Being Guided @ Xceliant

Social Care Cloud

Health and social care, integrated.. Enabling digital innovation to be applied by public sector organisations through embracing a 5-step Design Thinking method, embedded in this Software-as-a-Service (SaaS) app made available on Salesforce Lightning Platform.

Features

• Integrate hospital EPR, GP EPR and adult social care systems.
• Extensible No-Code innovation: Salesforce Lightning Platform.
• Fully supports NHSX Interoperability Standards: FHIR; and, HL7.

Benefits

• Reducing Delayed Transfer of Care (DTOC) and hospital bed-blocking.
• Enables health and social care people to collaborate with citizens.
• Ensures matching of social care needs with social care budgets.

£12,000 to £60,000 an instance a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.smith@beingguided.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

836226639476570

Contact

Ian Smith
44 7785 264 957
ian.smith@beingguided.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Salesforce Lightning Platform or Tangle.io App Platform.
• Cloud deployment model: Public cloud
• Service constraints: No constraints.
• System requirements:
  • No software to install - Software-as-a-Service (SaaS).
  • Runs on all popular Web and mobile device browsers.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Same day email response, 5x8, excluding UK public holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat available on all popular browsers.
• Web chat accessibility testing: None.
• Onsite support: No
• Support levels: Same day response, 5 x 8.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online User Onboarding via Skype or Google Hangout.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data maybe extracted using standard Salesforce Mass Data Extraction Tools and Wizard or on Tangle.io via MS Excel, .csv or Google Sheets.
• End-of-contract process: No additional costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: SaaS app is fully Responsive across desktop, tablet and smartphone user devices.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Responsive Web app.
• Accessibility standards: None or don’t know
• Description of accessibility: Service accessible through industry standard desktop, tablet and smartphone user devices and Web browsers.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: Salesforce Lightning API or Tangle.io API - all fully documented.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Social Care Cloud is a native app built on Salesforce Lightning Platform or Tangle.io App Platform and is fully customisable at Object and Field levels.

Scaling

• Independence of resources: Social Care Cloud is built on world-class Salesforce Lightning Platform, part of the world's largest Software-as-a-Service (SaaS) ecosystem and scalable on a global basis or on Tangle.io App Platform, running on Google Firebase.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data is exported via standard Salesforce Mass Data Extraction Tools and Wizard or on Tangle.io via MS Excel, .csv or Google Sheets.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Typically 99.9%. Made available at: ; https://trust.salesforce.com/en/#systemStatus
• Approach to resilience: To maximise availability, we take advantage of the underlying world-class Salesforce data centre infrastructure and SLAs.
• Outage reporting: Publicly available SLAs: https://trust.salesforce.com/en/#systemStatus

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Controls in-scope for SSAE-18 Auditing and Evidences through the SOC 2/ISAE3402 Report.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: 2-Factor Authentication and Single Sign-On using SAML.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC
• ISO/IEC 27001 accreditation date: 21/01/2020
• What the ISO/IEC 27001 doesn’t cover: Not applicable.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Customer passwords are stored using a one-way salted hash. User access log entries will be maintained, containing date, time, user ID, URL executed or entity ID operated on, operation performed (created, updated, deleted) and source IP address. If there is suspicion of inappropriate access. Data centre physical access logs, system infrastructure logs, and application logs are kept for a minimum of ninety (90) days. Logs are kept in a secure area to prevent tampering.Passwords are not logged.Certain administrative changes to Social Care Cloud (such as password changes and adding custom Fields) are tracked in an area known as the 'Setup Audit Trail' and are available for viewing by a customer administrator. Customers may download and store this data locally. Our employees will not set a defined password for a user. Passwords are reset to a random value.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Salesforce Change Management Process for underlying Salesforce Lightning Platform (Force.com) Platform-as-a-Service (PaaS).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Salesforce internal and external scanning processes using Qualys tools for the underlying Salesforce Lightning Platform (Force.com) Platform-as-a-Service (PaaS).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Salesforce Computer Security Incident Response Team (CSIRT) uses a security event logging and management system to manage alerts and logs with XCELD and its underlying Salesforce Lightning Platform (Force.com) Platform-as-a-Service (PaaS).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Based on Salesforce Incident Management Process applied to underlying Salesforce Lightning Platform (Force.com) Platform-as-a-Service (PaaS) and aligned to Forum of Incident Response and Security Teams (FIRST) best practices for incident response or similar via Tangle.io App Platform DevOps.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Not applicable.
• Covid-19 recovery:

  Covid-19 recovery

  Not applicable.
• Tackling economic inequality:

  Tackling economic inequality

  Part of employment policies.
• Equal opportunity:

  Equal opportunity

  Part of employment policies.
• Wellbeing:

  Wellbeing

  Part of employment policies.

Pricing

• Price: £12,000 to £60,000 an instance a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trial of Social Care Cloud running on Salesforce Lightning Platform (Force.com) Platform-as-a-Service (PaaS) or Tangle.io App Platform.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian.smith@beingguided.com. Tell them what format you need. It will help if you say what assistive technology you use.