GHX UK Ltd

NEXUS

NEXUS is an item data management solution that provides access to clean and accurate item and pricing data from over 800 supplier-managed catalogues. The web-based interface makes finding the product information you need easy and connects with your existing ERP and inventory management system, creating a more efficient purchasing process.

Features

• User-friendly cloud-based data storage and interface
• Over 2.5 million clean, up-to-date healthcare items, immediately available
• Load your own item and contract pricing data directly
• Collaborate with suppliers to upload, maintain and validate item data
• Notification of amendments from your suppliers
• Approve or reject supplier item data amendments
• Distribute and share item and contract data across your ICS
• Supports GS1 standards, GTIN validation and GDSN supplier data
• Item data integration with existing ERP and other systems

Benefits

• Efficient item data management
• More accurate ordering, improved invoice matching and better contract compliance
• Supplier catalogues represent over 80% of healthcare consumables and devices
• Increases supplier collaboration through the online portal
• Greater visibility of shared item data, reducing the administrative burden
• Reduces the need for manual resolution of order queries
• Reduces the need for manual resolution of invoice pricing issues
• Helps you to meet your Scan4Safety requirements
• Single source of truth for all parties and other systems
• Supports inventory management systems with access to the right data

£8,000 to £37,500 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.minards@ghxeurope.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

817829538781013

Contact

James Minards
0345 620 2222
james.minards@ghxeurope.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Maintenance and updates do not usually require the service to be made unavailable. Where this is required any; downtime will be scheduled between 18:00-20:00 to minimise impact to customers.
• System requirements:
  • Access to the internet
  • Defined versions of web browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - Target 1 hour. Priority 2 - Target 2 hours. Priority 3 - Target 4 hours. Priority 4 - Target next working day.; Out of hours support can be provided on request. Additional fees apply.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: GHX provides a single comprehensive level of support. When an incident is reported to the UK support team,; priority is established based upon the business impact to the customer, using the Salesforce.com CRM system.; OLA's are in place for escalations beyond the support team to technical teams. Support and an account manager is provided as part of the annual subscription fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: GHX provides onsite or remote online training as agreed with the customer. Online user documentation is available; through the user interface.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract their data through the user interface at the end of their contract or via request to the support team.
• End-of-contract process: At the end of the contract, GHX will support the customer with extraction of their data. There is no additional cost to; the customer for extraction of the data through the user interface. In addition, GHX works closely with the customer; on an Exit Plan to enable continuity of service with a smooth and secure transition of service to them or a; replacement service provider.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: NEXUS provides an intuitive user interface supporting full management of the customer's data and applicable; business processes.
• Accessibility standards: None or don’t know
• Description of accessibility: NEXUS is designed to be highly flexible with easy-to-use functions that are accessible for all users.
• Accessibility testing: So far, GHX has had no customer requests to support assistive technology, but will look to support this where; needed.
• API: No
• Customisation available: No

Scaling

• Independence of resources: To maintain high levels of service availability and provide services that scale to meet growing supply chain; demands, GHX leverages an Information Technology Service Management (ITSM) framework committed to; continual service improvement. Guided by the Information Technology Infrastructure Library (ITIL), GHX integrates; people, process and technology to manage its vital supply chain services. This comprehensive and coordinated; approach to service management enables GHX to continue to meet the evolving 24/7/365 demands of the; healthcare supply chain.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of Catalogues, Number of Published Catalogue Items, Number of Unpublished Catalogue Items, Number of; Contracts, Number of Published Contract Items, Number of Unpublished Contract Items, Number of Catalogues; Awaiting Approval, and Number of Contracts Awaiting Approval.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export their data through the user interface.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • TSV
  • TXT
  • GS1 XML CIN v3.1

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: GHX understands the critical nature of the services provided to the healthcare supply chain community. For more; than 10 years, healthcare providers, suppliers, distributors and group purchasing organisations have been relying on; GHX to provide enterprise-grade services. Year after year, GHX customers consistently rate GHX service availability; as one of the top reasons they choose to partner with GHX. GHX provides over 99.9% annual uptime of core; Exchange services; processing approximately one million supply chain transactions per day for its healthcare; trading partners, including over 4,100 medical providers and 400 medical suppliers.
• Approach to resilience: Available on request.
• Outage reporting: GHX proactively monitors the availability of the services we provide. 24/7/365 automated monitoring and alerting.; Tier 1, 2, and 3 Customer Care and Application Support centres. Network Operations Centre (NOC) for incident; management and customer assurance. Prioritised incident management with response, resolution and; communication targets based upon impact and urgency.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is provisioned to GHX users on a "need to know" basis. GHX maintains on and off-boarding procedures that; are test 2x per year during SOC1 and SOC2 audits.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: GHX aligns with the PCI DSS requirements for a security program.
• Information security policies and processes: GHX maintains information security policies that are updated at least annually. Policies that have been translated (in; Dutch, French and German) include: (1) IT Management Policy; (2) Information Security Management Policy; (3); User ID and Password Guidelines; (4) Data Classification and Handling Guidelines; and (5) Reporting Security and; Privacy Incidents Procedures. To protect the data in its care, GHX looks to the ISO/IEC 27000 series of standards; as the framework for the Company’s information security management system. GHX also looks to best-practice; security controls in protecting data in its care, including those published by the National Institute of Standards &; Technology (NIST). The GHX security program is managed by its Global Security Operations Director, under the; direction of the GHX Vice President, Global Operations and Infrastructure. GHX also maintains a compliance; department, managed by the Director of Compliance, under the direction of GHX Vice President, General Counsel.; The compliance department is responsible for monitoring compliance with policy documents and engages an independent 3rd party to audit compliance annually (SOC1 and SOC2 audits). The SOC1 and SOC2 audits focus on activities in North America but also include global audit of certain strategic controls.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Change Requests are received and reviewed by the change management team for completeness, accuracy and; operational readiness, including but not limited to: (1) targeted implementation date; (2) business and security risks;; (3) priority; (4) business justification; and (5) any other change-related information. Changes are categorised by: (1); Informational; (2) Patch; (3) Standard; (4) Minor; (5) Major; and (6) Initial Production Release. GHX performs asset; inventories to track service components through their lifetime. Change process is used to track changes to assets,; including the install and decommissions of assets. Changes are reviewed by the security team for potential security; impacts.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: GHX performs quarterly vulnerability scanning to identify vulnerabilities in the infrastructure and applications. GHX; performs quarterly penetration testing to assess if the vulnerabilities can be exploited. If exploits are discovered,; then GHX will apply applicable patches, remove Internet access to affected systems, or make other changes as; necessary to remediate the exploits. Patches are applied to systems on a quarterly basis. GHX’s Global Security; Operations Director attends security conferences and subscribes to news feeds to get information about potential; threats.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: GHX monitors the systems and investigates alerts from the monitoring tools. GHX investigates security alerts from; system logs, office productivity applications, intrusion detection and prevention systems, and tickets submitted by; end users to identify potential compromises. GHX follows its incident response procedures to evaluate the incident.; Infrastructure and application engineers will be engaged for the technical analysis on incidents and take appropriate; action to resolve the incident. GHX Global Security Operations Director oversees the incident investigation, and the; GHX Director of Compliance oversees the investigation for breaches of data and requirements for reporting.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: GHX has a defined GHX Security and Privacy Incident Response Plan for responding to incidents. Customers report; incidents to GHX customer success team, and the customer success team keeps the customer informed of; progress. GHX employees use internal ticket procedure to report incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  GHX is committed to meeting the NHS target of Net Zero. As a company, we have reduced office space and are striving to ensure that all systems and processes have the minimum environmental impact.

  Covid-19 recovery

  GHX has invested in technology and processes to minimise the impact of COVID-19 and future pandemics. People and systems are resourced and deployed remotely, and suitable redundancy and scalability are planned for each area.

  Tackling economic inequality

  GHX continually reviews its employment policy and guidelines to ensure fair and equitable remuneration. GHX pays above the minimum wage and ensures recruitment and rewards align with market needs.

  Equal opportunity

  GHX has equal opportunity requirements and policies embedded in our HR policies. Regular reviews are held to ensure remuneration and opportunities are suitably balanced.

  Wellbeing

  GHX prioritises the wellbeing of its staff and, where applicable, its customers. As a company, we provide various free, easily accessible wellbeing services to all staff and their families. In addition, regular people leader reviews and surveys identify areas of concern, and we address them as a priority.

Pricing

• Price: £8,000 to £37,500 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.minards@ghxeurope.com. Tell them what format you need. It will help if you say what assistive technology you use.