MEG Support Tools

MEG

MEG is a cloud-based healthcare Quality Management System (QMS), delivering streamlined quality, patient safety and regulatory/accreditation compliance across organisations. A suite of powerful web and mobile modules provides capabilities including paperless Auditing, Quality Improvement & Action Plans, Incident Reporting, Patient Feedback & Complaints Handling, Document Management, and real-time Reporting.

Features

• Go paper-free; capture inspection data and complete audits digitally
• Create action plans, delegate and track tasks, set trigger alerts
• Report incidents in real-time, quickly and accurately
• Customisable management reports to bring your data to life
• MEG's LRMS (Risk) module aligns with the LFPSE requirements
• Make your data meaningful with insightful, appealing dashboard and reports
• Set up trigger alerts for deviations from performance benchmarks
• Compare performance between different hospital areas
• Customisable by client for different audits, question sets, answers
• Store and manage your documents in an organised setting

Benefits

• Enjoy paperless workflows, typically halving inspection and audit times
• Understand performance across hospital(s), department or ward
• Create action plans to identify issues and fix non-compliances faster
• Produce appealing, insightful and sharable reports in minutes
• Get a quick snapshot of compliance across your hospital
• Gain clarity and assurance with performance tracking and audit trails
• Work flexibly using mobile or desktop devices, online or offline
• Improve staff engagement and accountability with the easy-to-use mobile app
• Ensure timely auditing by scheduling audits on calendar
• Assign tasks and sub-tasks to relevant departments

£10 a unit a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@megit.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

743933839022401

Contact

Helga Morrow
020 3322 5406
enquiries@megit.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: We aim to support latest versions of popular browsers and we are backwards compatible with older versions of browser and operating systems multiple versions behind.; The app requires Internet access to log in and upload data, but can nevertheless be used offline during inspection.; If data collection using a mobile device is required, MEG is compatible with iOS and Android OS, multiple versions behind.
• System requirements:
  • Recent version of a supported web browser
  • Internet Access
  • Software license required to use

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to clients within 4 working hours for high-level support issues and within 24 hours for normal level support issues during weekdays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Online, email, and phone support are included within the software licence fee. On-site support will be provided at a cost of £900 per day excluding VAT.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users will be provided with all the material needed to get started with the application: User guides, support documentation, how-to videos.; ; Onsite and/or online training is provided for customers who require a supported implementation, along with set-up support. All of this can be tailored to a specific client's needs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: YouTube tutorial videos
• End-of-contract data extraction: MEG will provide the client with its data in an electronic csv or Excel format for compatibility with future systems.
• End-of-contract process: At the end of a contract, MEG will archive or delete the data as per client's request. ; If required, MEG will supply the client with its inspection data in electronic csv or Excel format for compatibility with future systems. ; All users' access to MEG will be revoked.; ; If historical data is required in a tailored format, MEG can supply this to the client at an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile-optimised page layout is used on mobile devices, but features remain the same as on the desktop version.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Our web portal allows users with sufficient privileges to view reports, review submitted data, and manage the hospital's resources (users, wards, rooms etc.)
• Accessibility standards: None or don’t know
• Description of accessibility: No limitation for users using accessibility technologies.
• Accessibility testing: We've tested the system using text scaling option.; Text scaling feature is built into the mobile app.
• API: Yes
• What users can and can't do using the API: API can be used to access hospital's resources such as ward structure, audit forms and raw audit data. ; API can be used to submit audit data. ; Other features are available on request.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The following can be configured by the client from user dashboard (with specific user credentials):; 1. Setting and updating of users passwords.; 2. Granting access to auditors to new audits.; 3. Setting up and changing of custom audits: editing questions and answers, compliance calculation of question, help text, supporting graphic, order of questions, order of question categories / sections, making questions required/not required, etc.; 4. Setting up and changing of sites, directorates, wards, auditor teams, etc.; 5. Customisation of audit schedules.; 6. Excel download of data can be customised by fields required.; ; The following can be configured by MEG:; 1. Customisable graphs and reports to clients needs.; 2. RAG scores per audit.; 3. Customisation of QIP (Quality Improvement Plan) dashboard layout.; 4. Add signature required to specific audit forms.

Scaling

• Independence of resources: We have a strategy in place to ensure that users are not affected by increased demand and we monitor our servers continuously. We also monitor our service levels to ensure sufficient support staff are available to meet customers' needs.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can view metrics of inspection usage through the Web Portal dashboard.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Private key authentication is required to access servers over ssh
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their audit data to pdf, Excel, csv formats at any time using built-in options in the dashboard as well as have access to their data in real time via API.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Excel
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • JSON
  • Microsoft Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99% service availability, assured by Cloud Service provider
• Approach to resilience: Available on request
• Outage reporting: Private dashboard and e-mail alerts. Clients will be notified about relevant outages on request (opt-in).

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Developers who have access to the server management interface via ssh must use pivate key authentication. Other, unused, access channels are blocked (telnet, ftp etc) on firewall level.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 18/02/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of MEG's certification is for "The provision, ongoing support, development and maintenance of MEG’s Quality Management Software (QMS) platform for the Healthcare Industry."
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: NHS Data Security Protection Toolkit standards met

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Internal Security Policies are the direct responsibility of CEO and MEG's Information Security Committee. All team members including Technical, Marketing, Sales and Support must adhere to the policies and report any non-compliance they witness to the CEO. Internal Standard Operating Procedures are in place to ensure this too.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Code changes pass through testing and review processes to ensure all security implications are assessed. If any changes have impact on customers, timeframes for these changes will be agreed with them in advance
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Daily scans of the third party dependencies against vulnerabilities are carried out. Attempts will be made to handle these within 24 hours wherever possible with a maximum exposure window of 5 days. Information may come from multiple channels: our scans, customers contacting our support team, etc.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Compromises are identified via regular code review process. Any issues are addressed immediately after discovery (within 48 working hours).
• Incident management type: Supplier-defined controls
• Incident management approach: Users can report an incident via e-mail or a form available in the system. Similarly incident reports will be communicated via e-mail if and when an incident is confirmed. MEG is governed by industry-standard Incident Management & Disaster Recovery policy as a part of its ISO27001-compliant Information Security Management System (ISMS) run by its Security Committee who keep a close eye on and monitor incidents and potential incidents.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  MEG is a remote-first company, meaning the company defaults to work-from-home (WFH) processes and practices amongst the majority of employees. ; ; This has been associated with a reduction in transportation footprint, as employees are no longer engaged in long daily commutes. In addition, with employees adopting more sustainable waste practices at home than at the office, such as recycling, this is having a net positive environmental impact for waste management behaviours.; ; As a software company whose ethos is embedded in reducing waste and inefficiency in healthcare through digital transformation, MEG is making WFH more environmentally sustainable by: ; ; Embedding a sustainability culture:; ; To create an environmentally sustainable and climate-friendly culture, MEG is proactive in making sure that sustainability considerations are routinely embedded in every company decision across all departments. For example, remote meetings are encouraged as the default over ‘in person’ and air travel has drastically reduced in favour of ‘online meetings’ early on in customer engagement process.; ; Providing supportive policies:; ; For employees who do choose to work in the office, MEG offers Cycle-to-Work and public transport commuter schemes and encourages employees to take part. The benefits are reduced traffic congestion and carbon emissions, as well as financial and health benefits for employees.; ; We also seek input and suggestions from our employees about additional desired policies and structures that appeal to them.; ; Think global, act local:; ; Depending on where our workforce is located it may be more appropriate to focus attention promoting emissions reduction from cooling versus heating, or both. The point being that a one-size-fits-all approach won’t work. Instead, when designing and promoting environmentally sustainable WFH policies, we take into consideration the unique circumstances of our employees as well as the characteristics of our business operations to identify the most relevant behaviours.
• Equal opportunity:

  Equal opportunity

  MEG is committed to a diverse and varied workplace in our hiring processes, training and evaluation of our employees. ; ; We are committed to inclusivity and equality as part of our workplace and community, through our business partners, suppliers and customer service. We believe in: ; ; • Providing equal opportunities and recognising the importance in gender pay gap equality; ; • Integrating messages of a safe and accepting multicultural work environment in our internal and external publications; ; • Creating a flexible and accessible environment through adapting different equipment and tools to the unique needs of people with special needs etc.; ; We are committed to being an equal opportunity employer and we do not discriminate anyone for any reason, whether race, colour, age, gender, sexual orientation, gender identity and expression, ethnicity, religion, family status, social origin, disability, union membership or political affiliation. ; ; Presently, MEG predominantly carries out its recruitment processes in-house. Where additional recruitment expertise is required, MEG uses only specified, reputable employment agencies to source labour and always verifies the practices of any new agency it is using before accepting workers from that agency.; ; We are committed to treating our employees equally in compensation and benefits, by supporting employees with their needs. ; ; We are committed to creating a conscious culture and promote open communication as part of our inclusivity and diversity.; ; More details on relevant MEG policies can be found within the following statement on the website: https://www.megit.com/modern-slavery-and-human-trafficking-statement

Pricing

• Price: £10 a unit a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: This includes:; ; 1. Access to app within the customer organisation ; 2. Trial expires after one-two months; 3. Online/email/phone support
• Link to free trial: https://www.megit.com/contact

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@megit.com. Tell them what format you need. It will help if you say what assistive technology you use.