BCN Group Ltd

Power Platform for Healthcare

BCN pioneers Power Platform solutions for advanced analytics and automation, tailored collaboratively with clients. Our suite includes leveraging Power BI, Power Apps, Power Automate, RPA, and ML, across NHS Primary Care, Acute, Mental Health, Community Care, Integrated Care System, ICS, Integrated Care Board, ICB

Features

• Board reporting, IPR, SPC charts, NHS ICS benchmarking solutions.
• Enterprise Power Apps for optimized user experience and automation
• Industry-tailored tabular cubes, data models, and collaborative reporting
• User-centric design ensures high adoption rates
• Cloud setup, Azure AD synchronization, workspace, and seamless integration
• Comprehensive Power BI training covering DAX and end-user functionalities
• Premium connectors for Power Platform tools.
• Utilization of Power Platform for data processing and integration
• Real-time reporting capabilities with HL7, FHIR, and predictive analytics
• ETL processes for seamless integration with various systems

Benefits

• Rapid development through Agile methodology
• Quality improvement enhances operational performance
• Intuitive solutions support self-service requirements
• Industry expertise in Healthcare and Housing Associations
• Mobile-optimized solutions facilitate knowledge transfer
• Best practices ensure platform setup and configuration
• NHS-proven approach to design and development.
• Utilization of Measure Matrix for data and reporting requirements
• Ongoing support with 24/7 helpdesk and Managed services.

£1,250 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ric.kelly@bcn.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

781781243722162

Contact

Mr Ric Kelly
0345 095 7000
ric.kelly@bcn.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft Power Automate, Power Apps, Power Platform, Power BI, Power VA, Copilot Studio, M365
• Cloud deployment model: Public cloud
• Service constraints: No specific constraints depending on architect agreed with customer
• System requirements: Power Platform Licensing (Solution Dependent)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on Service Purchased Options: Standard Support Hours - Monday - Friday 08:00 - 18:00Hrs Extended Support Hours - Monday - Friday 07:00 - 19:00Hrs Out of Hours Support - P1 ONLY - 24/7 (Excluding Christmas Day) Priority 1: Standard / Extended Hours - Response Within 30 minutes Priority 1: (Out of Hours) Response Within 60 minutes Priority 2: Standard / Extended Hours – Response Within 2 hours Priority 3 or 4: Standard / Extended Hours – Response Within 4 hours Priority 5: Standard / Extended Hours – Response Within 4 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Comprehensive Account Management & Support options Availability of the Power Platform is inherited via Microsoft ; Support Hours 50+ dedicated support engineers across 3 UK offices provide technical support 24 hours a day, 7 days a week, 365 days a year. * This includes proactive monitoring and alerting of core services. *Waking Hours = 7am to 7pm Monday to Friday (from manned helpdesk) Ticket Severity All tickets logged to the Service Desk will be allocated a severity level based on the following methodology. This will ensure that reporting on service levels may be achieved to the optimum format. 1 - Catastrophic business disruption 2 - Severe business disruption or user critical issue 3 - Business disruption or multiple user issue 4 - Minor business disruption or user issue 5 - Job or Task Service Desk Staff will evaluate the Incident and allocate a priority level after which it will be assigned to the appropriate staff. This will be based on the required skill set to resolve the incident in a timely manner. ; As a Microsoft Tier-1 CSP BCN will escalate issues to Microsoft as required for additional support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: HFor all Power Platform Services BCN will engage with the customer to identify business requirements & the optimal solution required. BCN will guide your migration from start to finish to ensure an optimal experience. BCN follow the below methodology for delivering projects: ; Define ; The first step is always information. We take the time to understand your business. ; Build ; We build on our research. Your solution is designed to leverage the insights we learn. ; Deliver ; We only ever deliver once we're completely happy and fully tested. ; Manage & Evolve; Digital solutions don't stop, they evolve. Metrics & analytics keep pushing you forward, & BCN will help deliver on your roadmap & ideas
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Microsoft Word
• End-of-contract data extraction: Continuity of service is important to us for our customers. All customer data is hosted in the customer's tenant & therefore is fully owned by the customer. At the end of any contracted engagement the customer will control the data within the customer's environment & BCN access will be removed as necessary.
• End-of-contract process: At the end of any contracted engagement BCN will support handover of any solution to the customer. BCN will remove access to all systems as necessary & terminate any support for services.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Solution dependent. Generally responsive design to fit Mobiles is leveraged from Microsoft native tools.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users can access Power Platform Services through the Microsoft Power BI Portal https://admin.powerplatform.microsoft.com/
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Microsoft are responsible for Web Interface testing
• API: No
• Customisation available: Yes
• Description of customisation: Complete customization is available within the boundaries of Power Platform Development Framework. BCN will complete works based on the agreed design.

Scaling

• Independence of resources: Independence of resources is provided by Microsoft using logical tenant isolation. Multiple forms of protection have been implemented throughout Microsoft Fabric to prevent customers from compromising Microsoft Fabric services or applications or gaining unauthorized access to the information of other tenants or the Microsoft Fabric system itself, including: Logical isolation of customer content within each tenant for Microsoft Fabric services is achieved through Microsoft Entra authorization and role-based access control.

Analytics

• Service usage metrics: Yes
• Metrics types: Native Power Platform usage metrics & measures. Others can be developed on request
• Reporting types: Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data is kept in standard data formats and can be extracted at any time by the customer using standard Microsoft or other products.
• Data export formats: Other
• Other data export formats: Various - Solution Dependent
• Data import formats: Other
• Other data import formats: Various - Solution Dependent

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability of the Power Platform Service is leveraged from Microsoft. Service availability <99.9% results in service credits being provided by Microsoft. SLAs can be found here - https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwwlpdocumentsearch.blob.core.windows.net%2Fprodv2%2FOnlineSvcsConsolidatedSLA(WW)(English)(April2024)(CR).docx&wdOrigin=BROWSELINK
• Approach to resilience: Microsoft is dedicated to ensuring the highest service availability levels for your critical applications and data. Microsoft ensures that the baseline infrastructure and platform services are available through its business continuity and disaster recovery architecture by:; ; Enabling geo redundancy, where in, all data from production environments (excluding Default environments) is backed up to the paired/secondary region. These replicas are referred to as geo-secondary replicas that are set up during the time the primary environment is deployed.; ; Geo-secondary replicas are kept synchronized with the primary environment through continuous data replication. While at any given point, a secondary region might be slightly behind the primary region, the data on a secondary is guaranteed to be transactionally consistent. For more information on geo replication, visit Active geo-replication - Azure SQL Database; ; See https://learn.microsoft.com/en-us/power-platform/admin/business-continuity-disaster-recovery for more details
• Outage reporting: Public Dashboard & Emails

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: In general: Entra ID provides RBAC controls into customer Power Platform environments to restrict access to named resources. Following a least-privilege principle access is controlled via the Entra ID of the customer & other network restrictions based on the solution.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 25/06/2020
• What the ISO/IEC 27001 doesn’t cover: BCN Group activities related to the provision of this service are covered by ISO 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Organisation chart available on request. Upon induction, staff handbook, policies and procedures are provided. Specific IG policies around Information Security which are also in the staff handbook are included. We are also fully compliant with GDPR guidelines. Ongoing documented review to ensure policies are being followed as well as one-to-one systems to enforce policy processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests are raised by the customer or on their behalf by our support team. These are submitted to the change team for review and what-if analysis, the results of which are communicated back to the change owner for review of potential impacts and technical feedback before authorising and scheduling in the work. Upon completion and validation that the change has been successful, relevant documentation and parties are updated accordingly. The Change Advisory Board meet regularly to assess the whole change life-cycle to ensure that safeguards and security remain at the forefront of any changes made.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Production assets are scheduled for daily, automatic scans with the most recent vulnerability signatures. The results of these scans are collected in a secure, central storage service, and automated reporting makes results available to service teams. Service teams review scan results that report aggregate scan results to provide comprehensive reporting and trend analysis. When vulnerability scans indicate missing patches, security misconfigurations, or other vulnerabilities in the environment, service teams use these reports to target the affected components for remediation. Vulnerabilities discovered through scanning are prioritized for remediation based on their (CVSS) scores and other relevant risk factors - https://learn.microsoft.com/en-us/compliance/assurance/assurance-vulnerability-management
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Protective Monitoring is provided by Microsoft for Fabric Services. "Microsoft cloud services are continuously monitored for signs of compromise. In addition to automated security monitoring and alerting, all employees receive annual training to recognize and report signs of potential security incidents. When suspicious activity is detected and escalated, Service-specific Security Response teams initiate a process of analysis, containment, eradication, and recovery" More information can be found here https://learn.microsoft.com/en-us/compliance/assurance/assurance-incident-management
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: BCN's Incident Management process: Upon detection of an incident either internally or by report (telephone/email/portal) it is classified due to its impact and the number of users it affects. Where required, an escalation event is then created triggering the assignment of a Major Incident Manager, re-assignment of technical resource and team leader to provide client updates. Updates are provided throughout a major incident (P1) with an incident report provided within 1 week. Root cause analysis undertaken after the incident has been resolved to help mitigate the likelihood of recurrence. Microsoft's Incident Management processes for infrastructure incidents are found here: https://learn.microsoft.com/en-us/compliance/assurance/assurance-incident-management

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  BCN are focussed on improvements in Energy Efficiency. We continue to monitor and review our energy usage with the aim of reducing where we can.

  Tackling economic inequality

  BCN will create employment and educational opportunities for people from backgrounds that typically find it hard to get employment.

  Equal opportunity

  BCN is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, gender, gender reassignment, maternity, marital status, disability, religious beliefs, age or sexual orientation

  Wellbeing

  BCN is committed to the protection and promotion of the mental health and wellbeing of all staff. ; We shall continuously strive to improve the mental health environment and culture of the organisation by identifying, eliminating, or minimising all harmful processes, procedures and behaviours that may cause psychological harm or illness to its employees.

Pricing

• Price: £1,250 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ric.kelly@bcn.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.