OPTIMUS IT INFRA LTD.

Reference Data Management

Reference data management tool allows healthcare and NHS organizations to better manage their applications reference data mapping without the need to expert DB management skills. This application allows end-users and clinical staff of Healthcare providers like NHS Trusts, NHS Hospitals, GPs etc., to manage the data presented on various applications.

Features

• real-time monitoring
• integration plugin
• system service reporting

Benefits

• Alerting
• Instance display of system/application issues

£500 to £5,000 a licence a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@optimusit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

734195872157292

Contact

Abhishek Tirumalapuram
07557333022
info@optimusit.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Complete end to end software development and managed services
• Cloud deployment model: Private cloud
• Service constraints: None applicable. Our software can be customized to support any configuration
• System requirements: Windows 7 or higher versions

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour during business hours 9:00AM to 5:00PM Within 4 hours outside business hours 5:00PM to 9:00AM Within 8 hours on weekends and public holidays
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 9am to 5pm business hours support will be provided on a severity/priority basis.Our support is completely customized depending on the customer's unique needs. For those with standard support requirements, we offer 2 levels of support: ; 1. Standard - normal response times during business days, weekends; and public holidays - included as part of our standard contracts. ; 2. Enhanced - fast response times (1 hour maximum) during business days, weekends and public holidays - customized as per customer's setup. Normally 35% more than Standard level. A technical analyst overseen by a technical account manager is assigned to review all support issues raised by the customers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Application will be deployed onsite by our team and onsite training will be provided along with documentation and maintenance of the application will also be demonstrated
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data will be stored in customer required storage spaces, where required it can be extracted and stored where ever required.
• End-of-contract process: Application accesses will be disabled and necessary handover will be scheduled. Support will be provided until the notice is served as per the contractual agreement.

Using the service

• Web browser interface: Yes
• Supported browsers: Chrome
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • Windows
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Tbc
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Tbc

Scaling

• Independence of resources: * Both horizontal and vertical scaling of hosts can be provisioned on demand basis.

Analytics

• Service usage metrics: Yes
• Metrics types: * Usage statistics
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported using ETL tools
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • FHIR
  • Custom formats
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • HL7
  • FHIR

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Token based authorisation
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Token based authorisation

Availability and resilience

• Guaranteed availability: We offer a standard one level SLA. Our service availability is guaranteed at; 99.9% and is reported on a monthly basis. The customers can also report; unavailability which is assessed by our technical team. The refund is; calculated on a pro-rata basis and the users are refunded through a credit; note system.
• Approach to resilience: It’s available to customers on request.
• Outage reporting: Our service is constantly monitored and outages are extremely rare. The; outages can be either at customer level or organization level. Whenever; an outage is detected, an email alert is sent to the nominated users at; affected customer's organization.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Other
• Other user authentication: * OAuth
• Access restrictions in management interfaces and support channels: * Both authentication and authorisation models are supported.; Specific user level access privileges are applicable to various modules of the application to allow only authorized users and to avoid any unauthorized access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our organization security governance is managed by our IG team which is responsible for setting the operational security procedures based on a risk based approach. All the roles, responsibilities and segregation of duties are clearly defined and enforced. All the staff is made aware of the policy and is trained regularly to ensure their knowledge is up to date. The policies are reviewed regularly to ensure staff compliance and also compliance with the organisation's business strategy.
• Information security policies and processes: The following policies are adhered to at our organization: ; 1.Acceptable Use Policy ; 2. Electronic, Voice and Physical Communications Policy ; 3. Change Management Policy ; 4. Access Control Policy ; 5. Remote Access Policy ; 6. DR and BCP Head of IG is responsible for the overall policies and they; in turn report to the Director of IT. ; Staff are trained regularly on the policies which are also provided to them for reference. Whenever a policy is updated, a staff update session is; scheduled. A regular audit of the policy is undertaken by a third party to ensure compliance.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration management tools are used to manage changes and every; change is accessed to not cause any business continuity issues. A change; release log is maintained throughout the lifetime of the product to ensure; all changes are uniquely identified and tracked. Each change is; thoroughly assessed by our development panel and rigorously tested to; ensure full compliance with the security protocols.; Change management is managed by Agile delivery model; Continous delivery model is used for deployment and management of services
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Using cloud based API Gateway management services; Patches are delivered using continuous delivery model ; Potential threats are detected using service and host logs; Vulnerabilities and threats are accessed on a regular basis based on the market research, support calls and proactive monitoring of the emerging threats. Its ensured that they are covered tested during the regular; penetration testing schedule. Patches and updates are released on; regular basis which is often customized to the needs of the customer.; Where required, critical patches are deployed rapidly. When changes are; required, change control processes and CAB approval based deployment; is strictly adhered to.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are detected and alerted from web console logs; We endeavor to respond to incidents as swiftly as possible; Potential compromises are mostly human error and processes are in; place to ensure there is minimal human intervention. However if there any; issues noticed, immediate and timely action is taken by alerting the; customer about the issue along with the required steps to take to avoid; such issues in the future.
• Incident management type: Supplier-defined controls
• Incident management approach: Processes are in place to ensure there is minimal human intervention.; However if there any incidents noticed, immediate and timely action is; taken by alerting the customer about the incident along with the required; steps to take to avoid such issues in the future. The users have access to; a dedicated support email where they can log any incidents around the; clock and follow up the status of those incidents. A detailed incident; report will be provided to the client as soon as each incident is closed. A; history of all the incidents is also maintained for the users.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality

  Fighting climate change

  Optimus as an organisation is fully committed to the NHS achieving its net zero target and welcomes the opportunity to support these initiatives. As an IT Consulting Services company, providing application development, integration and implementation services, Optimus produces few significant environmental impacts beyond those of a typical professional service organisation (consumption of energy, materials, day-to-day consumption/waste habits of its employees, etc.). While these habits and practices may seem insignificant from an environmental perspective, Optimus makes a conscientious effort to understand its impacts on the environment and limit unnecessary or unreasonable impacts while encouraging more responsible habits. Optimus believes it can make a significant impact to reducing carbon and as a result, has made a commitment to reduce its emissions by Reducing / Minimising Energy Consumption, Reducing / Minimising Transportation, Material Sustainability, Environmental Management System.

  Covid-19 recovery

  Optimus teams having worked with NHS organizations have a deep understanding of the impact of pandemics like COVID-19 that can have on its employees, other support staff and client side staff. We have been extremely cautious in making sure no individual is either directly or indirectly affected by our day to day operational activities. We ensure by working with different teams to have remote accesses and capabilities to be in place to deliver the required work in case of any events like COVID-19. We allow staff to work from home to ensure safety of theirs and the teams they work with.

  Tackling economic inequality

  Optimus is totally committed to the promotion, improvement and to increasing employment, demonstrating economic sustainability during the period of the contract. This is achieved in a number of ways, described further below.; All important issues within the company are tracked, monitored and measured. Social values is a recurring item on the agenda of all management team meetings, held on a monthly basis. The company has social values as one of its ‘Annual Targets’ with individuals tasked with managing specific areas, which they need to report on at the monthly meetings and which form part of their personal record, which are then tracked and managed by the Human Resources teams.; In addition, all memberships and accreditations are renewed annually.; Optimus will ensure that all employees working on this contract will be provided with training opportunities to support their work and future progression needs, in order to continue their progression. Training opportunities will be specifically targeted for the individual, ranging from mentoring and shadowing, to accredited CPD and Master’s qualifications, with a personal training put in place.; ; Optimus adopts a flexible approach to working, ensuring it caters for those who need to adjust their core working hours to meet important outside of work demands.

Pricing

• Price: £500 to £5,000 a licence a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@optimusit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.