GHX UK Ltd

GHX Procure Inventory Manager

GHX Procure Inventory Manager is an inventory management solution that helps improve patient safety and deliver Scan4Safety capability. It gives healthcare providers greater visibility of stock, helps reduce the risk of over-ordering, prevents wastage, speeds up recall, and saves on costs and clinical staff time.

Features

• Visibility of stock within and across hospitals and ICS
• Efficient stock replenishment, stock counts and goods receipting
• Mobile application to manage your stock on the go
• Track the quantity and value of stock you hold
• Batch recall, expired stock and stock-out notifications
• Identify patient and procedure level costs, combined with consultant comparisons
• Track and charge items to procedural costs
• Easy access to your GHX NEXUS item data
• Centralised visibility helps reduce variance and control spend
• Simple and seamless integration to your ERP system

Benefits

• Standardises processes for stock replenishment, stock counts and goods receipting
• Reduces over-ordering and maintains levels based on your requirements
• Improves batch traceability and highlights potential issues with batch recalls
• Reduces wastage through more effective stock control
• Reduces clinical staff time spent on managing and re-ordering stock
• Easily identify incomplete, incorrect, delayed or missed deliveries
• Helps you stay on top of supplier performance
• Frees up valuable storage space by reducing stock held
• GS1 UK approved and helps you meet your Scan4Safety requirements

£8,775 to £56,250 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.minards@ghxeurope.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

654301676824163

Contact

James Minards
0345 620 2222
james.minards@ghxeurope.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: GHX Nexus
• Cloud deployment model: Hybrid cloud
• Service constraints: Maintenance and updates do not usually require the service to be made unavailable. Where this is required any; downtime will be scheduled between 18:00-20:00 to minimise impact to customers.
• System requirements:
  • Access to the Internet
  • Defined versions of web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - Target 1 hour. Priority 2 - Target 2 hours. Priority 3 - Target 4 hours. Priority 4 - Target next working day.; Out of hours support can be provided on request. Additional fees apply.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: GHX provides a single comprehensive level of support. When an incident is reported to the UK support team,; priority is established based upon the business impact to the customer, using the Salesforce.com CRM system.; OLA's are in place for escalations beyond the support team to technical teams. Support and an account manager is; provided as part of the annual subscription fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: GHX provides onsite or remote online training as agreed with the customer. Online user documentation is available; through the user interface.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract their data in CSV format through the user interface at the end of their contract.
• End-of-contract process: At the end of the contract, users can download all data from the system in CSV format. There is no additional cost to; the customer for extraction of the data through the user interface. In addition, GHX works closely with the customer; on an Exit Plan to enable continuity of service with a smooth and secure transition of service to them or a; replacement service provider.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There are no differences between the mobile and desktop service.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: GHX Procure Inventory Manager provides an intuitive user interface supporting full management of the customer's; data and applicable business processes.
• Accessibility standards: None or don’t know
• Description of accessibility: GHX Procure Inventory Manager is designed to be highly flexible with easy-to-use functions that are accessible for; all users.
• Accessibility testing: So far, GHX has had no customer requests to support assistive technology, but will look to support this where; needed.
• API: No
• Customisation available: No

Scaling

• Independence of resources: To maintain high levels of service availability and provide services that scale to meet growing supply chain; demands, GHX leverages an Information Technology Service Management (ITSM) framework committed to; continual service improvement. Guided by the Information Technology Infrastructure Library (ITIL), GHX integrates; people, process and technology to manage its vital supply chain services. This comprehensive and coordinated; approach to service management enables GHX to continue to meet the evolving 24/7/365 demands of the; healthcare supply chain.

Analytics

• Service usage metrics: Yes
• Metrics types: GHX Procure Inventory Manager has usage reports built into the software and can be accessed or downloaded by; system users.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data through the user interface. Reporting also includes download functionality.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: GHX understands the critical nature of the services provided to the healthcare supply chain community. For more; than 10 years, healthcare providers, suppliers, distributors and group purchasing organisations have been relying on; GHX to provide enterprise-grade services. Year after year, GHX customers consistently rate GHX service availability; as one of the top reasons they choose to partner with GHX. GHX provides over 99.9% annual uptime of core; Exchange services; processing approximately one million supply chain transactions per day for its healthcare; trading partners, including over 4,100 medical providers and 400 medical suppliers.
• Approach to resilience: Available on request.
• Outage reporting: GHX proactively monitors the availability of the services we provide. 24/7/365 automated monitoring and alerting.; Tier 1, 2, and 3 Customer Care and Application Support centres. Network Operations Centre (NOC) for incident; management and customer assurance. Prioritised incident management with response, resolution and; communication targets based upon impact and urgency.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is provisioned to GHX users on a "need to know" basis. GHX maintains on and off-boarding procedures that; are test 2x per year during SOC1 and SOC2 audits.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: GHX aligns with the PCI DSS requirements for a security program.
• Information security policies and processes: GHX maintains information security policies that are updated at least annually. Policies that have been translated (in; Dutch, French and German) include: (1) IT Management Policy; (2) Information Security Management Policy; (3); User ID and Password Guidelines; (4) Data Classification and Handling Guidelines; and (5) Reporting Security and; Privacy Incidents Procedures. To protect the data in its care, GHX looks to the ISO/IEC 27000 series of standards; as the framework for the Company’s information security management system. GHX also looks to best-practice; security controls in protecting data in its care, including those published by the National Institute of Standards &; Technology (NIST). The GHX security program is managed by its Global Security Operations Director, under the; direction of the GHX Vice President, Global Operations and Infrastructure. GHX also maintains a compliance; department, managed by the Director of Compliance, under the direction of GHX Vice President, General Counsel.; The compliance department is responsible for monitoring compliance with policy documents and engages an; independent 3rd party to audit compliance annually (SOC1 and SOC2 audits). The SOC1 and SOC2 audits focus on; activities in North America but also include global audit of certain strategic controls.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Requests are received and reviewed by the change management team for completeness, accuracy and; operational readiness, including but not limited to: (1) targeted implementation date; (2) business and security risks;; (3) priority; (4) business justification; and (5) any other change-related information. Changes are categorised by: (1); Informational; (2) Patch; (3) Standard; (4) Minor; (5) Major; and (6) Initial Production Release. GHX performs asset; inventories to track service components through their lifetime. Change process is used to track changes to assets, including the install and decommissions of assets. Changes are reviewed by the security team for potential security; impacts.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: GHX performs quarterly vulnerability scanning to identify vulnerabilities in the infrastructure and applications. GHX; performs quarterly penetration testing to assess if the vulnerabilities can be exploited. If exploits are discovered,; then GHX will apply applicable patches, remove Internet access to affected systems, or make other changes as; necessary to remediate the exploits. Patches are applied to systems on a quarterly basis. GHX’s Global Security; Operations Director attends security conferences and subscribes to news feeds to get information about potential; threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: GHX monitors the systems and investigates alerts from the monitoring tools. GHX investigates security alerts from; system logs, office productivity applications, intrusion detection and prevention systems, and tickets submitted by; end users to identify potential compromises. GHX follows its incident response procedures to evaluate the incident.; Infrastructure and application engineers will be engaged for the technical analysis on incidents and take appropriate; action to resolve the incident. GHX Global Security Operations Director oversees the incident investigation, and the; GHX Director of Compliance oversees the investigation for breaches of data and requirements for reporting.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: GHX has a defined GHX Security and Privacy Incident Response Plan for responding to incidents. Customers report; incidents to GHX customer success team, and the customer success team keeps the customer informed of; progress. GHX employees use internal ticket procedure to report incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  GHX is committed to meeting the NHS target of Net Zero. As a company, we have reduced office space and are striving to ensure that all systems and processes have the minimum environmental impact.

  Covid-19 recovery

  GHX has invested in technology and processes to minimise the impact of COVID-19 and future pandemics. People and systems are resourced and deployed remotely, and suitable redundancy and scalability are planned for each area.

  Tackling economic inequality

  GHX continually reviews its employment policy and guidelines to ensure fair and equitable remuneration. GHX pays above the minimum wage and ensures recruitment and rewards align with market needs.

  Equal opportunity

  GHX has equal opportunity requirements and policies embedded in our HR policies. Regular reviews are held to ensure remuneration and opportunities are suitably balanced.

  Wellbeing

  GHX prioritises the wellbeing of its staff and, where applicable, its customers. As a company, we provide various free, easily accessible wellbeing services to all staff and their families. In addition, regular people leader reviews and surveys identify areas of concern, and we address them as a priority.

Pricing

• Price: £8,775 to £56,250 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.minards@ghxeurope.com. Tell them what format you need. It will help if you say what assistive technology you use.