Skip to main content

Beta Help us improve the Digital Marketplace - send your feedback

VITALHUB UK LIMITED

SHREWD

SHREWD shows the operational situation of all Health and Social Care Providers, easily, in real-time. Users can quickly identify where capacity and demand pressures are across the wider health system, why it is happening and the actions required to support the implementation and effectiveness of a System Coordination Centre

Features

  • Real time whole system view of UEC & Elective Care
  • Simple and intuitive visual management user interface
  • Designed as a System Co-ordination Centre
  • Browser based so no additional hardware costs
  • Decision making in real time rather than on historical data
  • Supports A&E, UTC, Ambulance, 111, Social, Community & Primary Care
  • Personalised dashboard for each user with notification features
  • Web interface and smartphone app for iphone, android and windows
  • Different Dashboard views
  • Supports variety of automated and manual data feeds as required

Benefits

  • Reduce pressure in UEC and Elective Care services
  • Easily identify where pressure exists across the whole health system
  • Drill down into granular detail of why pressure exists
  • Make effective decisions in time to resolve problems
  • Transform working practice and save money
  • Reduce breaches and associated costs
  • Improves efficiency by making use of under-utilised urgent care capacity
  • Improves resilience of the urgent care system, easing winter pressures
  • Significantly reduces meeting time and conference call durations
  • Visibility across geographical boundaries provides more options to relieve pressure

Pricing

£30,000 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin.garrod@vitalhub.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 0 7 8 2 1 8 7 9 4 4 4 2 8 3

Contact

VITALHUB UK LIMITED Mr. Colin Gqrrod
Telephone: +442045833142
Email: colin.garrod@vitalhub.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
The application requires HSCN connectivity for health specific use and users should have nhs.net email addresses or NHS approved equivalents. The data used is publicly available and non-patient identifiable, but data sharing agreements should be put in place between the organisations within the local health community. The data is best provided via a web service or API (other options such as csv/manual upload available). A degree of integration knowledge is useful, however full support can be provided.
System requirements
  • Modern compatible web browser
  • Internet connection (2mbps minimum, 5mbps recommended)
  • Users must have a nhs.net email address (or NHS equivalent)
  • Capability to extract data from source (e.g. API, webservice)

User support

Email or online ticketing support
Email or online ticketing
Support response times
The manned helpdesk (telephone and email) is available 08.30 to 17.30 Monday to Friday.
Priority and timescale
1 (High): Full system outage – no users at all can use the system. Response: Resolve 4 hours.
2 (Medium): Partial system outage – a significant number of users are affected: Resolve: 1 business day
3 (Low): Minor – a handful of users or a part of the system is not working to Specification: Resolve 3 business days
4 (Query) : Minimal impact: Resolve 20 business days
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Ongoing technical support and a dedicated account manager is included within the monthly fees for the provision of the application. This includes the standard SLAs as follows:

Telephone and email helpdesk 08.30 to 17.30 Monday to Friday.

Priority and timescale
1 (High): Full system outage – no users at all can use the system. Response: 10 mins. Resolve 4 hours.
2 (Medium): Partial system outage – a significant number of users are affected. Response 10 mins. Resolve: 1 business day
3 (Low): Minor – a handful of users or a part of the system is not working to Specification. Response: 10 mins. Resolve 1 business day
4 (Query): Minimal impact. Response; 3 business days. Resolve 20 business days.

Initial set up and additional training, integration and development services are available as per the rate card provided.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Customers receive a detailed Welcome Pack which outlines the implementation process for the product. A detailed and customised implementation project plan is then drawn up. This includes for users. Each stakeholder is invited to nominate a superuser who receives comprehensive training in all aspects of the system. They will cascade training within their agency and become the first point of contact for questions and issues from within that agency. The help desk is also available for enquiries regarding use of the system. Documentation and video training is available via the application for users to access.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats
  • Microsoft Word formats (doc and docx)
  • Microsoft Excel formats (xlxs, xls and csv)
End-of-contract data extraction
All raw data is real-time and publicly available and retained by the source organisation(s). All data provided over the duration of the contract can be extracted as a CSV at contract end and shared with the relevant organisation.
End-of-contract process
Source data feeds are switched off and accounts suspended.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Functionality is the same across both mobile and web platforms, however data analysis and reporting functions are significantly reduced on mobile devices due to limitations on mobile device capabilities (e.g. limited memory). There are dedicated mobile versions for iPhone and Android platforms.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Various NHS data providers use SHREWD Web APIs to push anonymous data into the SHREWD database. The data shared consists of three fields (IndicatorId, Current Values and Date Timestamp).
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The user interface is tested to ensure compliance is maintained and conforms with WACG 2.1 AA and above
API
Yes
What users can and can't do using the API
Various NHS data providers use SHREWD Web APIs to push anonymous data into the SHREWD database. The data shared consists of three fields (IndicatorId, Current Values and Date Timestamp). Customers can extract data using a RESTful API. The SHREWD backend API is restricted to SHREWD UI usage which users cannot access directly.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Indicators used for personalised dashboards and alerts can be set by users via the user preference feature. Dashboards can be customised to suit each user group. This is via SHREWD UI using SHREWD internal API, and not directly using customer APIs.

Scaling

Independence of resources
The primary servers are on a managed cloud provision. Application and server monitoring is in place to monitor the resource usage. Automatic alerts are in place to provision new resources when there is a need to scale.

Analytics

Service usage metrics
Yes
Metrics types
Users, Organisations, Indicator, Dashboards, usage stats, performance metrics, metric updates (frequency, total and usage) and feature usage metrics.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
Database TDE Encryption
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via the application menu, a user can select various export options including the formats listed below.
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • Excel
  • SQL
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • Excel

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
The primary datastore is replicated across networks using SSL. File based data transfers are password locked and encryption done using private/public key encryption algorithm.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
The primary datastore is replicated using SSL. File based data transfers are password locked and encryption done using private/public key encryption algorithm on top of TLS.

Availability and resilience

Guaranteed availability
Planned maintenance is undertaken outside business hours. The Service Commitment target is 99.95%. A Kubernetes cluster and database replicas are used to ensure that the level of availability is maintained.
Approach to resilience
Non-Disclosure Agreements are in place with all hosting provider suppliers. A risk assessment is undertaken for each supplier, with any required actions (which can include the supplier being subject to a security audit by the hosting provider) are conducted and managed by the Director for Supplier Management in conjunction with the Information Security Manager. All suppliers are audited as part of ISO 27001 third party audit policies, which are in turn assessed by qualified and impartial third-party ISO 27001 compliance assessors. Due diligence is performed on any security impacting third parties prior to selection and appropriate security requirements are built into contractual agreement where necessary. All strategic suppliers are assessed for their Business Continuity provision. Once reviewed the results of the assessment are analysed to assess the supply chain risk with regard to business continuity. Those suppliers considered to be inadequately prepared to deal with a BC scenario affecting their own organisation, which could therefore impact on the hosting provider to continue normal service operations, will be subject to further auditing, via a more detailed questionnaire or onsite at their premises. Third party suppliers are audited at least annually, with a shorter (quarterly) audit cycle for critical suppliers.
Outage reporting
When the service has a disruption or outage, users are notified through emails and via our support service application

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Other
Other user authentication
Location based filtering combined with username and password; multi factor authentication that generates a JWT token that runs amongst microservices, ensuring access control for each request.
Access restrictions in management interfaces and support channels
Access to accounts that are created for internal admins is limited. Created accounts use two factor authentication to be able to access the interface.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
06/04/2023
What the ISO/IEC 27001 doesn’t cover
No Exceptions
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
DSPT Organisation Code 8JF22

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Security policy, access control policy, asset management policy, classification of information policy, compliance policy, cryptographic policy, HR process, information security incident management, medical policy, mobile device and networking policy, network security management policy, operations workflow, operations security policy, organisation of information security, physical and environmental security, supplier relationships policy systems acquisition and development policy, business management operational objectives, individual user agreement, non-conformance, customer feedback, internal audit procedure, change control procedure, design control, major incident process, business continuity plan, problem management procedure, document management procedure, contact review process, supplier review process etc.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Processes are in place to ensure that all changes to the system are authorised and tested prior to being deployed. These are compliant with the relevant aspects of NHS Data Security Protection Toolkit. To track components of services over time, version control is enforced, and access control records are kept and monitored. All change requests are documented and assessed. All staff are trained on operational procedures maintained on the company intranet, including Access Control and Password Management Procedures, Change Control Process, Privacy Impact Assessment & IG Checklist, Project and Change Management Control Plan, Network Security Policy, and Information Security Policy.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All servers are covered by a comprehensive monthly patching and maintenance schedule. Any important or urgent patches are applied out of schedule, with important patches within 2 weeks of a patch becoming available, and critical patches within 24hrs. Patches are always applied to Dev, Test and Staging environments first to prevent issues with production environments.
Servers are actively monitored by a variety of tools including Spiceworks which highlight out of date software version numbers to the internal support team for action.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Measures are put in place to detect any attacks or unauthorised activity as part of a process compliant with the relevant aspects of the NHS Data Security and Protection Toolkit i.e. Information Security Assurance, Incident Management, and Investigation. Potential threats to our services are assessed through employing a 'listener', upon the detection of a threat the relevant IP address is immediately isolated and blocked, whilst a potential threat to our software products is monitored and curtailed immediately with patches deployed automatically to the affected areas.
Incident management type
Supplier-defined controls
Incident management approach
We have an incident management process in place to ensure incidents are dealt with to recover a secure and available service. The guidelines apply to all staff and include: All incidents must be reported to a manager and/or Information Security Team. An incident report is then completed detailing; name of the individual reporting the incident, the date, where the incident occurred, details of the incident and any actions taken, including who the incident has been reported to and the date the report is created. The Information Security Team investigate the incident and employ the necessary measures and actions to resolve

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

We acknowledge the undeniable challenges faced by the NHS and all providers supporting Health and Social Care nationally, and we recognise the staff and the resolute response they have demonstrated in the face of mounting workforce pressures and the increasing demands on NHS services. Our products and services have a positive impact on Net Zero that align with the NHS carbon challenge.
VitalHub UK regards itself as a Human Systems company that does IT, that’s because we couldn’t do what we do without our people, or the users of the system. We have a strong commitment to corporate social responsibility (CSR) and a vision to create positive social, economic, and environmental impacts. Our corporate statement elaborates on how we ensure the delivery of social value through our products and services, describing the benefits we offer in terms of improving economic, social, and environmental well-being.
We are dedicated to minimising our environmental impact. The company's practices, such as reducing emissions, promoting recycling, and encouraging eco-friendly transportation options, align with the goal of protecting the environment. By reducing our carbon footprint and advocating for sustainable practices, VitalHub contributes to the environmental well-being of the local community. We positively encourage (on an individual basis) our staff to work remote and use public transport where practicable.
Our services are designed to help healthcare organisations reduce costs and enhance efficiency. By streamlining business processes and improving information management, the company supports public organisations in achieving better value for money whilst fighting climate change at the same time maintaining the quality of healthcare services.
We also ensure that our suppliers adhere to quality management systems and relevant legislation. This ensures that the services provided to public authorities meet high standards, leading to economic savings and a reduction in inefficiencies.

Covid-19 recovery

We acknowledge the undeniable challenges faced by the NHS and all providers supporting Health and Social Care nationally, and we recognise the staff and the resolute response they have demonstrated in the face of mounting workforce pressures and the increasing demands on NHS services. The NHS as a whole has been grappling with escalating demands and the pressures placed on healthcare systems across the country have been profound, necessitating creative solutions and a collaborative spirit to ensure the well-being of our communities. As a provider of solutions to the NHS we have stood on the frontlines, facing these challenges with determination and resolve.
Over the last two years, healthcare organisations and staff across the globe have unanimously felt the effects of the COVID-19 pandemic and united together to ensure continuation of service and the health of the population while operating in exceptionally uncertain conditions. As a provider of critical IT and software solutions to healthcare organisations, and in light of the dual pressure of both performance and pandemic, protecting not just the health but also the happiness of employees, who sit at the heart of servicing these organisations, has become a business imperative. 
We have collaborated and worked with our customers through and pots COVID to ensure our technologies help improve patient services and optimise limited NHS resources.

Tackling economic inequality

VitalHub have been involved in several initiatives, not only in the UK but globally, that we would like to highlight as examples of our commitment to Social Value and helping where we can to tackle economic inequality, examples include:
• We work closely with UK universities to provide Knowledge Transfer Partnership opportunities to graduates, which has resulted in employment with us for all participants to date.
• We have provided apprenticeship and secondment opportunities to the community and to customers to support workforce development and growth, as well as industry knowledge.
• We are about to provide a workplace scheme to encourage the use of electric cars.
• We have encouraged more home working to reduce carbon footprint.
• We have gifted laptops and other hardware to students, schools, and NHS organisations.
• We have sponsored a number of workshops and gatherings for patients and NHS providers, with no involvement from ourselves.
• We have provided free education on ICT and infrastructure to schools, particularly in areas of deprivation.

Our comprehensive CSR initiatives and dedication to ethical business practices strongly align with the Public Services (Social Value) Act 2012. By focusing on economic, social, and environmental well-being, the company not only meets the requirements of the act but goes above and beyond to ensure that its services and products are a force for positive change in the communities it serves. Our commitment to delivering social value is a testament to our dedication to public services and the betterment of the communities we support.

Equal opportunity

We are an equal opportunities employer, conversant with the Human Rights Act 2010, Working Time Directive, and the Modern Slavery Act 2015. We are committed to equality of opportunity and to providing a service and following practices which are free from unfair and unlawful discrimination. The terms equality, inclusion, diversity, and equity are at the heart of our values. We value people as individuals with diverse opinions, cultures, lifestyles, and circumstances. 
We will actively support diversity, equity and inclusion and ensure that our workforce is valued and treated with dignity and respect.  We to encourage everyone in our business to reach their full potential and enjoy their work. 
Modern Slavery Prevention: Our stringent modern slavery prevention measures align with the Act's objective of promoting ethical business practices. By ensuring that modern slavery is not present within its operations or supply chain, VitalHub contributes to social well-being by promoting fair and just labour practices.
Our comprehensive CSR initiatives and dedication to ethical business practices strongly align with the Public Services (Social Value) Act 2012. By focusing on economic, social, and environmental well-being, the company not only meets the requirements of the act but goes above and beyond to ensure that its services and products are a force for positive change in the communities it serves. Our commitment to delivering social value is a testament to our dedication to public services and the betterment of the communities we support.

Wellbeing

At VitalHub we look at wellbeing in several ways,
Social Well-Being, our people, our partners: We take pride in how we support all our people, whether office or remote workers through multiple ways that have include virtual coffee times and workouts for remote workers in addition safe wellbeing meetings, open door access, team meetings and supporting social occasions.
VitalHub actively engages in charitable and community support initiatives. By allowing staff to request sponsorship or monetary donations for local charities, sports clubs, and community centres, VitalHub directly supports social well-being in the communities where it operates. We select two UK charities each year to support both internally with team activities and fundraising but also externally by promotion and exposure. This year’s charities are Julia’s House and Hospice in the Weald. Julia’s House was nominated to us by one of our customers and provides hospice care to some of the most seriously ill children across the counties of Dorset and Wiltshire. The Hospice in the Weald was nominated by one of our team who wanted to show gratitude to the hospice that provided care to his wife shortly after they married and had a child. Our team have raised nearly £3k to date for these charities.
Environmental Well-Being: Protecting the Environment: We are dedicated to minimising our environmental impact. The company's practices, such as reducing emissions, promoting recycling, and encouraging eco-friendly transportation options, align with the goal of protecting the environment. By reducing our carbon footprint and advocating for sustainable practices, VitalHub contributes to the environmental well-being of the local community.
Empowering Healthcare Organizations: we empower healthcare organisations to enhance the quality of care they provide to their patients and communities. By doing so, the company contributes to improved healthcare outcomes, thus positively impacting the social well-being of patients and local communities.

Pricing

Price
£30,000 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at colin.garrod@vitalhub.com. Tell them what format you need. It will help if you say what assistive technology you use.