Clarity Informatics Limited

Agilio Practice365

Agilio Practice365 is a GP practice website platform that provides the tools to manage demand, improve patient outcomes and satisfaction. Key functionality includes a drag and drop editor, digital signposting, modern accessibility standards, content sharing and SEO optimisation.

Features

• NHS Benchmarking compliant
• Accessibility WCAG 2.1 AA+ rated with voice search optimisation
• Mobile and Device optimised
• Clear Digital Signposting
• Dynamic Forms and surveys
• TeamNet and Agilio Link integration
• Content Sharing and Broadcasting
• AI content writer and SEO optimisation
• Privacy Preserving Analytics suite
• Simple to use drag and drop editing tool for CMS

Benefits

• Improve patient access through accessible website
• Add and edit content easier using drag and drop editor
• Signpost patients to relevant services
• Share content across multiple websites easily
• Dedicated support team to update your website
• Cost effective solution with hosting & support included
• Manage content across multiple sites through one action
• Save time through unique integration to Link and TeamNet

£495 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

806238537535584

Contact

James Stephenson
01912875800
james.stephenson@agiliosoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints with Practice365 - the websites function on all internet-connected devices, and has limited/no planned maintenance arrangements.
• System requirements:
  • Internet connectivity
  • Modern, supported browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customer service desk is available Monday to Friday 9am-5pm excluding bank holidays. Response times to emails are typically within 1 working hour but will depend on the nature of the query.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided via phone, email. We provide support from 9am-5pm, Monday-Friday. No additional charges for accessing phone and email support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: 1. Getting Started; We know Primary Care – That means we can skip expensive research and strategy sessions, and long content gathering exercises.; ; To kick off, we just need a few bits of information from the practice – Name, Practice Code, Current Website address, and the member of your team we should be talking to – that’s it. We’ll do the rest.; ; 2. Build; Our team migrates the content from your website into our platform – We do this by hand to make sure your content looks perfect, and we’ll find and add any content that might be missing.; ; 3. Review; We send you a link to your new review website – you and your team can access it, but patients won’t be able too. Look it over, and let us know what you think. We can make any changes at this point, or any time in the future.; ; 4. Launch; Once you are ready to go live, just let us know. We liase with your current provider and manage the entire process for you.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Within two weeks notice of the request, we can provide a full export of website content in a zip file
• End-of-contract process: We will provide an export of customer data and stop hosting the website

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our websites are mobile optimised to suit the dimensions of mobile and desktop devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Our GP practice websites are public-facing websites that fulfil all modern accessibility criteria. We typically build websites that follow the NHS Nightingale branding scheme to ensure consistency with other NHS Websites. Our Practice365 platform also includes a backend content management system (CMS) to enable practice staff to make website updates.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: We work with a recognised accessibility organisation to facilitate in person accessibility testing sessions.
• API: Yes
• What users can and can't do using the API: We can include a variety of applications within our website, including patient apps such as Patient Access and SystmOnline, as well as eConsultation products such as Link, eConsult, AccuRx and others.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Users can provide the design preferences they'd like for their website during the build phase. Once the website has been built, users can make changes to the website with new pages, content and design amendments, using the backend content management system.

Scaling

• Independence of resources: Our cloud infrastructure includes data management to ensure partitioning between customer organisational databases, so that traffic on one website doesn't affect others significantly.

Analytics

• Service usage metrics: Yes
• Metrics types: Practice365 uses a privacy preserving first party analytics solutions to provide a full 360 view of digital patient journyes across multiple organisations. This includes patient engagement, intent and behaviour reporting.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Customers can export some data within the backend CRM, which enables exports of blog posts and other website content. We can also provide a full export of all website data upon request. The data is provided in a zip file in HTML format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our target availability is that the services are available on a 99.5% basis, measured each calendar month.; ; The SLA's are set out within our terms and conditions.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts are provided if there are issues affecting the website, as well as public dashboard to view status

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Our backend CMS is only accessible to customers, and is a way to log issues. Access is protected through accounts with password protection. When we receive contact via phone or email, we validate the customer details against those hold in our database.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 29/10/2022
• What the ISO/IEC 27001 doesn’t cover: No exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security policies and procedures are documented in our ISMS, which is independently audited and certificated to ISO27001. This includes board level responsibility and formal paths for asset ownership and risk management.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management is operated within the ISO27001 framework. Asset registers are maintained by the information asset owner to ensure component assets and access to them are monitored and controlled on a constant basis. Changes are identified and planned with authorisation at the project, director or board levels dependant on the nature of the change to the service. Changes are planned and tested based on risk assessment, scope of change and criticality to the service. Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events, are maintained to provide a "means of escape".
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats and vulnerabilities are reviewed prioritised action. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. Likely potential threats include both technological and regulatory sources. These are identified via a monitoring software, user feedback, security blogs, regulator advice, partner organisations etc. In addition we utilise antivirus software and firewalls to mitigate the risk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Detailed domain and activity logs are retained. Logs are in place against each asset/component and alerts are generated for the relevant team dependent on the issue/asset to be analysed and assessed. Potential compromises are assessed immediately and escalated as required. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. We also utilise anti virus software and firewalls.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed following a pre defined process including -Monitoring, detecting, analysing and reporting of security incidents and events -Incident response planning and preparation -Handling of evidence -Assessment and decision on security incidents and security weaknesses -Escalation, controlled recovery from an incident and communication to both internal and external people and organisations -Security incidents of relevance to you will be reported in acceptable timescales and formats Users report incidents via the helpdesk or telephone. Incidents are recorded in the incident log including details of the incident, actions taken.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  The platform contains a number of features to ensure those sufferings from economic inequality are not further disadvantaged by the move to online services, this includes automated size reduction on PAYG network connections and unmetered access to .nhs domains.

  Equal opportunity

  The platform meets and exceeds the Public Sector Accessibility regulations and in doing so ensures all patients can access health services digitally - this includes automatic language translations and full support for assistive technologies.

  Wellbeing

  The platform makes it easier for patients to find and access relevant healthcare services, 24/7 and without increasing demand on the practice.

Pricing

• Price: £495 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.