Ethical Services Group

Cloud based Software as a Service

We provide software applications that provide out of the box clinical solutions

Features

• Platform independent
• Web app or phone apps
• Delivered on secure HSCN network
• Full training and support
• Clinical Assessments
• Financial transparency
• Clinical Assurance
• Built in customer/patient/budget holder portal

Benefits

• Reduced cost of production (reduced clinical overheads))
• True clinical collaboration between clinician and patient
• Full ICB transparency
• Scalable for any clinical assessment requirements

£5,000 to £25,000 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@esg.limited. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

893153072094084

Contact

Steve Loveridge
07779498617
steve@esg.limited

Service scope

• Service constraints: None although connectors will need to be assessed by us on an individual basis and will be provided where needed
• System requirements: Web browser

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: 9 to 5 (UK time), Monday to Friday
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We currently do not provide web chat. However, we are willing to do so should this be required
• Web chat accessibility testing: None
• Onsite support: Yes, at extra cost
• Support levels: We provide a number of support services - these are customized to suit the client needs and budget. An account manager is assigned to all clients.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a number of implementation, support, training and managed services. Implementation is straight forward and flexible. Provide access to training tutorials. We can host a bespoke training package at a fixed price. Account Manager liaison. Help desk support.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: An extract of all data held will be made available to the client
• End-of-contract process: Outstanding CCN costs where work is in progress or completed and not delivered Ongoing costs should the client require rolling non contractual software and services support

Using the service

• Web browser interface: Yes
• Using the web interface: Configure, run, monitor and report the services. No changes can be made to the server through the interface
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Over secure https: via browser
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: Custom read-only APIs are available to allow integration with customers' data warehouses/line of business systems. We also offer our product integration with other customer and 3rd party applications
• API automation tools:
  • OpenStack
  • Other
• Other API automation tools:
  • Other API automation tools
  • Custom automation tools
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: We create independent instances for each client which is unaffected by other instances
• Usage notifications: Yes
• Usage reporting:
  • Email
  • SMS
  • Other
• Other usage reporting: If usage limits are approaching we will automatically adjust the limit to ensure no lack of service, but will inform the client by the agreed method

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• Backup controls: Back ups are performed automatically - scope is agreed and defined on engagement
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9%
• Approach to resilience: Load balancing nodes provide the structure for resilience combined with database clustering
• Outage reporting: Maintenance page on the application browser

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Client specified
• Access restrictions in management interfaces and support channels: Refer to service definition document
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: Client specified (if applicable)
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • IASME Gold
  • Cyber Essentials
  • Cyber Essentials Plus
  • Annual Penetration Test
  • ITQSB / A Quality Assurance

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: IASME Gold Working towards ISO 27001
• Information security policies and processes: Refer to service definition document

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Refer to service definition document
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Refer to service definition document
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Refer to service definition document
• Incident management type: Supplier-defined controls
• Incident management approach: Refer to service definition document

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Improve health and wellbeing ; ; - Our services enhance the systematic offering from community and mental health services.

Pricing

• Price: £5,000 to £25,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Happy to discuss on an individual basis

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at steve@esg.limited. Tell them what format you need. It will help if you say what assistive technology you use.