Outcomes Star Online
Web application to support use of Outcomes Stars - accessing resources, recording service user information and outcomes reporting.
Features
- Access to all published versions of evidence-based, validated Outcomes Stars
- Unlimited services, linked to unlimited Outcomes Star versions
- Role based access model to control access and permissions
- Hosted in UK
- Single Sign On for Microsoft and Google
- Show progress by comparing Stars over time in engaging visual
- Action plan using Journey of Change stages as a guide
- Partner REST FHIR compliant API for integration via Swagger documentation
- Ready made outcomes reports including distance travelled
- UK based Helpdesk service during UK working hours
Benefits
- Quick and easy to set up and use
- Secure and robust, with ISO27001 accredited software development
- Access to up-to-date versions of Outcomes Stars and resources
- Best practice features such as recording disagreement
- Quick and easy to generate outcomes reports for distance travelled
- Makes outcomes measurement more person-centred
- Makes action plans more targeted, relevant and effective
- Reduce data duplication for practitioners via integration
- Access to implementation consultants at no extra cost
- Makes support more person-centred and outcomes-orientated
Pricing
£40 a licence a year
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
8 6 0 7 1 2 8 2 9 9 4 0 9 5 4
Contact
Triangle Consulting Social Enterprise Ltd
Sarah Owen
Telephone: 02072728765
Email: saraho@triangleconsulting.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
-
Buyers will need to purchase training from Triangle for all practitioners with a licence to use Outcomes Stars.
Buyers will need to engage with an implementation plan for Outcomes Stars to support their effective use by practitioners. This is not specifically related to the software - it is a broader implementation that can impact on service design and delivery more broadly. Triangle provide dedicated implementation support at no extra cost to all client organisations. - System requirements
-
- Ability to receive emails from support@staronline.org.uk
- Latest version of widely available browsers
- Devices with internet access
- Unique email addresses for users
- Devices with at least 4GB memory
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Maximum of 2 working days for an initial response from Helpdesk service. Helpdesk service is not available over weekends.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Dedicated Helpdesk service based in the UK, available during UK working hours. Helpdesk provides, at no additional cost:
Response to support emails within 2 working days via ticketing system
Online meeting for Account Lead set up support
Rolling programme of webinars for specific features
Consultancy and advice around reporting and use of outcomes data
On request, online support sessions for small groups for bespoke support
Triangle also provide an account manager for implementation consultancy and support at no additional cost. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Outcomes Stars can only be used by practitioners who are licensed and trained by Triangle, or a trainer licensed by Triangle. Training is available remotely or face to face. This training focuses on the practice of using Stars within collaborative support conversations and processes - rather than on the software itself (which does not require any specific training.)
Account Leads are offered 121 support via online meeting when setting up an account for the first time.
Users are invited to a rolling programme of webinars focusing on different features of the Outcomes Star Online, and Outcomes Star implementation more broadly.
Comprehensive user documentation and videos are available in the Help Centre. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
At any time, Account Leads can run a full extract of data in their account from the Reports area.
As part of the account closure process, Account Leads are given 3 months to run the full extract before permanent deletion or anonymisation is applied to the account. - End-of-contract process
-
There are no additional costs at the end of contract.
Account Leads confirm closure and at the end of the licence term, are given an additional 3 months to download all data from the account. After 3 months, the account is fully anonymised or permanently deleted if the client organisation opts out of anonymisation.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Currently the 'Live Completion' feature is not available on devices under 1280×800 (7" tablet.) We are developing a new feature which will go live early 2025 and will make all desktop services available on mobile.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- API
- Yes
- What users can and can't do using the API
-
Users can do 3 things with our Partner API now:
From a primary system (such as case management system or electronic patient health record) post service user records and update service user records
Get completed Star PDFs and display them in a primary system
Get full extracts of data, ideal for Power BI or similar
Posting or updating service user records via the API must be done together with a Practitioner ID available via API.
Our Partner API is currently in pilot until December 2024 and available free of charge. After that time additional licences will be required. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Account Leads can choose to:
Disable Action Plan functionality completely, if action plan feature is not used
Enable Contact Details feature to record more service user information if appropriate
Disable Name and Date of Birth fields to minimise personal data if required
Select from multiple options of gender and ethnicity lists
Apply 3 levels of permissions to a service to control what practitioners can see/do to records linked to that service - full access, read-only access or limited access
Enable SSO for Microsoft or Google, for all user accounts or a selection of user accounts
Enable Assistant Account Lead feature (at additional cost)
Scaling
- Independence of resources
- We regularly review the performance of our webserver and our database server to ensure the memory and processing available meets the demand created by our 1,000+ client organisations. We regularly optimise and improve our codebase to work as efficiently as possible as part of ongoing DevOps and change management approach. Our servers were last upgraded in early 2024.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Implementation Report details number of logins, active users, number of engagements, number of Stars.
My Account page details number of users, services, managers, licences. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Account Leads can run full extract on data in their account at any time from the Reports area. 2 formats are available - a Full Extract (which reflects database tables and works best with Power BI or similar) and a Service and Star Extract (which is formatted into columns to make it easier to analyse directly in Excel or similar.)
- Data export formats
- CSV
- Data import formats
- Other
- Other data import formats
- Users are not able to upload data currently.
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We guarantee an uptime of 99% and a transfer time of 4 seconds or less.
Recovery point objective: the database runs under a backup policy that ensures in the event of a complete system failure, the maximum amount of data loss that could occur is 5 MB or 30 minutes. Full backups are taken daily, and differentials are taken every 30 minutes or increment of 5mb (whichever comes first).
Recovery time objective: 24 hours. The server has been configured with the Azure Site Recovery feature, meaning we have an idle secondary server in a separate datacentre that we can recover service to within 15 minutes. (The last test of this took 8 minutes). In the case of a full data centre failure, the service would be reinstated to within 5 minutes of when the event occurred. Return to service time will be <1 hour.
WHAT ABOUT REFUNDS - Approach to resilience
-
See answer to previous question.
We have robust emergency incident procedures, Disaster Recovery Procedures and Business Continuity Plans. - Outage reporting
- For any unplanned outages, we would communicate with all affected users as quickly as possible via email to the Account Lead.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
-
Management interfaces are restricted via the Role Based Access Model.
Client organisations have access to management interfaces for their account, through the Account Lead role. Only Account Leads or users assigned Assistant Account Lead or Service Manager permissions by an Account Lead can complete management tasks via the management interface.
Triangle's access to account-management interfaces is limited to the privileged user role of Helpdesk, and content-management interfaces limited to Super User role. Access to both is regularly reviewed and users undertake dedicated training before access.
Support channels do not have an interface as we deliver this service via email. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Description of management access authentication
-
For system administration, we have a dedicated device approach for system administration and access to the database via whitelisted IPs and dedicated VPN connection.
For Triangle's account-management or content-management access for authorised privileged users, 2FA is required in addition to a strong password.
For client organisations' account management access for Account Leads or users an Account Lead provisions with permissions, 2FA is required in addition to a strong password.
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 24/08/2023
- What the ISO/IEC 27001 doesn’t cover
-
ISO27001 certification covers QES, our technical partners, and their provision of the design, development, programming and ongoing maintenance of web based and offline apps, whilst supporting secure digital data solutions for a diverse range of public and private sector clients within the UK.
It does not cover Triangle's overall management of the web app. Triangle are currently working towards our own ISO27001 certification in 2025. - ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO9001 certification for sub-contractor QES
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Triangle is working towards our own ISO27001 accreditation by 2025.
We have a Senior Information Risk Officer who is on the Company Board, supported by a Compliance Co-ordinator. We are Cyber Essentials Plus certified. We exceed standards on the NHS Data Protection and Security Toolkit and comply with DTAC, including DBS0129 compliance via our registered Clinical Safety Officer and comprehensive clinical risk management system.
We have quarterly contract review meetings with our key subcontractor and a robust contract with the subcontractor that includes compliance with NCSC principle and OWASP.
Technical subcontractor is ISO27001, ISO9001, CE+ certified. - Information security policies and processes
-
Our IS policies use OWASP Top 10 and are aligned to National Cyber Security Centre's Cloud Principles, ISO27001 and ISO9001. Our technical and security architecture utilise Microsoft Azure features such as Defender Antimalware, firewall management and built in Denial of Service attack protection. We have built custom proactive monitoring alerts for suspicious activity. We have a dynamic patch management approach, and use dedicated devices for system administration.
Triangle and QES, our technical subcontractor, are both Cyber Essentials Plus certified.
QES, who undertake all technical aspects of our service, are ISO27001 and ISO9001 certified and have been for 10 years.
Our contract with QES specifies compliance with the above policies. Quarterly contract review meetings are completed to review compliance with the contract and policies.
Triangle conduct regular reviews of our overall Information Governance position, policies and processes, with quarterly reporting to the Company Board and a formal bi-annual update of our Risk Register.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- ISO27001
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- ISO27001
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- ISO27001
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- ISO27001
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Covid-19 recovery
in 2025 we will be publishing an Outcomes Star developed with people living with Long Covid and other conditions including post-viral fatigue. That has been developed in collaboration with Betsi Cadwaladr NHS Trust.
Already published are Outcomes Stars available for mental health recovery and well-being.Tackling economic inequality
We have Outcomes Star versions that are designed for use in employment settings, including Pathway Star which is specifically designed for use with people who are facing barriers to employment. It was developed with Liverpool City Council's Households Into Work programme.
As an employee-owned social enterprise, our social mission is not to make profit for shareholders. Since April 2023 we have reinvested surplus into our organisation and therefore into our social mission of helping frontline services help people to thrive. Through this approach, we aim to empower our employees (30+) with the principles of democratic ownership.Equal opportunity
We have robust DEI policies and actively encourage recruitment applications from people from all backgrounds.
As an employee-owned social enterprise, the well-being, personal development and professional development of our workforce is a priority for our organisation.Wellbeing
We have Outcomes Stars versions that are focused on well-being including physical health, mental health and recovery, as well as well-being and fulfilment being at the heart of all Outcomes Stars. An underpinning principle of the Outcomes Stars and of our work is a whole-life, holistic view of well-being, as well as a belief in the capacity of people to make positive change happen.
As an employee-owned social enterprise, our social mission is not to make profit for shareholders. Since April 2023 we have reinvested all surplus into our organisation and therefore into our social mission of helping frontline services help people to thrive. We have introduced a number of policies to support our employee-owners whilst also supporting our social mission, such as a volunteering policy for 1 day a month.
Pricing
- Price
- £40 a licence a year
- Discount for educational organisations
- No
- Free trial available
- No