BadgerNet Maternity Fully Integrated System

Service scope

Software add-on or extension: No
Cloud deployment model: Private cloud
Service constraints: BadgerNet platform will have a published release schedule, which will document details of upgrades, feature enhancements and bug fixes. Releases are deployed by Clevermed to the Test environment two weeks prior to their deployment to the Live system. This period should be used by local speciality and IT departments to test and assess new versions of the Platform /BadgerNet Service(s) and immediately highlight any possible issues to Clevermed.

Reasonable notice will always be given to Trusts for maintenance and planned downtime.
System requirements: HSCN Network access

User support

Email or online ticketing support: Email or online ticketing
Support response times: 1- Critical - Problem resolution will be started immediately. Response within 30 mins.
2 - High - Problem resolution will start within 4 hours.
3 - Medium - Response one working day
4 - Suggestion - Response two working days.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: Onsite support
Support levels: Severity Levels are assigned at the time of logging the call. They are set out in more detail in the table immediately below, but in summary are as follows:

1. All Users are unable to access all patient records
2. A problem with one or more patient records where there is no viable workaround (including paper) that is directly stopping clinical care
3. System not performing as expected, but not preventing day to day use
4. Suggestions for change for improvement or enhancement of the System

Software is provided as 'Software as a Service' there are no different tiers of support. Support is available 24/7, 365 days a year with escalation to engineering support at all times for priority 1 support.
Support available to third parties: No

Onboarding and offboarding

Getting started: Fully project managed implementation with clinical specialist support including onsite training, online training, user documentation plus an advanced BadgerNet Academy for advanced skills.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: In the event of contract termination and/or a permanent data deletion request, the owner of the data will need to provide a written request signed by an approved representative, at which point Clevermed will export all data held on behalf of that Trust in a secure encrypted format. This export will include all the raw XML care record data, raw binary trend monitoring data (where applicable), plus any standardised reporting database extract databases. This will be provided in a standard SQL Server extract file which can be imported into any SQL server instance at the customer’s discretion. There are no charges for the return of the data via the method specified above. If any bespoke data transformation is required a quote will be provided following functional specification of the requirement.
End-of-contract process: Prior to the end of the contract customers will be offered renewal of terms.

Using the service

Web browser interface: No
Application to install: Yes
Compatible operating systems: IOS

Windows
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: The BadgerNet Maternity system can be accessed by our Maternity app and Maternity notes.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: There is an interface for clinical users and well as service users.
Accessibility standards: None or don’t know
Description of accessibility: Badger Notes is compatible with android and iOS accessibility features including Voice Over technology.
Accessibility testing: Badger Notes is tested for compatibility with android and iOS accessibility features including Voice Over technology.
API: No
Customisation available: Yes
Description of customisation: BadgerNet contains a range of system configuration so that the system is suitable for local clinical practice. This is limited in the clinical summary system but includes localisation of process picklists

Scaling

Independence of resources: The platform includes all necessary servers required to run the software (i.e. application and database servers) in a manner that is secure, highly performant, robust, resilient and scalable. Database load is monitored continuously in real time and autoscaling of resource is in place.

Analytics

Service usage metrics: No

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: Specific types of data can be exported as excel, access or CSV files. Data may also be available in a local database copy for reporting purposes. In the event of contract termination or a permanent data deletion request, the owner of the data will provide a written request signed by an approved representative, at which point Clevermed will export data a secure encrypted format. This export will include all the raw XML care record data, raw binary trend monitoring data, plus any standardised reporting database extract databases. This will be provided in a standard SQL Server extract file.
Data export formats: CSV

Other
Other data export formats: Access

Excel

HL7

FHIR
Data import formats: Other
Other data import formats: Xml

HL7

FHIR

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

Other
Other protection within supplier network: The VMs, web applications, SQL server managed instance are connected privately to Azure virtual networks to allow controlled traffic to flow between them. This is backed with Azure Network Security Groups to tightly restrict network traffic between services. Access from the HSCN network is controlled by an Azure Application Gateway configured in Zone redundant HA mode with the a WAP firewall. Access to services from the internet is controlled via a separate Highly Available Azure Application Gateway. Each of these are established in separate virtual networks peered with necessary virtual networks running required services and controlled with Network security groups.

Availability and resilience

Guaranteed availability: 99.5% Availability.
Credit breach mechanism is in place if there are 2 breaches in consecutive months within a given quarter. % refund is offered on the next invoice.
Approach to resilience: The BadgerNet Platform is hosted in the Azure UK South region, comprising 3 data centres in the London region, utilising state of the art Azure technologies. To maximise high availability and resilience the platform is architected to take advantage of inherent resiliency/redundancy features of Azure, wherever possible PaaS services have been utilised with agreed SLA’s of 99.99% or greater (e.g. Azure SQL Managed instances, Azure Application Gateways). The general approach to resilience and redundancy of other components is to spread each key service with at least 2 instances across the 3 Azure zones in an always on fashion providing a level of redundancy and resiliency. In the event of data centre failure, automatic diversion of traffic provided by the Application Gateways and load balancers ensures the maintenance of a continuous service. Coupled with an infrastructure as Code approach to deployment, in the unlikely event of a data centre failure, the service will still function and rapid deployment of additional resource into the existing data centres facilitates a rapid return to full-service capacity.
Detailed log analytics /App insights are implemented, allowing continuous monitoring of service status, allowing triggering of Alerts in event of abnormal, degraded or malicious service activity.
Outage reporting: Public dashboard and email notification to key contacts

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Identity federation with existing provider (for example Google Apps)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: All management interfaces are accessed via 2FA. Online support channels are protected using the same method that is used for accessing patient data locally - this may be via federated authentication or username /password
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: Intertek
ISO/IEC 27001 accreditation date: 21/03/2022
What the ISO/IEC 27001 doesn’t cover: Nothing
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: No
Other security certifications: Yes
Any other security certifications: ISO9001: 2015

NHS Digital - Data Security and Protection Toolkit

SCCI0129/Version 4/2016 Clinical Risk Management Compliance

Data Controller/Data Protection Register

Data Protection Impact Assessment

Business Continuity Plan

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: ISO72001 certification plus full suite of information governance policies:Access Control (incorporating identification and authentication; Encryption policy; Patching Policy; AV/Malware policy; Backup policy; Internet and email acceptable use policy; Clear desk and screen policy; Mobile device Policy; Remote working policy; Sanitization, reuse, disposal and destruction policy(incorporated in the Data Security and Use Policy); Business continuity plus Business Continuity Plan. Info security is also a key part of employee vetting and onboarding and annual training is mandatory. The policies provide detailed responsibilities for CEO, ISO, RAM(DPO), IAO and all staff. A procedure is in place for reporting information security incidents.

Operational security

Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach: This is a tightly controlled process that involves risk assessment of each new feature and change requests to the system or infrastructure. Infrastructure uses the current infrastructure as code approach with changes managed through a code repository alongside the system code. There is a tightly managed development and testing lifecycle with regression testing of all changes, a change freeze / lockdown period following release to test, internal production version testing of all release candidates and automated released procedures using a combination of Octopus Deploy release and Microsoft Devops release pipelines with extensive post release testing with rollback facility.
Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach: Windows Endpoint Security/Cloud Defender are used to identify and download available patches. Vulnerability notifications are also received from CareCert. Windows Endpoint Security updates are pushed out automatically to endpoints as they become available.Compliance with these updates is monitored by via Windows Endpoint Security Manager. Updates to the Clevermed Azure estate made available via Microsoft Cloud Defender are deployed to the Test environment in the second week of each month to allow the assessment whether deployment of the server patch poses a risk to existing systems. Patches safe to deploy are deployed to Production in the third week of each month.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Anti-virus and anti-malware controls and automatic quarantine facilities in place.
Real time intrusion detection monitoring and alerting via Graphana
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: Users report incidents via online service console, phone or email. Incident reports are provided via online service console and updates via email to key contacts. Clevermed has a pre-defined incident management process in line with ISO9001 and ISO27001.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: Yes
Connected networks: NHS Network (N3)

Equal opportunity: Equal opportunity

Clevermed Ltd is committed to encouraging equality, diversity and inclusion among its workforce, and eliminating unlawful discrimination. The aim is for the workforce to be representative of all sections of society and customers, and for each employee to feel respected and able to give their best. Clevermed is fully committed to a policy of treating all its employees, job applicants, clients, learners, customers and the public equally in adherence with the Equality Act 2010. Clevermed will take reasonable steps to identify and respond to the needs of individuals with whom we work to ensure our services are accessible for all.

Clevermed Limited will take all reasonable steps to employ, train and promote employees on the basis of their experience, abilities and qualifications without regard to race, colour, ethnic origin, nationality, national origin, religion or belief, sex, sexual orientation, gender reassignment, age, marital or civil partnership status or disability. Clevermed Limited will also take all reasonable steps to provide working and learning environments in which all employees, learners and clients are treated with respect and dignity and that is free of harassment or discrimination based upon a person’s race, colour, ethnic origin, nationality, national origin, religion or belief, sex, sexual orientation, gender reassignment, age, marital or civil partnership status or disability. Clevermed Limited will not condone any form of harassment, whether engaged in by employees or by outside third parties who do business with Clevermed Limited.

Employees have a duty to co-operate with Clevermed Limited to ensure that this policy is effective in ensuring equality and in preventing discrimination, harassment or bullying. Action will be taken under Clevermed Limited’s disciplinary procedure against any employee who is found to have committed an act of improper or unlawful discrimination, harassment, bullying or intimidation.

Pricing

Price: £18.00 a unit
Discount for educational organisations: No
Free trial available: No

BadgerNet Maternity Fully Integrated System

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

BadgerNet Maternity Fully Integrated System

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents