WELLTIME LIMITED

AppointMentor Online Booking

AppointMentor Online Appointments Booking service allows businesses, professionals, or public sector organisations to enable customers to book and manage appointments online, easily, and conveniently, any time of day or night. We specialise in and have extensive experience with the NHS and healthcare industry. AppointMentor provides integrations, (optional) e-Payments and Feedback.

Features

• Real time online appointments booking
• cancellation, re-arrangement
• e-Payments, advance partial or full deposit
• Powerful and Flexible booking, matching, filtering
• Manage diary zones for specific Service providers, associate Services
• Enhanced reporting, suggestions and business intelligence dashboard
• SmartApp-Remote Access, Manage diary on the go
• Customers App, manage appointments, invoice payments, history
• Special offers, service packages/ bundles, promotions and marketing
• Portal for business and services / slots listing

Benefits

• Helping you with marketing, Find/acquire new customers
• Automate Customer Relationship Management (CRM)
• Automatic emails, follow ups, re-bookings
• Allows you to focus on business, taking care of admin
• Google / Facebook reviews, improve search visibility
• Flexible to accommodate your work patterns
• Customers portal shows your special offers (get new customers)
• Power of AI, optimise diary, reduce whitespace, increase profitability
• Our Apps help manage/grow your business on the go
• Power of IT- Scale business- do more with your resources

£99 to £499 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mubbasher@welltime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

687726892502778

Contact

Mubbasher Khanzada
02070961440
mubbasher@welltime.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Dental practice management systems
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: Our Online solutions require connectivity to the Internet
• System requirements:
  • Internet connectivity
  • Running on Windows OS

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to queries within 4 hours during business hours. Out of business hours the response time can be longer.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat has easy to use text, with alternatives for additional accessibility, e.g. increasing text size
• Web chat accessibility testing: We use the popular open source web chat solution Rocket Chat (we have not tested it with assistive technology users ourselves)
• Onsite support: Yes, at extra cost
• Support levels: Our direct remote support provides support during the UK business hours. Additional support at site is also provided, depending on the requirements, any costs will be discussed and mutually agreed.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide training and necessary documentation.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: When contract ends, the user's data is provided in the portable data format (like XML, JSON files) or database backup files.
• End-of-contract process: At the end of the contract, customer data is provided to the customer. The account is closed and data is deleted (in accordance with the regulatory requirements) from our systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Native Apps work directly with the mobile phones, our web solutions are all fully responsive, working very well with the mobile and tablet devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Users can log in to our solution back end portal to manage the common tasks, access reports, change features and parameters, configure and adjust the system as per their requirements.
• Accessibility standards: None or don’t know
• Description of accessibility: Our services are fully accessible through the browsers, responsive and user friendly.
• Accessibility testing: We have not done testing with users of assistive technology.
• API: Yes
• What users can and can't do using the API: Our API allows third party solution providers to integrate with our services and consume and provide our core services to their customers through their own solutions.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can customise the look and feel of the solution. There are service configuration screens that allow the customers to modify, change and customise the solution behaviour.

Scaling

• Independence of resources: Through the use of load balancers and service monitoring tools, ensuring our infrastructure is operational and can easily cope with the demand from the users.

Analytics

• Service usage metrics: Yes
• Metrics types: We monitor and log service usage through our own and additional analytics tools (like Google Analytics).
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Conforming to ISO 27001
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is exported from the database from different fields (depending on the solution and requirements). Information can be provided in different formats.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We provide high level of uptime for our services. We have different SLAs based on the requirements, for example, our strictest SLA is: we guarantee a response within 6 business hours, our Engineers will start remedial actions within 18 business hours.
• Approach to resilience: We have operational resilience thorough implementation of policies of Governance, cyber security, information monitoring and procedures. We have Heart beat, Recovery procedure automatically informs our team proactively. The system starts an automated recovery procedure, if the issue persists,the customer is alerted automatically about outage with the recommended procedure to be enabled. We have load balancing on the servers, There are also redundancy of servers. We take snapshots of the servers. Databases are daily backed up on off site back ups. We have SLAs in place with the data centre for infrastructure resilience they provide. We have the disaster recovery and business continuity plan in place. If there is any incident, our solutions can be recovered and restored within 24 hours.
• Outage reporting: Our systems have intelligent / automated monitoring mechanisms in place that monitoring. Heart beat, Recovery procedure automatically informs our team proactively. If the issue persists, then the customer is alerted automatically about outage with the recommended procedure to be enabled. Outages are reported through email alerts as well as phone calls.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Users are authenticated through username and password. For more sensitive operations access is further validated through 2FA. We have segregation of roles and responsibilities. Different functions are provided through the different departments, with specific management interfaces access. There is access level and hierarchy based on roles of the team members.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • Other
• Other security governance standards: We follow the ISACA standards for governance, COBIT-2019. For security we conform to NIST Framework and Cloud Security Alliance (CSA) guidance.
• Information security policies and processes: We have information security policies for governing the information security. 1. Information security policy 2. Privacy policy (including cookies policies) 3. Terms of use policy We are registered with ICO.GDPR compliant, we have GDPR white paper, that is proactively shared with the customers. We have a qualified DPO (certified in ISACA certifcates, CISA, CISM, CRISC), we follow the COBIT-2019 framework. We have external audit process. We follow data security rules, including but not limited to encryption of mobile devices, communication channels. All data is encrypted, data is handled on a need to know basis, we have segregation of duties and roles& responsibilities. There is a comprehensive credentials (user name / password) protection policy. Data centre, servers and systems are protected through the firewalls, antivirus and password policies. Customers can make data erasure request at any time. We have data security incident management policy in place. We implement comprehensive data governance policies, our Data Protection Officer (DPO) implements and monitors these policies.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We use version control and staging servers to manage any change, fully assess and evaluate the effects and impact of the changes during development/staging environment before deploying them in Production environment. We have a fully Quality Assurance (QA) process in place, with rigorous Regression testing. We have processes in place to endure default settings are configured in line with the security policies of the company. Changes are assessed for the potential security impact. Our internal Change management policy and procedures are followed with conform to the industry wide standards such as ITIL and CSA Cloud Controls Matrix v3.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our team monitors for known vulnerabilities through a combination of the open source and propritary vulnerability scanning / reporting tools and communities, and remains up-to-date through professional subject matter periodicals and forums. We test and deploy patches through our change management process. We keep our antivirus signatures up to date. As part of the software development process, our team evaluates potential threats and possible issues. We conduct audit of our solutions, both physical and logical controls.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have proactive monitoring processes in place, including the frequent antivirus signatures updates. When an issue happens, our CTO gets notified immediately to contain the issue. If there are any technical glitches they are solved quickly. However, if there is a data incident, then our DPO is informed and our GDPR process is invoked. Root cause analysis is performed and a solution is deployed. We have policies and procedures that are followed in case of a data incident. We inform the customers as per our GDPR procedure and work with them to remedy the situation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have a system for incident reporting. Through our website, users can access a portal and report any issue. We have developed a culture in the organization and a team of security awareness, we are a very user approachable team and company. If and when an incident happens, IT team reports it to the CTO. If there is a Data issue, the CTO informs the DPO. The CTO fixes the issue, but in any case, the DPO reviews the details of the incident to independently assess. Any serious incidents are escalated to the board.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We heavily rely on electronic storage of data and electronic methods of communication resulting in virtually paperless record keeping and communication.; ; We endeavour to reduce our carbon footprint and use of chemicals utilising flexible working methods.
• Covid-19 recovery:

  Covid-19 recovery

  We have supported our personnel financially thought the pandemic period and no single employee was laid off due to Covid-19 impacts.
• Tackling economic inequality:

  Tackling economic inequality

  We have encouraged female section of society to apply for jobs available at our company reducing the gender gap. We maintain the equal pay scale for both genders.; ; We also give preferential treatment to the people coming from deprived areas and sections as well as people from marginalised segment of society.
• Equal opportunity:

  Equal opportunity

  We are an equal opportunity employer.
• Wellbeing:

  Wellbeing

  We give high importance to the wellbeing of the personnel of Welltime. We have provided gym and other sports facilities in house.

Pricing

• Price: £99 to £499 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free 1 month trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mubbasher@welltime.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.