit/report) we quote based on a standard hourly rate:; Audit Changes: £50 per hour; Report Changes: £65 per hour; Bespoke Report or Platform Development £75 per hour
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Drugs audit training is provided in three stages; 1. Implementation - takes the client through the setup of the system and gives opportunity for questions ; 2. Launch Training - We carry out a project launch call to show the system set up to the clients requirement, answer questions and provide guides for their internal training.; 3. Post Launch Review - After the first audit period we carry out a post launch review to ensure users are happy with the system and have no questions or concerns,; ; All training is delivered virtually using Microsoft Teams.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the end of a contract the client is sent a close down email asking for their historical data requirements. ; Once we have the requirement (usually a full raw data file) we extract the data and provide to the client using a secure method of their choosing. If they have no preference we will use Microsoft One Drive or direct transfer via API.
• End-of-contract process: Included in the contract is the end of contract data extraction file (as described in previous question); ; If the client wanted historical data dashboards to remain live this would attract an administration cost to keep the database open.; ; There are no other costs associated with the end of a contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Audits: The only difference between mobile and desktop is the format of the questions and answers. On desktop the answers are side by side and on mobile the answers are stacked on top of each other.; ; Platform: this will be accessible on mobile but due to the complexity of the platform and the scale of analytics dashboards we recommend that this is accessed using a desktop.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Users can send answers for audits ; Users can view reports for their data send based on token authorisation; Users can't change any data or modify any audits using exposed API for end users
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise their service in a number of ways:; 1. Custom audits, standards and layouts; 2. Customise their organisation structure and users; 3. Customise reporting and dashboards; ; In most cases customisation is carried out by the Drugs Audit team with the exception of point 2 where our partners can be given direct access to the system to make changes when needed to their structure and which locations should complete each audit.

Scaling

• Independence of resources: We are using Microsoft Azure Cloud Server Services which allows us to flex or contract based on the demands of the system. ; Our servers are managed and monitored by our technical engineer to ensure service is always optimised as new users join.; We have alerts in place for any system issues including slow service times and increased processing times.

Analytics

• Service usage metrics: Yes
• Metrics types: Our Dashboards are built to track usage of the platform in order to ensure compliance with specific deadlines for audit completion.; We track audit completion and display the results in PowerBI dashboards
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is exported from the platform using the reporting feature. ; Set reports are made available based on the user requirements and in some cases bespoke data exports are built based on client requirements.; Raw data files can be set up to be exported from the platform or sent direct via email or API
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
  • PPT
  • Word
• Data import formats:
  • CSV
  • Other
• Other data import formats: Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee 99.5% platform availability throughout the year; ; This equates to 44 hours of allowed unscheduled downtime through the year; ; Any scheduled works are completed outside working hours and are in addition to any unscheduled outage. These works are planned with each client to ensure the updates do not cause a problem; ; In the circumstance where unscheduled downtime equals more than 44 hours in the period April - March Annually the client will be refunded or credited 2% of their annual licence at the end of the 12 month period.
• Approach to resilience: Cloud Server Infrastructure provided by Microsoft Azure.; ; Information available on request
• Outage reporting: Service outages are currently set up to report using email alerts.; ; As part of future development a live service indicator will be added to our help page.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: To control and restrict access to the platform we are using Auth0 authorisation and authentication middleware.; Each user has a unique setup with specific parameters restricting access to only their required information
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We are currently in the process to be assessed and accredited for IASME governance framework.; We are managing our security governance in line with these principles and are confident of imminent accreditation.
• Information security policies and processes: We have an overall information security policy covering all aspects of security in our business. ; Alongside this we have core policies as follows:; 1. Disaster Recovery Policy; 2. Security Incident Plan; 3. User Management Policy; 4. Data Security Policy; 5. Privacy Policy ; ; Any security incidents are reported to the following:; - Operations/Technical Director; - Server Support Technician; - Systems Manager; ; Policies are reviewed annually for any required updates and changes briefed to the team. All colleagues sign policy to verify understanding and aware of reporting process.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All of the change management process are kept in our Jira development planning platform. ; All project components that are affected by any change are tracked and updated with versions and releases. ; All of the releases are scanned for security and OWASP Code Smells using SonarQube and Zap Scanner
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We assess potential threats to our service with vulnerabilities identifying tools SonarQube and Zap penetration test. ; After any scan, tasks are created for developers in JIRA to fix identified vulnerabilities with set lead times.; Patch deployment timescale depends on the urgency of the vulnerability, most will be deployed within 48 hours unless this is not technically possible. Clients are kept informed via our help page.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We are using monitoring tools Microsoft Azure Insights and Web Application Firewall supplied by MicrosoftAzure and CloudFlare. ; All monitoring and alerts systems are configured with alarms and notifications for multiple technical contacts plus the CEO.; All incidents will be responded to within 12 working hours with a fix plan in place and clients notified via help page.
• Incident management type: Supplier-defined controls
• Incident management approach: We use a range of monitoring, insights and alerts tools to help us identify incidents before they affect a client with a process in place to identify RAG status of the incident and, as a result, the SLA for resolution.; ; Users are able to report incidents using the dedicated help desk page available directly on the platform.; ; Incident reports are created by the Operations Director and placed on our help pages for clients to review should they need to. Incident reports are also sent directly to all affected clients from the Operations Director

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  The solution we have developed removes the need for paper audits to be carried out. The environmental impact of the amount of paper, printing and screen time for transcribing audits is small yet significant and our approach converts all audit activity to a fully digital, low impact model. This will deliver environmental benefits at each partner organisation we work with.

  Tackling economic inequality

  Although a small business, Drugs Audit has already created jobs and career development. One of our core team was brought into the business as part of the government Kickstart Scheme and has progressed to a Distinction in her Level 3 Apprenticeship. Prior to this she had no qualifications or confidence. She is now a driving force in the business. ; Our focus for this business is creating jobs and educational opportunities. As we grow we will create more jobs both in our local area and across the country.

Pricing

• Price: £20.00 to £30.00 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at helen@drugsaudit.com. Tell them what format you need. It will help if you say what assistive technology you use.