Allocate Software Limited

DatixCloudIQ (DCIQ)

DatixCloudIQ (DCIQ) is a centralised risk management system that brings oversight of all risks within your organisation, supports the identification of risk themes and root cause analysis of incidents, and support the process of finding and sharing learnings across your staff to help reduce risk and increase patient safety.

Features

• Gives organisations the tools to identify errors and unsafe practice.
• Helps analyse why an adverse event happened and highlight improvements.
• Provides system-wide risk visibility prioritisation and mitigations.
• Provides managers full control of complaints and compliments process.
• Capture information on deaths and conduct a review process.
• Protect children and vulnerable adults.
• Engage staff in a positive learning culture.
• Claims provides the tools needed to manage the litigation process.
• Easy-to-use mobile app that allows anyone to capture incident data.
• Defines the improvement strategies from identified contributory factors.

Benefits

• Keep patients safe through access to data, preventing adverse events
• Understand the causes of adverse events
• Capture incidents and patient feedback
• Analyse your data to understand problems and devise improvement strategies.
• Support your clinical workforce by driving a culture of safety
• Streamline and improve your systems and processes
• Combine risk management and mitigation
• Drive a higher reporting culture across your organisation
• Complete root cause analysis on risks and incidents highlighting improvements.
• Compliant with regulatory and external body requirements.

£2.21 to £32.41 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.manager@rldatix.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

831100385216385

Contact

UK Sales
+44 (0)20 7355 5555
bid.manager@rldatix.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: DatixCloudIQ has been designed to provide limited downtime and therefore upgrades and maintenance windows will be heavily reduced. Customers will be duly notified if a maintenance window is to be scheduled which causes downtime. It is advised that the preferred method of access would be to connect to Active Directory which will then require up keep from the local IT team. This is to ensure absolute security of who can access the DatixCloudIQ Services, but local registration is possible without the need to access the Active Directory.
• System requirements: Please see Service Definition for full details.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The DatixCloudIQ Service Desk is available 9.30am to 5.00pm UK Time, Monday to Friday, except UK public holidays. email acknowledgement within 3 working hours from receipt of request; Critical = 1 working day; High = 2 working days; Normal = 5 working days; Low = 10 working days; ; Please refer to the Terms and Conditions attached to this service.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use Zendesk Chat to provide a service. Zendesk is not currently compliant with WCAG but does support US accessibility standard Section 508.Web chat accessibility testing
• Web chat accessibility testing: We use Zendesk Chat to provide the service, and details of their assistive technology compliance and testing is available at https://www.zendesk.com/company/policies-procedures/section-508-accessibility/
• Onsite support: Yes, at extra cost
• Support levels: Please refer to the Terms and Conditions attached to this service. Typically, as an RLDatix product, RLDatix have a single support level for all customers, defined in the RLDatix Service Level Agreement. The cost of this is incorporated in the annual charge. The Service Desk is the customers primary contact for technical help in the event of the customer encounters any faults in the licenced programmes that prevent it running as intended. It is also available to customers who require quick fixes or how to help in the event of a gap in knowledge. Success Plans can be purchased to provide additional administration support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide an implementation service which includes consultancy for system customisation in line with customers unique requirements; super user training for system modules, searching and reporting and administration training for post go live systems. Consultancy and training is provided remotely to minimise cost and maximise availability. All training is carried out with the use of coursework books. Online and offline user help files are available within the software itself. Our implementation team supports a period of user acceptance testing at implementation and handholds the customer for a 3 month period after 'go live' before RLDatix support Desk takes over as business as usual.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats:
  • Help files within the application
  • How to articles through the online portal
  • How to videos through the online portal
  • Guidance videos for onboarding teams to admin
• End-of-contract data extraction: The user will generate a report in the system which will then extract all data from the system into a CSV file. This will take some time to download and does not include the linked attachments to individual records.
• End-of-contract process: The user is notified that their contract is near expiry typically 3-6 months before this date. A new contract will be negotiated. If they do not wish to renew their contract they can be offered a 1 user legacy license to their data (additional charge may apply) or the data can be exported prior to this data typically this would be a CSV format to be installed in another system if required or finally the data will be destroyed. If assistance is required to extract data from the system (outside of the tools provided within the software to do so), an additional charge may apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The DatixCloudIQ system can be used on the desktop or hand held device e.g. tablet or phone - in addition DatixCloudIQ includes Datix Anywhere, an easy to use mobile app that enables any permitted user to report an incident on a mobile device to be completed later. Datix Anywhere can be accessed offline and can also capture photos and uses sophisticated voice recognition software to turn speech into text.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: DatixCloudIQ offers a mix of REST and GraphQL APIs to cover many core application functions.
• Accessibility standards: None or don’t know
• Description of accessibility: All field functions are designed to guide the user through the text and media.
• Accessibility testing: No direct testing done
• API: Yes
• What users can and can't do using the API: Services may be added and/or deleted via API; amendments are not currently supported by API.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Within the application the fields, form designs, coding, question types, templates, workflows, reports, triggers, alerts can all be customised to provide organisations with a system that works for them.; ; All customisations to the system can be managed by the organisation through a local admin, it is also possible to use RLDatix consultants and their expertise to provide any changes or improvements where necessary.

Scaling

• Independence of resources: Each customer is allocated dedicated resources that are isolated from other customers using the service. This means that organisations will not be affected by other user demands on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide reports to customers using this service which includes, Month, Date logged, Call Number, Description, status, category, met SLA, Response Dates and Customer contact calls.; ; We also provide an application health check which will utilise our consultants experience to recommend improvements to the system specific to your healthcare setting and use of the system.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: RLDatix provides customisable reporting tools that allow users to extract their data into Microsoft Excel, CSV format, PDF or XML.; ; Configurations can be exported if required.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
  • XML
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats: Documents of any format can be attached to records.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: Completely private isolated network

Availability and resilience

• Guaranteed availability: Working in partnership with AWS, Datix will be working to have an availability of uptime of 95% with the use of the service.
• Approach to resilience: Available on request.
• Outage reporting: Datix provides a service status page, separated from the application infrastructure, that users can view at any time. Users can opt to subscribe to status notifications, and receive information via email on any outages that are experienced.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
  • Other
• Other user authentication: SAML
• Access restrictions in management interfaces and support channels: There is no public facing management of the application as it all sits on a private network.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 18/09/2019
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Risk assessment of the business and put mitigations in place as appropriate (mitigations will include technical measures and policies and procedures.) all staff are trained annually to follow the policies and procedures. Datix review the risks annually for effectiveness of controls and add further mitigation if required. All security incidents are reported to the quality and security committee (which has board level representation). Incidents are investigated and appropriate actions are taken, if required additional controls are implemented. Policies and processes and our adherence to them are independently assessed as part of the continued compliance with ISO 27001.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A request for change is raised (which includes the details of the change, the risk of making the change, how the change will be implemented, tested and communicated, whether any downtime is required and a roll back plan if the change is unsuccessful). Any affected clients will be contacted to schedule the change and what will be changed. The review of the change will include any deviation lessons learned and updates to the appropriate documentation.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We sign up to various services that provided detailed information on identified vulnerabilities in components used to provide the service. These are reviewed to assess any potential threats to the service and the level of threat as well. Patches will be deployed depending on their threat level i.e. it may be part of a scheduled maintenance window or be expedited.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Log files are regularly provided to a third party that analyses them to identify any potential compromises.
• Incident management type: Supplier-defined controls
• Incident management approach: All security incidents are reported to the quality and security committee (which has board level representation). Incidents and investigated and appropriate actions are taken, if required additional controls are implemented. We contact the users affected and provide updates appropriate to the level of the incident i.e. hourly or daily. We will give the client a summary of the report to show outcomes form the investigation. Policies and processes and our adherence to them are independently assessed as part of the continued compliance with ISO 27001.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Fighting climate change and supporting Net Zero RLDatix recognises that it has a responsibility to the environment beyond legal and regulatory requirements. We are committed to reducing our environmental impact and continually improving our environmental performance as an integral part of our business strategy and operating methods. To achieve this, RLDatix has completed the following: • RLDatix has an Environmental Policy that is reviewed on an annual basis to ensure it is relevant to the business • RLDatix has engaged our travel partners to ensure travel is as carbon efficient as possible, i.e., recommends trains rather than flights • Throughout all RLDatix offices we provide waste receptacles for recycling and general waste, supporting the reduction of waste to landfill • We encourage the reduced use of water and electricity and actively encourage the staff to consider the environment whilst printing • Many of our solutions assist our customers in reducing their own carbon footprint, i.e., assisting with route planning for community-based staff • RLDatix is working to be carbon neutral in the next few years and achieve ISO 14001 accreditation Many of these environmental proposals help us and will help you in your path to Net Zero. We are firmly committed to carbon reduction, as demonstrated by our Carbon Reduction Plan, published here: https://rldatix.com/en-uke/corporate-responsibility/

Pricing

• Price: £2.21 to £32.41 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bid.manager@rldatix.com. Tell them what format you need. It will help if you say what assistive technology you use.