Skip to main content

Help us improve the Digital Marketplace - send your feedback

Triangle Consulting Social Enterprise Ltd

Outcomes Star Online

Web application to support use of Outcomes Stars - accessing resources, recording service user information and outcomes reporting.

Features

  • Access to all published versions of evidence-based, validated Outcomes Stars
  • Unlimited services, linked to unlimited Outcomes Star versions
  • Role based access model to control access and permissions
  • Hosted in UK
  • Single Sign On for Microsoft and Google
  • Show progress by comparing Stars over time in engaging visual
  • Action plan using Journey of Change stages as a guide
  • Partner REST FHIR compliant API for integration via Swagger documentation
  • Ready made outcomes reports including distance travelled
  • UK based Helpdesk service during UK working hours

Benefits

  • Quick and easy to set up and use
  • Secure and robust, with ISO27001 accredited software development
  • Access to up-to-date versions of Outcomes Stars and resources
  • Best practice features such as recording disagreement
  • Quick and easy to generate outcomes reports for distance travelled
  • Makes outcomes measurement more person-centred
  • Makes action plans more targeted, relevant and effective
  • Reduce data duplication for practitioners via integration
  • Access to implementation consultants at no extra cost
  • Makes support more person-centred and outcomes-orientated

Pricing

£40 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saraho@triangleconsulting.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 6 0 7 1 2 8 2 9 9 4 0 9 5 4

Contact

Triangle Consulting Social Enterprise Ltd Sarah Owen
Telephone: 02072728765
Email: saraho@triangleconsulting.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Buyers will need to purchase training from Triangle for all practitioners with a licence to use Outcomes Stars.

Buyers will need to engage with an implementation plan for Outcomes Stars to support their effective use by practitioners. This is not specifically related to the software - it is a broader implementation that can impact on service design and delivery more broadly. Triangle provide dedicated implementation support at no extra cost to all client organisations.
System requirements
  • Ability to receive emails from support@staronline.org.uk
  • Latest version of widely available browsers
  • Devices with internet access
  • Unique email addresses for users
  • Devices with at least 4GB memory

User support

Email or online ticketing support
Email or online ticketing
Support response times
Maximum of 2 working days for an initial response from Helpdesk service. Helpdesk service is not available over weekends.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Dedicated Helpdesk service based in the UK, available during UK working hours. Helpdesk provides, at no additional cost:
Response to support emails within 2 working days via ticketing system
Online meeting for Account Lead set up support
Rolling programme of webinars for specific features
Consultancy and advice around reporting and use of outcomes data
On request, online support sessions for small groups for bespoke support

Triangle also provide an account manager for implementation consultancy and support at no additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Outcomes Stars can only be used by practitioners who are licensed and trained by Triangle, or a trainer licensed by Triangle. Training is available remotely or face to face. This training focuses on the practice of using Stars within collaborative support conversations and processes - rather than on the software itself (which does not require any specific training.)

Account Leads are offered 121 support via online meeting when setting up an account for the first time.

Users are invited to a rolling programme of webinars focusing on different features of the Outcomes Star Online, and Outcomes Star implementation more broadly.

Comprehensive user documentation and videos are available in the Help Centre.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At any time, Account Leads can run a full extract of data in their account from the Reports area.

As part of the account closure process, Account Leads are given 3 months to run the full extract before permanent deletion or anonymisation is applied to the account.
End-of-contract process
There are no additional costs at the end of contract.

Account Leads confirm closure and at the end of the licence term, are given an additional 3 months to download all data from the account. After 3 months, the account is fully anonymised or permanently deleted if the client organisation opts out of anonymisation.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Currently the 'Live Completion' feature is not available on devices under 1280×800 (7" tablet.) We are developing a new feature which will go live early 2025 and will make all desktop services available on mobile.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
Yes
What users can and can't do using the API
Users can do 3 things with our Partner API now:
From a primary system (such as case management system or electronic patient health record) post service user records and update service user records
Get completed Star PDFs and display them in a primary system
Get full extracts of data, ideal for Power BI or similar

Posting or updating service user records via the API must be done together with a Practitioner ID available via API.

Our Partner API is currently in pilot until December 2024 and available free of charge. After that time additional licences will be required.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Account Leads can choose to:
Disable Action Plan functionality completely, if action plan feature is not used
Enable Contact Details feature to record more service user information if appropriate
Disable Name and Date of Birth fields to minimise personal data if required
Select from multiple options of gender and ethnicity lists
Apply 3 levels of permissions to a service to control what practitioners can see/do to records linked to that service - full access, read-only access or limited access
Enable SSO for Microsoft or Google, for all user accounts or a selection of user accounts
Enable Assistant Account Lead feature (at additional cost)

Scaling

Independence of resources
We regularly review the performance of our webserver and our database server to ensure the memory and processing available meets the demand created by our 1,000+ client organisations. We regularly optimise and improve our codebase to work as efficiently as possible as part of ongoing DevOps and change management approach. Our servers were last upgraded in early 2024.

Analytics

Service usage metrics
Yes
Metrics types
Implementation Report details number of logins, active users, number of engagements, number of Stars.
My Account page details number of users, services, managers, licences.
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Account Leads can run full extract on data in their account at any time from the Reports area. 2 formats are available - a Full Extract (which reflects database tables and works best with Power BI or similar) and a Service and Star Extract (which is formatted into columns to make it easier to analyse directly in Excel or similar.)
Data export formats
CSV
Data import formats
Other
Other data import formats
Users are not able to upload data currently.

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We guarantee an uptime of 99% and a transfer time of 4 seconds or less.
Recovery point objective: the database runs under a backup policy that ensures in the event of a complete system failure, the maximum amount of data loss that could occur is 5 MB or 30 minutes. Full backups are taken daily, and differentials are taken every 30 minutes or increment of 5mb (whichever comes first).
Recovery time objective: 24 hours. The server has been configured with the Azure Site Recovery feature, meaning we have an idle secondary server in a separate datacentre that we can recover service to within 15 minutes. (The last test of this took 8 minutes). In the case of a full data centre failure, the service would be reinstated to within 5 minutes of when the event occurred.  Return to service time will be <1 hour.

WHAT ABOUT REFUNDS
Approach to resilience
See answer to previous question.
We have robust emergency incident procedures, Disaster Recovery Procedures and Business Continuity Plans.
Outage reporting
For any unplanned outages, we would communicate with all affected users as quickly as possible via email to the Account Lead.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces are restricted via the Role Based Access Model.

Client organisations have access to management interfaces for their account, through the Account Lead role. Only Account Leads or users assigned Assistant Account Lead or Service Manager permissions by an Account Lead can complete management tasks via the management interface.

Triangle's access to account-management interfaces is limited to the privileged user role of Helpdesk, and content-management interfaces limited to Super User role. Access to both is regularly reviewed and users undertake dedicated training before access.

Support channels do not have an interface as we deliver this service via email.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Description of management access authentication
For system administration, we have a dedicated device approach for system administration and access to the database via whitelisted IPs and dedicated VPN connection.

For Triangle's account-management or content-management access for authorised privileged users, 2FA is required in addition to a strong password.

For client organisations' account management access for Account Leads or users an Account Lead provisions with permissions, 2FA is required in addition to a strong password.

Audit information for users

Access to user activity audit information
You control when users can access audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
24/08/2023
What the ISO/IEC 27001 doesn’t cover
ISO27001 certification covers QES, our technical partners, and their provision of the design, development, programming and ongoing maintenance of web based and offline apps, whilst supporting secure digital data solutions for a diverse range of public and private sector clients within the UK.
It does not cover Triangle's overall management of the web app. Triangle are currently working towards our own ISO27001 certification in 2025.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
ISO9001 certification for sub-contractor QES

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Triangle is working towards our own ISO27001 accreditation by 2025.

We have a Senior Information Risk Officer who is on the Company Board, supported by a Compliance Co-ordinator. We are Cyber Essentials Plus certified. We exceed standards on the NHS Data Protection and Security Toolkit and comply with DTAC, including DBS0129 compliance via our registered Clinical Safety Officer and comprehensive clinical risk management system.

We have quarterly contract review meetings with our key subcontractor and a robust contract with the subcontractor that includes compliance with NCSC principle and OWASP.

Technical subcontractor is ISO27001, ISO9001, CE+ certified.
Information security policies and processes
Our IS policies use OWASP Top 10 and are aligned to National Cyber Security Centre's Cloud Principles, ISO27001 and ISO9001. Our technical and security architecture utilise Microsoft Azure features such as Defender Antimalware, firewall management and built in Denial of Service attack protection. We have built custom proactive monitoring alerts for suspicious activity. We have a dynamic patch management approach, and use dedicated devices for system administration.
Triangle and QES, our technical subcontractor, are both Cyber Essentials Plus certified.
QES, who undertake all technical aspects of our service, are ISO27001 and ISO9001 certified and have been for 10 years.
Our contract with QES specifies compliance with the above policies. Quarterly contract review meetings are completed to review compliance with the contract and policies.
Triangle conduct regular reviews of our overall Information Governance position, policies and processes, with quarterly reporting to the Company Board and a formal bi-annual update of our Risk Register.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
ISO27001
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
ISO27001
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
ISO27001
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ISO27001

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Covid-19 recovery

in 2025 we will be publishing an Outcomes Star developed with people living with Long Covid and other conditions including post-viral fatigue. That has been developed in collaboration with Betsi Cadwaladr NHS Trust.

Already published are Outcomes Stars available for mental health recovery and well-being.

Tackling economic inequality

We have Outcomes Star versions that are designed for use in employment settings, including Pathway Star which is specifically designed for use with people who are facing barriers to employment. It was developed with Liverpool City Council's Households Into Work programme.

As an employee-owned social enterprise, our social mission is not to make profit for shareholders. Since April 2023 we have reinvested surplus into our organisation and therefore into our social mission of helping frontline services help people to thrive. Through this approach, we aim to empower our employees (30+) with the principles of democratic ownership.

Equal opportunity

We have robust DEI policies and actively encourage recruitment applications from people from all backgrounds.

As an employee-owned social enterprise, the well-being, personal development and professional development of our workforce is a priority for our organisation.

Wellbeing

We have Outcomes Stars versions that are focused on well-being including physical health, mental health and recovery, as well as well-being and fulfilment being at the heart of all Outcomes Stars. An underpinning principle of the Outcomes Stars and of our work is a whole-life, holistic view of well-being, as well as a belief in the capacity of people to make positive change happen.

As an employee-owned social enterprise, our social mission is not to make profit for shareholders. Since April 2023 we have reinvested all surplus into our organisation and therefore into our social mission of helping frontline services help people to thrive. We have introduced a number of policies to support our employee-owners whilst also supporting our social mission, such as a volunteering policy for 1 day a month.

Pricing

Price
£40 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at saraho@triangleconsulting.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.