Ethitec

ELMS2 (for Community Equipment)

ELMS2 is a comprehensive, proven software solution that supports the efficient management of Community Equipment Services, Wheelchair Services, and other areas of NHS and Social Care supplies provision. The solution has a well-established user-base, an active user-group and is supported by a highly experienced team who drive the software forward.

Features

• Paperless working
• Real-time stock, asset and parts management
• Electronic Patient Record
• Asset Management and Tracking
• Servicing and Repair Management
• Purchase Ordering
• Journey Management
• ELMS2app for all distribution, servicing and stock movement activity
• Intuitive Online Ordering
• Powerful real-time reporting

Benefits

• Innovative ELMS2app based on Android and iOS based technologies
• Full paperless working right across CES operations
• Fully integrated purchasing, stock, ordering, picking, servicing, and distribution operations
• Automated SMS and Email Communication with Clients and Prescribers
• Keep track of your equipment, and ensure it comes back
• Legislative and Management Information as by-product of normal use
• Full history of all activity with clients and identifiable equipment
• Easy monitoring of financial and budgetary information
• Easy expansion in to other services (e.g. Wheelchairs, Continence)
• Access to the long-established ELMS2 User Group

£19,990 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ethitec.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

882669887744240

Contact

Mike Weatherall
01162470806
sales@ethitec.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None
• System requirements:
  • Access to the main ELMS2 system via any compatible browser
  • Access to the ELMS2app via Android or iOS device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard Support hours are Monday to Friday 09:00 to 17:00 (excluding English Bank Holidays). System availability will be 24/7.rioritised ticketing solution and service level agreements in place based on urgency of request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Our standard contract offers unlimited telephone and email support from Monday to Friday between 09:00 and 17:00 excluding English Public Bank Holidays. Prioritised ticketing solution and service level agreements in place based on urgency of request. Support is available to assist with all aspects of ELMS2 usage and any technical issues relating to the hosting, the system, or the underlying database. Each customer will have access to a dedicated account manager and the help desk. References are available if a prospective customer wishes to verify the effectiveness of our support services. New releases available without additional license fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Supporting services available include :; ; - Onsite or online training by job function; - Data migration from any existing system in use; - Onsite or online go-live handholding; - User documentation / training guides / quick 'how-to' guides; - Technical documentation / data dictionaries
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Ethitec notes its obligations to support an orderly, controlled transition of responsibility for the provision of the Service to a new Provider. The data contained within the ELMS2 database is at all times owned by the customer. On request, Ethitec shall agree a timetable for return of the data within ELMS2 to the customer, or for the transfer of the data within ELMS2 to a new Provider. The customer, using standard ELMS2 reports, will have the ability to extract all of the data that the new Provider may require, without Ethitec involvement. This can be tested at any time, throughout the life of the Contract. It is possible that the new Provider may require the ELMS2 data to be presented to them in a specific format (e.g by populating templates that they provide). If this is the case, then either the customer can provide this service themselves, using the standard ELMS2 reports outlined above, and then undertaking some local manipulation of the data or Ethitec can provide this service to the customer, potentially for an additional charge, not to exceed 5 days of work at our prevailing day rate at the time of termination.
• End-of-contract process: Ethitec notes its obligations to support an orderly, controlled transition of responsibility for the provision of the Service to a new Provider. The data contained within the ELMS2 database is at all times owned by the customer. On request, Ethitec shall agree a timetable for return of the data within ELMS2 to the customer, or for the transfer of the data within ELMS2 to a new Provider. The customer, using standard ELMS2 reports, will have the ability to extract all of the data that the new Provider may require, without Ethitec involvement. This can be tested at any time, throughout the life of the Contract. It is possible that the new Provider may require the ELMS2 data to be presented to them in a specific format (e.g by populating templates that they provide). If this is the case, then either the customer can provide this service themselves, using the standard ELMS2 reports outlined above, and then undertaking some local manipulation of the data or Ethitec can provide this service to the customer, potentially for an additional charge, not to exceed 5 days of work at our prevailing day rate at the time of termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: ELMS2 Online Ordering / ELMS2app is fully optimised / responsive for small screen usage. Some elements of the main ELMS2 system (e.g admin functions) require a larger screen for truly effective use.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: ELMS2 contains a wealth of system parameters and settings which allow it to be tuned to meet local variances in working practice while still providing the necessary controls. As part of an ELMS2 implementation we gain a comprehensive understanding of your precise requirements – this understanding allows us to assist and advise with the setting up of key systems parameters, reference data, defaults etc, which helps to shape the ELMS2 system to be installed around your workflows prior to live running. Control of these parameters will then be with local system administrators.; ; ELMS2 also offers User Defined Fields, User Defined Screens, User Defined Forms, the use of local style sheets, and opportunities to amend welcome pages etc.

Scaling

• Independence of resources: ELMS2 is installed in our VMWare private cloud environment at Rackspace. Each ELMS2 customer has a completely segregated environment from other Ethitec customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Service Availability (hosting / system) and support service responsiveness (typically for high-priority calls)
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Via standard reports or direct database access
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats: Other
• Other data import formats:
  • Data import strictly controlled via normal system use
  • Some controlled import routines available (e.g for deathlists)

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability in excess of 99.9% should be expected. Annual upgrades will require some downtime (circa three hours per annum - can be scheduled outside of normal working hours for a small additional fee).
• Approach to resilience: Available on request
• Outage reporting: Email Alerts & Telephone Contact

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: Ethitec’s Access Control Procedure manages access to information and infrastructure. The access rights to classifiable areas take into account data protection and privacy legislation, any potential client contractual commitments regarding access to data or services, the “need to know” principle, and that ‘everything is forbidden unless expressly permitted’. Internal user access requests are subject to formal authorisation and to periodic review every six months. MFA is used to access any security / administrator functions. Passwords composition, re-use, and regular password changing is carried out on in accordance with current NCSC guidance.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • System hosted in an ISO27001 accredited data centre
  • Data Security and Protection Toolkit accredited (standards exceeded)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IS027001 accredited data centre used. Ethitec hold Cyber Essentials / Cyber Essentials plus, and maintain an IG framework based upon 27001 principles.
• Information security policies and processes: Our staff operate under the control of established companywide policies and procedures via our Information Security Framework that define Ethitec’s approach and intentions to fulfilling its statutory and organisational responsibilities for Information Governance. These documents enable management and staff to make correct decisions, work effectively and comply with relevant legislation and the organisations aims and objectives.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Ethitec's configuration and change management processes services are aligned to those defined by ITIL. Our ISO9001 accredited Quality Management System defines our procedures to support our development, testing, source code control, security and release activities. Multiple databases are used to allow both internal and user acceptance testing.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: ELMS2 is hosted at Rackspace in an ISO27001 accredited data centre. Features include; ; • intrusion detection systems (IDS); • anti-virus; • malware protection; • file integrity monitoring (FIM); • vulnerability scanning; ; Patching of the operating system and any other key software is managed and configured in accordance with vendor guidelines. We use WSUS to assist with this (both internally and at Rackspace).
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: At Rackspace, our cloud infastructure is protected by a 24 x 7 monitoring sevice, which checks the availability of customers’ servers, and performs service checks at 5 minute intervals to ensure quick identification of problems. If problems occur, Rackspace support engineers are sent an alert. Ethitec’s support team are then notified immediately, allowing our operations team to notify our customers as appropriate.; ; Incident reporting and planning forms part of Ethitec’s Information Security Framework – this is subject to regular review by the Information Security Committee, which includes Board representation
• Incident management type: Supplier-defined controls
• Incident management approach: Incident reporting and planning forms part of Ethitec’s Information Security Framework – this (along with the rest of our procedures) is subject to regular review by the Information Security Committee, which includes Board representation.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Ethitec make use of Rackspace’s Data Centres in the UK. Ethitec selected Rackspace following a detailed assessment of the UK hosting sector, with sustainability and corporate responsibility being a key selection criteria. Rackspace aspire to give more than they take from our planet and support innovative technologies that change the energy industry for the better. They achieve this through renewable energy, conservation and advocacy, as detailed in their Global Energy Policy, which is available for inspection online.; ; Rackspace has committed to achieving net zero carbon emissions by 2045. That’s five years ahead of the U.N. Paris Agreement on Climate Change ambition to limit the global warming of the planet to 1.5 degrees Celsius, compared to preindustrial levels (net zero by 2050).; ; Rackspace have prepared a greenhouse gas (GHG) emissions inventory (scope 1, 2 and partial 3) every year since 2008 for all of their operations worldwide. Having a better understanding of this footprint allows them to identify high-impact efficiency projects that help to conserve resources and benchmark outcomes. As an example, they use specialized air filters in their London data centres (that Ethitec use) to reduce carbon dioxide equivalent (CO2 e) by 2,000 kilograms per year. Rackspace also participate in the Climate Change Agreement (CCA), which is a U.K. voluntary scheme for energy intensive industries, and they have responded to every CDP Climate Change Survey since 2011.

Pricing

• Price: £19,990 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@ethitec.com. Tell them what format you need. It will help if you say what assistive technology you use.