Red Ant Digital

Red Ant Cloud Software

A cloud platform-as-a-service for applications, with a particular focus on data collection, ingestion, integration and orchestration. Typical use cases include pharmacovigilance for monitoring drug safety/adverse drug reactions, device incidents and vigilance, at-scale data collection, backend services for consumer-facing webforms, websites and mobile apps, or other datacentric developments.

Features

• Data orchestration
• Systems integration
• Front-end templates
• Data ingestion
• Data cleansing
• Data storage
• Analytics

Benefits

• Securely collect data directly from users
• Integrate multiple sources of data together
• Provide a simple backend for public-facing websites
• Compare and reference multiple data sources
• Quickly develop new APIs
• Provide easy-to-use reporting interfaces

£30,000 an instance

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@redant.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

846395197947415

Contact

Sarah Friswell
08454593333
enquiries@redant.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: The service provides API endpoints to the back-end of several pharmacovigilance services including drug safety, adverse drug reactions, device vigilance and device incidents, to support user management and data entry/processing. Services include but are not limited to:; ; Yellow Card Reporting: https://yellowcard.mhra.gov.uk/; Pandemic Yellow Card Reporting: https://coronavirus-yellowcard.mhra.gov.uk/
• Cloud deployment model: Hybrid cloud
• Service constraints: No significant constraints.
• System requirements: A Red Ant application platform licence

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Red Ant Service Desk will process all Service Requests within business hours: 9:00 – 17:00, Monday to Friday, excluding UK public holidays and following SLAs where appropriate. ; ; Red Ant Service Desk will process P1 incidents 24/7 without limitation. All P2-P3 incidents will be processed within business hours: 9:00 – 17:00, Monday to Friday, excluding UK public holidays and SLAs apply within these timeframes only.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Red Ant will prioritise all Incidents from P1 to P3, using impact and urgency to determine this. ; ; Red Ant Service Desk will process P1 incidents 24/7 without limitation. All P2-P3 incidents will be processed within business hours: 9:00 – 17:00, Monday to Friday, excluding UK public holidays and SLAs apply within these timeframes only.; ; Note that the management of all incidents is non-chargeable where the fault is found to lie within Red Ant. Where an incident has occurred due to a change by the client or a 3rd party within the responsibility of the client, the time required to resolve the incident will be charged to the client’s service request budget.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide on site training and induction, and we have online documentation available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data can be extracted via the API or we can provide a data dump as part of our professional services. Flows and pattern designs can also be extracted via the web interfaces in a standard JSON format.
• End-of-contract process: Any end-of-life and handover needs at the end of the contract are analysed and a bespoke handover plan is created at a cost agreed by both parties.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive user interface based on screen size
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Any feature that is available through the web interface can be quickly exposed as an API - it has full access.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users are able to customise platform settings, customise platform branding and customise data entry forms (questions asked, required/optional).; ; Users are able to customise the platform using the front-end client. Any customisations made require a certain level of user permission to access, and cannot be actioned by standard users of the platform.; ; At an additional fee, system developers can turn on/off existing functionality as required and implement new functionality requested.; ; Development customisations are considered on a case-by-case basis, and are subject to a design, development, and testing process. Typically, development customisations will require a new release of the application.

Scaling

• Independence of resources: Each user is given a single tenant VPC on dedicated infrastructure

Analytics

• Service usage metrics: Yes
• Metrics types: Google Analytics - user data including geo-location, device, operating system; session data including average session duration, bounce rate, event count. Firebase Analytics - application downloads; active users.; Firebase Crashlytics - app crashes; devices that experienced a crash; crash logs.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Amazon Web Services

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users are able to export entered survey data using 'export' CTAs within the front end application.; ; Users are not able to export their user data using the front end application, however this can be actioned at user request, following the GDPR guidelines of "Right of access"
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Uptime of 99.5% excluding downtime caused by scheduled maintenance, emergency maintenance or a force majeure event. Downtime is measured from the time a trouble ticket is opened by the customer until restoration of the hosted service. Service credits for service outages are subject to individual agreement.
• Approach to resilience: We follow best practices as outlined in Amazon Web Services' "Well Architected Framework: Reliability Pillar" documentation.
• Outage reporting: Individual application statuses are provided within the application control panel. General outages and status updates on resolutions are delivered as email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Typically we apply a permissions system based on the following factors - user authentication; user role, location, device. Access restrictions are defined as part of the project.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: 13/03/2017
• What the ISO/IEC 27001 doesn’t cover: UK operations only
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self Certification
• PCI DSS accreditation date: 15/02/2017
• What the PCI DSS doesn’t cover: Anything outside of PCI-DSS Questionnaire D (ie. Storage of credit card data)
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Red Ant has a ISO27001 approved Information Security Manual that is followed internally. Full information on our policies and process is available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Key information and system assets are tracked on physical & information asset registers that include risk assessment and impact of the system/asset. Change management systems (JIRA kan-ban boards) are in place for each product and an overall information security board. Change requests are raised as tickets and go through an operation/business & technical reviews before being implemented.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Automated monitoring and logging of systems is in place on all products Our suppliers operate regular venerability assessments & patching, and provide us information about potential threats. Potential / identified threats and vulnerabilities are raised in the relevant IS change management system for review and resolution.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Monitoring and alerting for unauthorised activity / compromises is available on our systems & products. A list of monitoring & alerts is available on request.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: IS incidents identified are recorded on a Security Incident Report Form following the procedures relating to the identification, control and recording of incidents handled using existing escalation procedures when required. Information security events are assessed by the ISMS Committee and ISMS Manager to determine if they are to be defined as information security incidents. When relevant, details are referred to more senior management. All comments and actions arising from any incident are recorded on the Security Incident Report Form and appropriate action is instigated.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Covid-19 recovery

  In March 2020, when Red Ant made the decision for the entire team to work from home ahead of the Government announcement, the leadership team took extensive measures to ensure that the team remained connected and supported throughout a challenging period where it was all too easy to feel isolated and uncertain:; • our all-company meeting was increased in frequency to weekly, with complete transparency over what Red Ant was doing and how the business planned to cope, including income, outgoings and how they affected everyone individually; • support networks in the form of Slack channels and Zoom calls were set up to provide a day-to-day connection for team members, from book groups to daily quizzes, lunch and breakfast clubs; • all-team wellbeing initiatives, including a 12-week wellness programme with a professional life coach covering sleep, mental health sessions, healthy eating, yoga and Pilates, as well as virtual quizzes and escape rooms; • sharing and celebration of successful projects, including the team’s work with the Government on MHRA’s covid-specific yellow card system, which boosted team morale as it made a significant difference to the rollout of safe, effective treatment for covid and, ultimately, the delivery of vaccinations; This allowed the business to not only survive but thrive, with the team growing by 33% and the business seeing its best year from a commercial perspective.; Following a year of disruption and adaptation to new ways of working due to the pandemic, the leadership team made the decision to transform Red Ant into an employee-owned business which is now 60% owned by the team. We set up an Employee Ownership Trust (EOT) as an alternative to traditional business models where profits are solely enjoyed by investors and business leaders, as a progressive way of doing business that benefits all employees.

  Equal opportunity

  Red Ant is passionate about diversity, equality and encouraging the progression of everyone. Unique among technology companies, Red Ant is an employee-owned business with a team that comprises:; • 59% women across all roles from boardroom to developers, including our CEO; • a wide range of ages – school leavers up to 50+, some who have worked for the company for more than 10 years and others who have joined straight from education or as part of an apprenticeship, opening up opportunities for women and others without traditional work histories; • women returners to work and career changers who were actively recruited for their life skills as well as their work skills; • a truly diverse group of people who are both neurotypical and non-neurotypical; We have introduced working practices that specifically support women and those with caring responsibilities:; • core hours are designed to enable parents and carers to spend time with their families when they need it most at the beginning and end of the day; • hybrid working patterns mean that the team spends at least some of the week working from home, which makes a significant difference to childcare arrangements and their cost as well as other responsibilities including caring for elderly relatives; • Red Ant is always prepared to discuss and develop roles to support the team’s lives outside work – for example, the business adapted a sales support role for a talented client-facing team member when she needed to adjust her work pattern to care for her children

  Wellbeing

  Because we have such a diverse team, we recognise the importance of providing a safe space for people to reach their full potential and be themselves without judgement or discrimination. We also have a comprehensive programme for supporting and spreading awareness of mental health issues on both a team and individual level – for example, to recognise World Mental Health Day, we took part in the Lord Mayor’s Green Ribbon scheme and organised a range of wellbeing activities for the team. We believe this kind of security makes for a truly honest way of working which brings clarity to both relationships within the team and working styles within projects. It also allows us to identify where people may need more help and support, giving us the opportunity to work with them to overcome any challenges before they feel overwhelmed.; We recognise that we are all individuals with different working styles and unique needs, based on our roles, talents and preferences. We adopt an open door, open mind policy based on encouraging people to talk about their needs, listening to what they have to say and, where possible, making changes to support them. As examples, we have signed up to Spill, a dedicated resource which offers access to therapy for all team members whenever they need someone to talk to, and some of our neurodiverse team members use noise-cancelling headphones and are able to request other team members to sit with them as a ‘mirror’ to help them concentrate on intense tasks. ; We also run all-company wellbeing sessions, from yoga and Pilates to advice about sleep, healthy eating and gratitude journaling.

Pricing

• Price: £30,000 an instance
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@redant.com. Tell them what format you need. It will help if you say what assistive technology you use.