Dagny

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: Each of our apps can be used as standalone or integrated into networks and other systems. All apps are open and can integrate into job planners, rosters, banks staff system, payroll, professional registration databases and other relevant systems.
Cloud deployment model: Private cloud
Service constraints: None
System requirements: Web browser

Internet Access

Mobile device

User support

Email or online ticketing support: Email or online ticketing
Support response times: Our support package offers comprehensive user and technical assistance through multiple channels. During core hours (09:00-17:00), expect in-app support responses within 30 minutes, and email replies within 4 hours. Evening responses extend to 1 hour for in-app and next-day for email. Technical issues receive priority with a 15-minute response time via in-app or phone during core hours, extending to 45 minutes in the evening. We leverage Intercom for real-time support, enhancing user experience with immediate help. Technical email support is de-prioritised in favour of direct channels, ensuring quick fixes to system issues and minimising operational disruptions.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: Web chat
Web chat support availability: 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
Web chat accessibility testing: We ensure:
- Screen reader support: the messenger is accessible via screen readers
- Keyboard navigation: Every component of the messenger can be accessed using a keyboard without requiring a mouse or trackpad.
- Colour contrast: all text in the web messenger is clearly visible when using colours with enough contrast.
Onsite support: Yes, at extra cost
Support levels: We provide entensive support to ensure engagement, to maximise the impact of our solution to a organisation and support the change process. This includes, and not limited to:
- training and demo presentations
- workshops and committees
- interviews and shadowing
- awareness events and marketing
Support available to third parties: Yes

Onboarding and offboarding

Getting started: We design and build all our applications and workflows to be as intuitive as possible. Each user has a self-directed on-boarding process with clear instructions and where they are demonstrated and directed to support with the app. We also provide on-site training but this more of an awareness and marketing exercise.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: Users have unrestricted access to their data which is structured and documented so they can process their data however they want at anytime or at the end of the contract
End-of-contract process: We will support the organisation to ensure undisrupted operations and business processes and will to store data for a reasonable time.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: Yes
Compatible operating systems: Android

IOS
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Our platform is designed with specific user roles in mind: the mobile app is exclusively for staff use, providing access to essential features and functions tailored to their needs. Conversely, the web app is intended for workforce administrators, offering comprehensive tools for managing schedules, compliance, and overall workforce operations. This distinction ensures that both staff and administrators have the most suitable and efficient tools at their disposal, optimizing the user experience and streamlining administrative tasks.
Service interface: No
User support accessibility: WCAG 2.1 A
API: Yes
What users can and can't do using the API: All our services and features can be accessed via APIs as requested. We have a suite of integrations and also build bespoke as required. We encourage APIs wherever possible for faster and more efficient information transfer.
API documentation: Yes
API documentation formats: Open API (also known as Swagger)

HTML

PDF
API sandbox or test environment: Yes
Customisation available: Yes
Description of customisation: Our solution is highly configurable. From the sequence of on-boarding to structure of in-app analytics dashboard and all other features, we work with our users to build bespoke features and optimise workflows to best improve their processes.

Scaling

Independence of resources: Provision is made within the application to upscale server size, space and memory demands as required.

Analytics

Service usage metrics: Yes
Metrics types: We work with organisations to define KPI and target for them to evaluate the effectiveness of our solution and their processes. This includes usage and a range of other metrics.
Reporting types: API access

Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Data importing and exporting

Data export approach: We provide users unrestricted access to their data and they can export it at anytime. We can also provide regular batch exports (reports) in configurable formats.
Data export formats: CSV
Data import formats: CSV

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

Other
Other protection between networks: Data in transit is encrypted
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: We provide a real-time, “always-on” service
- SLA is for 99.9% uptime
- Pro-rata refund for failure to meet SLA e.g. 0.2% downtime in a month equates to 0.2% refund for that month

Our historical records of service availability for the past 12 months is 99.98%.
Approach to resilience: Dagny's data centre provider is designs for stability, scaling, and inherently mitigates common issues that lead to outages while maintaining recovery capabilities. They maintains redundancy to prevent single points of failure, are able to replace failed components, and utilises multiple data centres designed for resiliency. In the case of an outage, the data centre is deployed across multiple data centres using current system images and data is restored from backups.
Outage reporting: In the event of an outage or failure of the service, Dagny will endeavour to provide customers advance notification if possible and be managed in such a way as to have minimum impact on the customer's operations via email and phone calls with key stakeholders.

Identity and authentication

User authentication needed: Yes
User authentication: Username or password
Access restrictions in management interfaces and support channels: Access to software is controlled by log-in and password; access to certain data is restricted by user level permissions.
Access restriction testing frequency: At least once a year
Management access authentication: Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: NHS DSPT

DTAC

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001

Other
Other security governance standards: Cyber Essentials
DTAC
NHS DSPT
Information security policies and processes: - Information Security Management System (ISMS) Policy

- Incident Response and Management Plan

- Data Breach Notification Procedure

- Risk Management Standard

- Employee Security and Conduct Standards

- Internal Audit and Continuous Monitoring Procedures

- Document Control and Records Management Standard

- Business Continuity and Disaster Recovery Plan

- Supplier and Subcontractor Management Policy

- Clinical Change Management Policy

- Clinical Event and Security Incident Reporting Process

- Compliance and Legal Obligation Register

- Training and Competency Development Framework

- Quality Assurance and Improvement Program

- Data Handling and Classification Standard

- Access Control and User Authentication Policy

- IT Infrastructure and Network Security Policy

- Remote Working and Mobile Security Policy

- Vulnerability Management and Penetration Testing Procedures

- Software Development and Maintenance Lifecycle Standard

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Dagny has processes and procedures in place covering operational security. Changes that impact security are covered at the highest priority for testing and penetration testing is performed if required. Processes are ITIL compliant.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Our vulnerability management approach is based on the National Cyber Security Office vulnerability management guidance.

This includes defined processes and protocol on assessing vulnerabilities, triage vulnerabilities and then prioritising vulnerability fixes on a monthly basis. Patches are deployed regularly with our continuous deployment development approach.

Vulnerability management is considered a key business priority. It is led by senior management and all employees are aware of the processes and procedures.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: We use a Security Information and Event Management (SIEM) for logging and analysing all events on our network. Our SIEM tool identifies suspicious activity and notifies us when a medium/high-risk event occurs.

We respond in according to our Business Continuity and Disaster Recovery plan. This includes:
1. Identifying the threat
2. Analysing all information
3. Indentifying what happened
4. Identifying what's been compromised
5. Fix security issue and restore data
6. Deteriminging business impact and notfiying users and regulators

We respond to incidents within 15 minutes in business hours and the next working day overnight, weekend/bank holidays.
Incident management type: Supplier-defined controls
Incident management approach: We have a documented incident response and breach notification procedures that includes provisions for customer notification. The priority is to deny further exposure and quickly restore services, and to contact any affected customers as soon as possible.

Secure development

Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks: No

Social Value

Covid-19 recovery
Tackling economic inequality

Covid-19 recovery

Covid-19 recovery

Our digital management service helps health and social care providers to reduce costs, increase capacity and develop new services.

Since the pandemic started, our clients have been at the forefront of the management and recovery from the impact of Covid-19. we have supported them with a range of workforce management services.

Examples of this include:
1. Our services have supported healthcare providers and staff with workforce management (onboarding, compliance, rostering, timesheets, payroll and reporting) of Covid-19 vaccination centres that have been directly administering the Covid-19 vaccination.

2. We have supported health and social care providers with their Vaccination as a Condition of Deployment (VCOD) compliance requirements through an integrated QR code reader.

3. We are supporting General Practice providers with digital management services for the provision of community Long Covid clinics and other new services which have helped manage the impact of Covid.

4. We have provided awareness through links and marketing of mental health support services to healthcare staff using our mobile app.

5. Enabled a flexible staff bank for care home workers in Devon to address the workforce crisis in care homes.

Tackling economic inequality

We support the health and wellbeing, including physical and mental health, our our workforce. This includes:

1. Access to an Employee Assistance Program for all Circular Wave staff
2. All staff on a career and development programme
3. Staff training and personnel development budget
4. Homeworking and office expenses fund
5. Regular socials and team boding days
6. Flexible remote and office-based working

We support our health and social care provider clients to support the health and wellbeing their staff. Examples of this include:

1. Signposting to health and wellbeing support services for staff using our web and mobile apps.
2. Presenting Health and Wellbeing Officer contact details and available times.
3. Facilitating staff health and wellbeing surveys
4. Integrations with health and wellbeing support services
5. Timesaving on administration tasks for flexible working staff (eg. timesheet submission, invoicing and accounting)

Pricing

Price: £9 to £29 a user a month
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Dagny

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents