DIGITAL MISSIVES LIMITED

L8guard

Web-based computer software system for the management and control of the flushing of infrequently used water outlets as part of water hygiene control of legionella and pseudomonas Aeruginosa bacteria.

Features

• Centralised flushing logs
• Real-time access - check current flushing performance
• Automated daily, weekly, monthly reports
• Multiple flushing contacts / department
• No software installation required
• Automated flushing reminders and escalations
• Closed-loop auditing

Benefits

• Removes the need for paper-based flushing logs
• Easy to deploy, simple for service users
• Quickly identify non-compliant departments / wards
• Centralised, electronic flushing logs - access when needed
• Complete historical reporting library available online
• Compliance graphs and reports - by Estate/Site/Building

£3,500 to £10,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@digitalmissives.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

683726190592076

Contact

Tim Moore
0870 201 1512
sales@digitalmissives.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • General internet access
  • Email access for end users

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Support desk is staffed 08:30 to 16:30 Mon to Fri (email and telephone); Typically queries are responded to within the hour ; ; Weekends and Bank Holidays - support emails are monitored; Urgent queries handled as quickly as possible
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer a simple to use, single tier of support. No extra is charged for 'higher' support levels and non-urgent queries are handled on a first-come first served basis. ; ; First-line support is covered by various team members with more technical or operational queries being routed to appropriate senior team members.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a free-of-charge 3 month trial system and work with Estates and IPC users to understand the system in a 'real' environment - providing risk-free confidence.; ; Service users are guided through using the software via the emails and on-screen prompts and additionally have access to appropriate User Guides.; ; A separate System Administrator's guide is also available.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users have the ability to download all the reports provided either from the emailed report links or from the Admin portal.; ; Non-formatted core data is available on request at the end of the contract, or users can simply request deletion if preferred.
• End-of-contract process: The price covers a annual licence fee which covers the annual access to the L8guard system and the support services.; ; New implementations also incur an implementation fee which covers the cost of data import and the configuration of the system for the customer.; ; On-site services such as training are chargeable at a day rate + travel and expenses. ; ; Off-site services such as web-based training (e.g. via Teams) is chargeable at a fixed hourly rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Various limited customisation options for the operational model. These are discussed during the implementation phase to best suit the customer's usage requirements.; ; Additionally, customised reports can be requested (chargeable) and interactions with other software systems can also potentially be developed.

Scaling

• Independence of resources: Resource demands are monitored by our web hosting providers, as well as our support team. Any untoward demands are observed and investigated.; ; If additional resources are required, they can quickly be added by the hosting providers, however the nature of the system is that it doesn't generally operate suffer from prolonged high-demand situations.

Analytics

• Service usage metrics: Yes
• Metrics types: The nature of the service is based around the controlled and repeated response to flushing documentation requests. Much of the standard reporting is focussed around this.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All reports can be exported via the Admin portal - typically in PDF format but depending on the report, CSV and Excel formats can be also be available
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: PDF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We try to offer typical availability of 99% except for scheduled maintenance. ; ; We do not guarantee any specific level of availability as there are two many factors outside of our control.; ; In the last 10 years, all significant (e.g. over 1 hour duration) service interruptions have been caused by infrastructure outside of our control (e.g. NHS Mail issues, Trust internet access issues).; ; We have never been asked to refund, for any reason.
• Approach to resilience: Available on request - 2 stages - one within the data centre and one in case of catastrophic failure at data centre
• Outage reporting: Public dashboard & email - only implemented if needed (once in 10 years, related to NHS Sites not being able to access external sites / domains).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Most end users only access the system with a directly emailed, time limited link which allows them to submit the current flushing form (either daily, weekly, twice weekly or thrice weekly).; ; Admin users need to provide a client specific authentication code, and then subsequently a username and password.
• Access restrictions in management interfaces and support channels: Client administrators are automatically prevented from accessing other client data through the use of the authentication code.; ; From a support aspect, all our internal support and technical staff can access any currently operational clients data - we do not and would not attempt to limit this.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: Admin users need to provide a client specific authentication code, and then subsequently a username and password.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Our third-party data centre suppliers are ISO 27001, ISO 9001 accredited and Cyber Essentials certified
• Information security policies and processes: We are a micro business with fewer than 10 employees. The managing director takes overall responsibility for security policies, however we have gone through a guided GDPR response process which is reviewed internally regularly.; ; Although most staff work remotely there are tight controls on the equipment used and information is only released to specific clients on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We only use accredited MS .net technology and full MS SQL server as the back-end database. Safeguards are implemented in code against (e.g. SQL injection attacks).; ; We observe and update the .net production environment where necessary to provide enhanced security. Server security is managed by our third-party provider and shared with ourselves.; ; Systems changes are tested locally first, before uploading to the production environment.
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Typically these for us would be on 'third party' software plugins (e.g. with Word Press), however as we deliberately stick to Microsoft development and deployment we're generally not affected by these.; ; However, if a warning arrises it is assessed by the technical team, and an appropriate patch installed (if needed) or (in theory) the offending software removed completely.; ; Server patches are installed regularly by the third party server providers. We've never had to 'patch' our own software.; ; We monitor the internet / security sites and also receive notifications from NHS providers and IT teams.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Test data is stored within the system. If this should become available (e.g. by us receiving emails to fake email addresses) then we identify this as a potential compromise.; ; We would respond as quickly as possible to such an event, and engage the services of our data-centre providers to help identify any potential breach,
• Incident management type: Undisclosed
• Incident management approach: If service users report problems, we investigate and report directly back to them.; ; Service users can report faults or queries via either the support email account, or via telephone.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We actively promote diversity within the company. We currently employ members of the LBGTQ+ community and our current and previous operations managers (reporting the to managing director) were female.

  Wellbeing

  The company also is very open to neuro-diversity and actively supports its employees - providing fully paid sick leave and flexibility for days when employees are struggling, or need to work away from the office. Flexible home working is available to all so that any home caring (adult or child) needs can be accommodated - this is an essential part of our ethos.

Pricing

• Price: £3,500 to £10,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We strongly recommend new clients take advantage of our 3 month free trial - this allows time to ensure that the system works within the client's environment and helps us to work with the client to build the best implementation model.; ; We normally limit the number of departments covered.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@digitalmissives.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.