Digital School Screening and Health Questionnaires
Comprehensive digital system to manage child screening programmes including;
- NCMP Height and Weight
- Vision
- Audio
Includes electronic consent (eConsent) forms to manage parental preference.
Fully configurable School Health Assessment Module to manage school age assessment questionnaires.
Features
- Digital Consent Form
- Available on any device
- Use with just an internet connection - no local hosting
- In built security
- Real time reporting of uptake and compliance
- Digital triage for health questionnaires
- Templates to record all screening outcomes
- Data output for use in electronic clinical records
- Interoperability with other systems
- Simple and easy to use for all staff
Benefits
- Integrated digital system to simplify administration and data recording
- Accessible anytime using any device
- No paperwork!
- Cash savings on paper and transport
- No hassle for parents and carers
- Zero IG breaches
- Better relationships with stakeholders
- Significant time savings for staff
- Easily transfer data to other clinical systems
Pricing
£6,495 to £8,990 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 1 7 2 3 5 8 7 4 5 7 7 8 8 6
Contact
Cinnamon Digital Applications Limited
William Aspinall
Telephone: 07789483562
Email: support@cinnamondigitalapplications.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No known constraints.
- System requirements
-
- Windows 10 minimum
- Internet connectivity
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Same day response to all helpdesk queries logged between 9-5 Monday to Friday (excluding bank holidays).
All queries logged outside of these hours will be answered the next working day. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
- Customers fully supported by Monday to Friday service desk for queries and standard break fix. Emergency on call service for out of hours.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
All customers benefit from onsite deployment support. Our on boarding model ensures that customers feel confident using our software and that products are fully customised to meet customer requirements.
This includes;
1. Full review of standard build and customisation to meet local requirements.
2. Provision of test environment for local testing and training.
3. Onsite training for core users.
4. User documentation
5. Offsite webinars for remote training
6. Mon-Fri service desk support - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Data is fully extracted from our systems by our administrators and transferred to customers securely via encrypted email or other means in text file format (csv, txt etc.)
- End-of-contract process
-
Towards the end of a contact term, we will provide a customer exit plan. This will set out exit governance and the activities required in the final months of the contract.
The exit plan will identify assets to be transferred and any data migration requirements. It will also outline how this will be managed and any ongoing requirement for the suppliers software at the end of the contract term. The exit plan will set out the suppliers chargeable services and how these are agreed between the parties including timing. At the end of the contract all data is securely returned to customers. Data is deleted from our systems. All customer content is removed from our active servers.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- No difference between mobile and desktop services. Page scaling enabled to customise user views on any device.
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
- API set up is carried out by the supplier. The API provides a full dataset containing all information stored in the application.
- API documentation
- No
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- All consent forms can be fully customised. This includes; questions, branding, formatting and assigned logic.
Scaling
- Independence of resources
- All customer applications are provided using their own instance. Each instance is automatically scaled to ensure peak demand doesn't affect service performance. This includes memory and disk space.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Full analysis of completed consent forms.
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- A restricted administration account is provided to each customer. This account can be used to generate a full database export of all data to .csv file.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
-
Our agreed SLA uptime is 99%. We measure this using our cloud service dashboard.
We will provide service credits where the availability service level is not achieved:
Availability Service Credit
99% - 0%
95% - 2.5%
90% - 5%
Less than 90% - 10%
This excludes permitted downtime (4 hours per month) or any separate agreement with the customer. - Approach to resilience
-
All application deployments are configured to use their own instance. This means that each deployment is wholly separate from others.
Our architecture is designed to eliminate cross-customer interactions. This means that we reduce the risk of security breaches and improve resilience for each and every customer. - Outage reporting
- We will contact customers directly to report all outages through pre-agreed channels.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- We use role based access controls. All roles and user profiles are agreed in the scoping sessions with customers.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Limited access network (for example PSN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
As a micro company, all staff are fully vetted through a comprehensive recruitment process.
Our staff are fully trained in information security standards and are expected to adhere to the company information security policy at all times.
Our policy covers all the key requirements of GDPR. - Information security policies and processes
-
Board level Information Security Officer.
Quarterly review of Information Security Compliance and standards on all active customer projects.
Staff are required to complete annual IS mandatory training.
Spot checks on employees and processes.
Non compliance is dealt with formally through our HR processes.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All software configuration is managed through our in house configuration portal. This ensures our developers have access to the most up to date information about the functional specification and all change management history.
All code, scripts, modules and components are assessed during the development cycle for security impacts. This includes third party vetting and assurance. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Our company has a board to floor risk management and assurance policy. All active risks are recorded on the company risk register with appropriate mitigations.
Our infrastructure is managed by a third party (Microsoft) who assess, mitigate and manage threats and vulnerabilities on our behalf. All server maintenance including patching is conducted by Microsoft in accordance with their release schedule.
Our company subscribe to the national UK CARECERT system to receive warning of potential threats and vulnerabilities. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Database and server logs are monitored using real time dashboards to identify potential compromises.
If a potential compromise is identified we will immediately work with any affected customer to close down the breach and return the service to normal operating standards.
Any breach would be considered a serious incident and would trigger an internal company review. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Customers are advised to report all incidents to our service desk. Incident management will depend on the severity x impact.
Incident reporting can be provided to customers on request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Introduction of our system has a significant impact on greenhouse gas emissions and contributes greatly towards net zero greenhouse gas emissions. Our systems and processes have multiple environmental benefits that cannot be overstated. These include;
Elimination of paper from immunisation pathway
Significant reduction in transport time and fuel
Reduced vaccine wastage because of accurate daily school lists
Reduced administration
Streamlined immunisation sessions in schools
Zero on-site storage for paper records
Fully hosted and managed in the Microsoft Cloud so efficiencies in IT hardware provision with carbon offsets
Reduced errors and re-work
Our main supplier Microsoft is committed to be carbon negative by 2030. Cinnamon Digital Applications Limited is committed to reducing our environmental impact. We have taken the following actions to support that commitment:
Purchase green electricity to power the buildings we operate in
Create our own energy using solar panels on the buildings we operate in
Only lease electric cars for our employees
Increase recycling
Provide time for our employees to contribute to local environment groups including habitat creation and tree planting
Eliminate paper from our offices and processesCovid-19 recovery
Add something here
Cinnamon Digital Applications Limited only contracts with suppliers based in the UK. We only contract with suppliers that have shown a full commitment to eliminating modern slavery.Tackling economic inequality
Cinnamon Digital Applications Limited only contracts with suppliers based in the UK. We only contract with suppliers that have shown a full commitment to eliminating modern slavery.
As a micro company we have a full understanding of our external contracts with third parties and regularly review these to ensure they are fit for purpose.Equal opportunity
Cinnamon Digital Applications Limited has taken steps to increase the representation of disabled people in the workplace. This includes;
Equality and Diversity training for all staff
Provision of home allowance to improve home based working environment
Paid leave for all healthcare appointmentsWellbeing
Cinnamon Digital Applications Limited is a micro company. We are proud of our staff. Their well being and happiness at work is our main priority. We are a fully inclusive team and because of that all of our staff are working towards the same goals.
We are fully committed to the Mental Health at Work Commitment and the six standards in the pledge.
All our staff are encouraged to prioritise their mental health and we proactively promote an open culture where our staff are encouraged and supported with tools and time to maintain positive mental health outcomes.
Cinnamon Digital Applications Limited is proud of our community engagement activities. As a small company we have a responsibility to our staff, their families and their local communities.
We support local charities and groups with donations of time and money. We provide time for our staff to attend volunteering opportunities including tree planting and bereavement support.
During covid we dontated a signicant sum to a local school to purchase hardware to support remote learning for underprivilaged children.
In 2024 we aim to finalise a sponsorship scheme to sponsor local young people attend Higher Education to study coding as a career path. We are proud of this aim and are comitted to making it happen.
Pricing
- Price
- £6,495 to £8,990 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No