Clarity Informatics Limited

Agilio Flex/My Locum Manager

Agilio Flex/My Locum Manager supports ICBs with an effective workforce management solution, that lets you create and schedule your own digital staff pool to make the most of your employed workforce, and cover gaps from our community of local Locums. MLM accommodates all staff types to help widen your pool

Features

• Primary care staff bank creation
• Temporary and locum staff scheduling and booking
• Self employed and locum finance management
• Self employed and locum staff compliance
• HR management
• NHS pension calculation
• Clinical IT system staff scheduling integration

Benefits

• Source temporary healthcare staff faster
• Manage compliance and governance of temporary staff
• Automate invoice and pension processing
• Share staff skills
• Increase primary care staffing
• Deliver NHS practice services
• Retain staff through flexible pool working

£0.07 a unit a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

959953174070914

Contact

James Stephenson
01912875800
james.stephenson@agiliosoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Customers are given advance notice of scheduled maintenance if it involves any downtime.
• System requirements:
  • Internet connectivity
  • Modern supported browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Customer service desk is available Monday to Friday 9am-5pm excluding bank holidays. Response times to emails are typically within 1 working hour but will depend on the nature of the query.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided via phone, email and response times to emails are typically within 1 working hour but will depend on the nature of the query.. We provide support from 9am-5pm, Monday-Friday. No additional charges for accessing phone and email support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The solution can be configured and deployed for a customer in a matter of hours upon the receipt of initial users and organisational information. The Agilio support team will coordinate setting up portals with the appropriate managers. A centralised training session will be arranged (Setup assistance is built into the platform). With the package, we also include implementation project support. This includes: ● Use of our established project approach ● Launch and awareness meetings ● Awareness presentations to Governing Body and locality groups ● Analytics and usage statistics ● Monthly review sessions by phone or, by mutual agreement, on client premises
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Agilio shall, on the Customer’s request and at Agilio’s standard daily rates, provide reasonable assistance with the migration of any Customer data to the Customer’s IT systems. Information held in Agilio Flex/My Locum Manager is at all times owned by, and the sole responsibility of the customer.
• End-of-contract process: Agilio shall, on the Customer’s request and at Agilio’s standard daily rates, provide reasonable assistance with the migration of any Customer data to the Customer’s IT systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Generally, all features are available. iPad support for file uploading has some limitations.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our service is constantly monitored to ensure that we have sufficient resources available to meet the needs of our users.

Analytics

• Service usage metrics: Yes
• Metrics types: Our service metrics have been designed by NHSE and includes (but not limited to) reports on:; 1) How many practices are registered to use the platform; 2) session/locum usage data; 3) data on session rates.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Many areas of the platform provide downloads in PDF or Excel (CSV) formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our target availability is that the services are available on a 99.5% basis, measured each calendar month.; ; The SLA's are set out within our terms and conditions.
• Approach to resilience: Available on request
• Outage reporting: Public announcements on the platform if available, otherwise email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: RBAC approach. Reviewed at least every 6 months.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 05/08/2022
• What the ISO/IEC 27001 doesn’t cover: No exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: DPST

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Security policies and procedures are documented in our ISMS, which is independently audited and certificated to ISO27001. This includes board level responsibility and formal paths for asset ownership and risk management.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management is operated within the ISO27001 framework. Asset registers are maintained by the information asset owner to ensure component assets and access to them are monitored and controlled on a constant basis. Changes are identified and planned with authorisation at the project, director or board levels dependant on the nature of the change to the service. Changes are planned and tested based on risk assessment, scope of change and criticality to the service. Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events, are maintained to provide a "means of escape".
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats and vulnerabilities are reviewed prioritised action. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. Likely potential threats include both technological and regulatory sources. These are identified via a monitoring software, user feedback, security blogs, regulator advice, partner organisations etc. In addition we utilise antivirus software and firewalls to mitigate the risk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Detailed domain and activity logs are retained. Logs are in place against each asset/component and alerts are generated for the relevant team dependent on the issue/asset to be analysed and assessed. Potential compromises are assessed immediately and escalated as required. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. We also utilise anti virus software and firewalls.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed following a pre defined process including -Monitoring, detecting, analysing and reporting of security incidents and events -Incident response planning and preparation -Handling of evidence -Assessment and decision on security incidents and security weaknesses -Escalation, controlled recovery from an incident and communication to both internal and external people and organisations -Security incidents of relevance to you will be reported in acceptable timescales and formats Users report incidents via the helpdesk or telephone. Incidents are recorded in the incident log including details of the incident, actions taken.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  The Agilio Flex/MyLocumManager Flexible Staff Pool software supports equal opportunities by providing equitable access to jobs, development opportunities and fair employment practices to ensure the NHS remains an employer of choice

  Wellbeing

  The Agilio Flex/MyLocumManager Flexible Staff Pool software offers support to primary care organisations in recruiting people to work in primary care. It offers practices access to fully trained, skilled, and experienced clinical and non-clinical staff, to cover planned leave, existing vacancies, and short-notice unplanned absence. This also gives employees greater choice over their working patterns, this helps them achieve a better work-life balance.

Pricing

• Price: £0.07 a unit a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.