VITALHUB UK LIMITED

SHREWD Services

SHREWD Services is able to provide both solutions and direct delivery of support. For over 20 years VHUK, collectively, have worked in partnership with sector providers at all levels that includes Acute, Community, Mental Health and Primary Care NHS organisations, NHS England and Private Healthcare organisations.

Features

• Business Analysis
• Clinical change and transformation
• Data migration
• Deployment services
• Design and development
• Integration services
• Onboarding services
• Programme management
• Project management
• Supports variety of automated and manual data feeds as required

Benefits

• Experts working with experts to enhance improvement capability
• Support systems to provide better, safer care
• Practical ability to implement good practice rapidly

£350 to £1,200 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin.garrod@vitalhub.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

638322282444114

Contact

Mr. Colin Gqrrod
+442045833142
colin.garrod@vitalhub.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No constraints
• System requirements: Users must have a nhs.net email address (or NHS equivalent)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The manned helpdesk (telephone and email) is available 08.30 to 17.30 Monday to Friday. ; Priority and timescale; 1 (High): Full system outage – no users at all can use the system. Response: Resolve 4 hours.; 2 (Medium): Partial system outage – a significant number of users are affected: Resolve: 1 business day; 3 (Low): Minor – a handful of users or a part of the system is not working to Specification: Resolve 3 business days; 4 (Query) : Minimal impact: Resolve 20 business days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Telephone and email helpdesk 08.30 to 17.30 Monday to Friday.; ; Priority and timescale; 1 (High): Full system outage – no users at all can use the system. Response: 10 mins. Resolve 4 hours.; 2 (Medium): Partial system outage – a significant number of users are affected. Response 10 mins. Resolve: 1 business day; 3 (Low): Minor – a handful of users or a part of the system is not working to Specification. Response: 10 mins. Resolve 1 business day; 4 (Query): Minimal impact. Response; 3 business days. Resolve 20 business days.; ; Initial set up and additional training, integration and development services are available as per the rate card provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: All programmes are set up for success by establishing effective leadership and governance, and building the right delivery team with the right skills; ; • Baseline requirements ; • Benchmark information and data ; • Process Mapping ; ; A delivery team from VHUK will be assigned, with executive level oversight and quality assurance undertaken as routine. We will work with the SRO for the organisation in understanding the specific requirements, deliverables and service specification. The project lead will ensure all governance is in place and will complete the appropriate data sharing agreements and data privacy assessments to enable us to work safely with you. There will be training sessions for each staff group so they become very familiar with the inputs and outputs of project, and these can be both virtual or on site. We can also provide additional support to executive, corporate, clinical and operational teams to support the production of improvement actions/plans for assurance and recovery programmes.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
  • Other
• Other documentation formats:
  • Microsoft Word formats (doc and docx)
  • Microsoft Excel formats (xlxs, xls and csv)
• End-of-contract data extraction: All raw data is real-time and publicly available and retained by the source organisation(s). All data provided over the duration of the contract can be extracted as a CSV at contract end and shared with the relevant organisation.
• End-of-contract process: Source data feeds are switched off and accounts suspended.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Specifications drawn up in line with customer needs and deliverables agreed at the start of each project.

Scaling

• Independence of resources: We have multiple resources across the entirety of VHUK that we can call upon when required.

Analytics

• Service usage metrics: Yes
• Metrics types: Users, Organisations, Indicator, Dashboards, usage stats, performance metrics, metric updates (frequency, total and usage) and feature usage metrics.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Other
• Other data at rest protection approach: Database TDE Encryption
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: To be agreed with the customer
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • Excel
  • SQL
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: The primary datastore is replicated across networks using SSL. File based data transfers are password locked and encryption done using private/public key encryption algorithm.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: The primary datastore is replicated using SSL. File based data transfers are password locked and encryption done using private/public key encryption algorithm on top of TLS.

Availability and resilience

• Guaranteed availability: Planned maintenance is undertaken outside business hours. The Service Commitment target is 99.95%. A Kubernetes cluster and database replicas are used to ensure that the level of availability is maintained.
• Approach to resilience: Non-Disclosure Agreements are in place with all hosting provider suppliers. A risk assessment is undertaken for each supplier, with any required actions (which can include the supplier being subject to a security audit by the hosting provider) are conducted and managed by the Director for Supplier Management in conjunction with the Information Security Manager. All suppliers are audited as part of ISO 27001 third party audit policies, which are in turn assessed by qualified and impartial third-party ISO 27001 compliance assessors. Due diligence is performed on any security impacting third parties prior to selection and appropriate security requirements are built into contractual agreement where necessary. All strategic suppliers are assessed for their Business Continuity provision. Once reviewed the results of the assessment are analysed to assess the supply chain risk with regard to business continuity. Those suppliers considered to be inadequately prepared to deal with a BC scenario affecting their own organisation, which could therefore impact on the hosting provider to continue normal service operations, will be subject to further auditing, via a more detailed questionnaire or onsite at their premises. Third party suppliers are audited at least annually, with a shorter (quarterly) audit cycle for critical suppliers.
• Outage reporting: When the service has a disruption or outage, users are notified through emails and via our support service application

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Other
• Other user authentication: Location based filtering combined with username and password; multi factor authentication that generates a JWT token that runs amongst microservices, ensuring access control for each request.
• Access restrictions in management interfaces and support channels: Access to accounts that are created for internal admins is limited. Created accounts use two factor authentication to be able to access the interface.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 06/04/2023
• What the ISO/IEC 27001 doesn’t cover: No Exceptions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: DSPT Organisation Code 8JF22

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security policy, access control policy, asset management policy, classification of information policy, compliance policy, cryptographic policy, HR process, information security incident management, medical policy, mobile device and networking policy, network security management policy, operations workflow, operations security policy, organisation of information security, physical and environmental security, supplier relationships policy systems acquisition and development policy, business management operational objectives, individual user agreement, non-conformance, customer feedback, internal audit procedure, change control procedure, design control, major incident process, business continuity plan, problem management procedure, document management procedure, contact review process, supplier review process etc.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Processes are in place to ensure that all changes are authorised and tested prior to being deployed. These are compliant with the relevant aspects of NHS Data Security Protection Toolkit. To track components of services over time, version control is enforced, and access control records are kept and monitored. All change requests are documented and assessed. All staff are trained on operational procedures maintained on the company intranet, including Access Control and Password Management Procedures, Change Control Process, Privacy Impact Assessment & IG Checklist, Project and Change Management Control Plan, Network Security Policy, and Information Security Policy.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All servers are covered by a comprehensive monthly patching and maintenance schedule. Any important or urgent patches are applied out of schedule, with important patches within 2 weeks of a patch becoming available, and critical patches within 24hrs. Patches are always applied to Dev, Test and Staging environments first to prevent issues with production environments.; Servers are actively monitored by a variety of tools including Spiceworks which highlight out of date software version numbers to the internal support team for action.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Measures are put in place to detect any attacks or unauthorised activity as part of a process compliant with the relevant aspects of the NHS Data Security and Protection Toolkit i.e. Information Security Assurance, Incident Management, and Investigation. Potential threats to our services are assessed through employing a 'listener', upon the detection of a threat the relevant IP address is immediately isolated and blocked, whilst a potential threat to our software products is monitored and curtailed immediately with patches deployed automatically to the affected areas.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an incident management process in place to ensure incidents are dealt with to recover a secure and available service. The guidelines apply to all staff and include: All incidents must be reported to a manager and/or Information Security Team. An incident report is then completed detailing; name of the individual reporting the incident, the date, where the incident occurred, details of the incident and any actions taken, including who the incident has been reported to and the date the report is created. The Information Security Team investigate the incident and employ the necessary measures and actions to resolve

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We acknowledge the undeniable challenges faced by the NHS and all providers supporting Health and Social Care nationally, and we recognise the staff and the resolute response they have demonstrated in the face of mounting workforce pressures and the increasing demands on NHS services. Our products and services have a positive impact on Net Zero that align with the NHS carbon challenge.; VitalHub UK regards itself as a Human Systems company that does IT, that’s because we couldn’t do what we do without our people, or the users of the system. We have a strong commitment to corporate social responsibility (CSR) and a vision to create positive social, economic, and environmental impacts. Our corporate statement elaborates on how we ensure the delivery of social value through our products and services, describing the benefits we offer in terms of improving economic, social, and environmental well-being.; We are dedicated to minimising our environmental impact. The company's practices, such as reducing emissions, promoting recycling, and encouraging eco-friendly transportation options, align with the goal of protecting the environment. By reducing our carbon footprint and advocating for sustainable practices, VitalHub contributes to the environmental well-being of the local community. We positively encourage (on an individual basis) our staff to work remote and use public transport where practicable.; Our services are designed to help healthcare organisations reduce costs and enhance efficiency. By streamlining business processes and improving information management, the company supports public organisations in achieving better value for money whilst fighting climate change at the same time maintaining the quality of healthcare services.; We also ensure that our suppliers adhere to quality management systems and relevant legislation. This ensures that the services provided to public authorities meet high standards, leading to economic savings and a reduction in inefficiencies.

  Covid-19 recovery

  We acknowledge the undeniable challenges faced by the NHS and all providers supporting Health and Social Care nationally, and we recognise the staff and the resolute response they have demonstrated in the face of mounting workforce pressures and the increasing demands on NHS services. The NHS as a whole has been grappling with escalating demands and the pressures placed on healthcare systems across the country have been profound, necessitating creative solutions and a collaborative spirit to ensure the well-being of our communities. As a provider of solutions to the NHS we have stood on the frontlines, facing these challenges with determination and resolve.; Over the last two years, healthcare organisations and staff across the globe have unanimously felt the effects of the COVID-19 pandemic and united together to ensure continuation of service and the health of the population while operating in exceptionally uncertain conditions. As a provider of critical IT and software solutions to healthcare organisations, and in light of the dual pressure of both performance and pandemic, protecting not just the health but also the happiness of employees, who sit at the heart of servicing these organisations, has become a business imperative. ; We have collaborated and worked with our customers through and pots COVID to ensure our technologies help improve patient services and optimise limited NHS resources.

  Tackling economic inequality

  VitalHub have been involved in several initiatives, not only in the UK but globally, that we would like to highlight as examples of our commitment to Social Value and helping where we can to tackle economic inequality, examples include:; • We work closely with UK universities to provide Knowledge Transfer Partnership opportunities to graduates, which has resulted in employment with us for all participants to date.; • We have provided apprenticeship and secondment opportunities to the community and to customers to support workforce development and growth, as well as industry knowledge. ; • We are about to provide a workplace scheme to encourage the use of electric cars. ; • We have encouraged more home working to reduce carbon footprint.; • We have gifted laptops and other hardware to students, schools, and NHS organisations.; • We have sponsored a number of workshops and gatherings for patients and NHS providers, with no involvement from ourselves.; • We have provided free education on ICT and infrastructure to schools, particularly in areas of deprivation.; ; Our comprehensive CSR initiatives and dedication to ethical business practices strongly align with the Public Services (Social Value) Act 2012. By focusing on economic, social, and environmental well-being, the company not only meets the requirements of the act but goes above and beyond to ensure that its services and products are a force for positive change in the communities it serves. Our commitment to delivering social value is a testament to our dedication to public services and the betterment of the communities we support.

  Equal opportunity

  We are an equal opportunities employer, conversant with the Human Rights Act 2010, Working Time Directive, and the Modern Slavery Act 2015. We are committed to equality of opportunity and to providing a service and following practices which are free from unfair and unlawful discrimination. The terms equality, inclusion, diversity, and equity are at the heart of our values. We value people as individuals with diverse opinions, cultures, lifestyles, and circumstances. ; We will actively support diversity, equity and inclusion and ensure that our workforce is valued and treated with dignity and respect. We to encourage everyone in our business to reach their full potential and enjoy their work. ; Modern Slavery Prevention: Our stringent modern slavery prevention measures align with the Act's objective of promoting ethical business practices. By ensuring that modern slavery is not present within its operations or supply chain, VitalHub contributes to social well-being by promoting fair and just labour practices.; Our comprehensive CSR initiatives and dedication to ethical business practices strongly align with the Public Services (Social Value) Act 2012. By focusing on economic, social, and environmental well-being, the company not only meets the requirements of the act but goes above and beyond to ensure that its services and products are a force for positive change in the communities it serves. Our commitment to delivering social value is a testament to our dedication to public services and the betterment of the communities we support.

  Wellbeing

  At VitalHub we look at wellbeing in several ways,; Social Well-Being, our people, our partners: We take pride in how we support all our people, whether office or remote workers through multiple ways that have include virtual coffee times and workouts for remote workers in addition safe wellbeing meetings, open door access, team meetings and supporting social occasions.; VitalHub actively engages in charitable and community support initiatives. By allowing staff to request sponsorship or monetary donations for local charities, sports clubs, and community centres, VitalHub directly supports social well-being in the communities where it operates. We select two UK charities each year to support both internally with team activities and fundraising but also externally by promotion and exposure. This year’s charities are Julia’s House and Hospice in the Weald. Julia’s House was nominated to us by one of our customers and provides hospice care to some of the most seriously ill children across the counties of Dorset and Wiltshire. The Hospice in the Weald was nominated by one of our team who wanted to show gratitude to the hospice that provided care to his wife shortly after they married and had a child. Our team have raised nearly £3k to date for these charities.; Environmental Well-Being: Protecting the Environment: We are dedicated to minimising our environmental impact. The company's practices, such as reducing emissions, promoting recycling, and encouraging eco-friendly transportation options, align with the goal of protecting the environment. By reducing our carbon footprint and advocating for sustainable practices, VitalHub contributes to the environmental well-being of the local community.; Empowering Healthcare Organizations: we empower healthcare organisations to enhance the quality of care they provide to their patients and communities. By doing so, the company contributes to improved healthcare outcomes, thus positively impacting the social well-being of patients and local communities.

Pricing

• Price: £350 to £1,200 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin.garrod@vitalhub.com. Tell them what format you need. It will help if you say what assistive technology you use.