MIS EMERGENCY SYSTEMS LIMITED

MIS C3 fully hosted 999, IUC, 111 and PTS System

Intuitive ambulance command and control system; from call handling through triage to dispatch. Integrated Urgent Care and 111, NHS Digital and national system interfaces enhanced care pathway management for patients. Fully functional non-emergency patient transport system.

Features

• Market leading tri-service provision for mission critical 999, 111, PTS
• Rapid, accurate call entry through intuitive user interface
• Highly innovative modular design
• Wide third party integration across industry sector
• Advanced workload and resource distribution tools
• Comprehensive reporting and data analytics
• Integral, comprehensive auditing across all system aspects
• High integration with NHSD services for holistic patient care provision
• Advanced industry leading automated dispatch
• Scalable, Real-Time, Multi-Site, Multi-User system

Benefits

• Tri-Service shared databasing and customer configuration
• Truly benefit from economy of scale and cross discipline working
• High integration to national and third party system
• Major Incident Command
• Hazardous Area Response
• Event Management
• First Responder Management

£8 a user

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mis-es.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

717752250863117

Contact

Sales
0845 330 4425
info@mis-es.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: None
• System requirements:
  • Microsoft RDP compatible client devices e.g. Windows 10/11 or MacOS
  • Apple iOS Devices
  • Android Devices

User support

• Email or online ticketing support: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Service Desk - Our ITIL aligned Service desk is manned Monday to Friday (excluding England's bank holidays). We have 5 default Priority levels with tailored response time SLAs based on individual customer contract. Examples are: P1 (Urgent, system unusable). P2 (Important, hampering system operation). P3 (Non-Urgent, not affecting system operation). We provide a technical account manager and cloud support engineer for regular customer account meetings or incident management. Support is also available 24/7 subject to additional costs.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The training covers all aspects of user and technical training required to ensure that the customer will have the knowledge and skills to leverage maximum benefit from the C3 system both during implementation, and post go-live. The applications training covers every module of the system to be implemented, including training on the range of reporting tools supplied within C3. Training can be provided by our consultants onsite if required or delivered online via audio and visual conferencing tools such as Zoom or MS Teams and Skype. In addition to this, standard user documentation and materials will be made available in electronic format which can be saved locally by the user.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Upon the expiration of the contract we can offer an additional service as a read-only license to the application. However, should the customer wish the data to be extracted then consultancy would be required, which would need to be quoted for.
• End-of-contract process: The Contract can be for one of two things: • C3 Application Software and Hosting • C3 Application software only. Upon notice to terminate the contract, we will require an exit plan from our customer, and we will quote accordingly for any professional or alternative services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Designed from the ground up to be light on its feet whilst maintaining the superior levels of functionality expected by our customers, our remote worker solution allows full role tailored functionality without compromise. The solution is portable and scalable with reduced resource requirement both in terms of server and network, suitable for mobile networks, it has a simplified customized UI targeted at tablet and touch screen devices. The simplified and configurable UI of Remote Worker reduces training need allowing for rapid deployment to new operators in times of peak demand.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: The C3 suite of products provision for a high degree of customization per customer; with over 3000 uniquely configurable system parameters coupled with multiple modular desktop schemes, these desktop schemes allow operators to dynamically adjust their modular UI to suit their current role and requirements. Many of the modular elements within the desktop UI can be further customised by operators dynamically during use and stored as pre-sets for rapid recall in the future. Administrators are provisioned to modify system parameters and the level of configurable elements an individual user can leverage, with the remote worker product providing the ability to further lockdown and simplify the users UI where appropriate.

Scaling

• Independence of resources: Our cloud services are based on the requirements provided by our customers. We reserve the capacity required for each customer for the various components, e.g. application and database servers. If a 99.99% uptime SLA (or similar) is required we can build across multiple cloud datacentres in an active-active architecture to ensure available and provide an RTO of minutes. Cloud Bursting can also be used to handle peaks.

Analytics

• Service usage metrics: Yes
• Metrics types: Usage metrics are available which include number of logged in users, license usage, number of calls and server, client and network test times. Common and generic infrastructure metrics exposed by the operating system and database products such a CPU and bandwidth etc are also available.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We can export user data upon request or alternatively users can be given access to export their own data. Most of the core data is stored in MS SQL Server databases so there are many third-party tools available.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • GML
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • GML
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We use AWS and Azure for provision of our cloud infrastructure services, each cloud service has an individual SLA which is dependent on the configuration of individual service. As part of any contract we would clearly define and set out the expected SLAs for each component of the service based on the customer requirements. All claims concerning SLA guarantees must be made in writing by the Customer within seven days following the end of the month in question and will be shown as a credit (once agreed by MIS) on the next service charge invoice. Our approach is to design a service for the customer to ensure uptime SLAs are achieved, if an uptime SLA requires multiple 99.99% uptime servers this is what we will provide.
• Approach to resilience: We use Microsoft Azure and Amazon AWS global Infrastructures and datacentres. Every component of the infrastructure and our solutions are designed and built for redundancy, reliability and uptime. All data is stored in UK regions and data centres by default (unless otherwise agreed) on highly durable and redundant infrastructure which can span geolocations for DR/BC purposes, data will also be encrypted at rest. Network load balancing and redundant routing is also configured where appropriate including the facility to use direct connections. Our preferred approach is to design a hosting solution and application layout that supports an active-active approach across multiple datacentres. This is a standard approach in AWS via availability zones, which allow applications to run across 2+ datacentres concurrently. This approach has the advantage that a datacentre failure results in near zero downtime and data loss, it also significantly reduces the cost and impact to the business of regular DR tests.
• Outage reporting: We receive automated alerts from our proactive monitoring. Where possible the automated alerts will invoke automated corrective actions. We can configure email alerts for the customer under specific conditions and certain metrics. Due to the nature of our business, for sensitivity reasons we do not provide a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Both AWS and Azure have Identity and Access Management controls built-in as standard that offer a very granular level of control and permissions. These permissions can be granted at the user or group level including policy and role based. Each resource on the cloud platform can be individually secured. Our C3 application includes a role and task-based security model, in which the software can be configured to give specific users access to areas of the system.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQA
• ISO/IEC 27001 accreditation date: 06/03/2021
• What the ISO/IEC 27001 doesn’t cover: ISO27001 applies to the cloud infrastructure and support provided by our Group company Incline IT. It does not necessarily cover the application software.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Digital ITK Accreditation

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: We are currently Cyber Essentials PLUS accredited and have many internal security polices based on ISO27001. We are also accredited with ISO9001 for Business Processes / Software Development, and ISO27001 for the cloud environment. In order to ensure that our policies are followed, we are externally audited on an annual basis for our ISO9001 accreditation. ISO Processes are followed throughout the organisation. Overall control and management of our ISO Processes is overseen by our MIS Group Managing Director.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change management is governed by ISO9001. Source code is controlled via Microsoft Visual SourceSafe (VSS). When used with MIS' internal processes, this ensures: Only one developer can work on any component at one time. All code changes are checked in/out of the master database. All code changes are recorded throughout the lifetime of the component. Any previous version can be compared/restored. All components are version controlled. Every software modification requires an amendment number and reason for change. All modifications are subject to our QA procedure. Changes, installations and designs are assessed for potential security impact considering GDPR and encryption.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We will provide a service to manage vulnerabilities and potential threats which reports to the Customer and also the hosting provider. Our service extends beyond patching into vulnerability management which is a key requirement for GDPR and ISO27001. This will result in reports of missing patches and details on un-patchable vulnerabilities which cannot be patched and may require workarounds until a patch is available from a vendor. The patching service follows a standard approach of delivering OS patches into Development and Test environments to allow application vendors to run automated tests before patches are deployed to production.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our service uses server based IPS/IDS capabilities as this provides a more granular approach to network inspection rather than a monolithic and expensive firewall at the edge. The service also includes automated checks to ensure firewall rules are compliant with best practice and can be evidenced against ISO27001, and GDPR. Findings are presented as (low, medium, or high), accompanied by detailed evidence and recommendations for remediation. The findings are also available as functions enabling automatic remediation of specific types of issues. Otherwise any high or medium alert will be quickly assessed by a cloud engineer.
• Incident management type: Supplier-defined controls
• Incident management approach: We offer an incident management approach based around ITIL and GDPR standard processes for incident events. These include identification, logging, investigation and diagnostics, assignment and escalation, resolution and closure. All support is regulated via our ISO 9001 quality system. Our Service desk performance is monitored and reviewed on a regular basis. Incident and SLA reports can be produced on request

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  We are committed to promoting equal opportunities in employment. Any of our employees or job applicants will receive equal treatment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation (Protected Characteristics).; Our long-term aim is that the composition of our workforce should reflect that of the community and that all workers should be offered equal opportunities to achieve their full potential.; We are committed to a programme of action to make this policy effective and to bring it to the attention of all workers. The principle of non-discrimination and equality of opportunity applies equally to the treatment of visitors, clients, customers and suppliers by members of our workforce and also, in some circumstances, ex-employees.

Pricing

• Price: £8 a user
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@mis-es.com. Tell them what format you need. It will help if you say what assistive technology you use.