Cohort Software

Cority Health Essentials

Manage Occupational Health Programs with Ease
Cority’s Health Essentials package provides best-in-class solutions, designed by health experts to support the most critical elements of an occupational health program. Designed for rapid deployment, Health Essentials offers a faster time-to-value, and helps you proactively monitor health metrics for better workforce health outcomes.

Features

• Centralized point to manage health encounters
• Simplify health surveillance and testing with pre-configured programs
• Accurately track metrics and uncover key insights
• Streamline mass vaccination events and free up valuable clinician time
• Drive better workforce engagement with mobile enabled self-scheduling

Benefits

• Better manage workplace health risks
• Improve clinical productivity
• Strengthen data privacy
• Enhance workforce engagement
• A flexible solution that grows with your business

£43,020.00 an instance

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tjeerd.HendelBlackford@cority.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

960754805364234

Contact

Tjeerd Hendel-Blackford
+44 7837 292282
Tjeerd.HendelBlackford@cority.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No service constraints except those mentioned in the HSA
• System requirements:
  • Any Operating system
  • Accessed via standard Web Browsers like
  • Google Chrome 34 or later, or
  • Apple Safari 5.1.7 or later, or
  • Mozilla Firefox 3 or later, or
  • Microsoft Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have our Maintenance and Support Guide that shows our Service Level Targets based on priority.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Currently we have standard support included in our Maintenance fee for all customers. We do not have any unique support levels provided at different costs.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: At the beginning of the project pre-recorded orientation training will be provided to the client project team for solution setup, including navigation, workflows, demographic data, organizational structure and settings to support the Client's team understanding of the Essentials package. User accounts will be set up for the system users during the project. General system context sensitive help is available via the in application help tools. During the project the client team will be responsible to create Client specific guides or tip sheets.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The first option at no cost is for the Client to extract their data via reports. The second and third options include either a backup of the full database or an extract of data files for an additional cost. Clients can opt to have documents extracted in their native format at an additional cost.
• End-of-contract process: Client will notify in writing to Cority that they would like to terminate the contract. Cority and Client will then agree to the method for data extraction.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Cority's mobile solution, myCority is an enhanced, mobile-responsive app that works as an extension of our SaaS solution. Users can open the app and log in using virtually any device to securely view, capture and submit information and drive real-time decision making. myCority also delivers a leading offline capability to enable your employees to fully complete their assigned tasks/actions and upload the captured information when back online. All of this enables our clients to experience the flexibility of a truly mobile solution without the complexity and costs of managing multiple point solutions or multiple versions of native mobile apps.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Cority solution has a Browser based User Interface that was developed using common HTML/JavaScript/Ajax technologies, and is compatible with both Internet Explorer and Firefox.
• Accessibility standards: None or don’t know
• Description of accessibility: Cority is compliant with 18 out of 22 required controls of the WCAG / 508 . The missing spots are within our employee facing portal, which we aim to add to the platform in 2022.; Cority is thin client, Web-based product. It has a Web-browser user interface that was developed using common HTML/JavaScript/Ajax technologies and is compatible with Google Chrome, Mozilla Firefox, Edge, and Apple Safari.
• Accessibility testing: To be updated
• API: Yes
• What users can and can't do using the API: Cority support SOAP based web services and REST API. SOAP web services can be used to import data into Cority. REST API can be used to configure bidirectional real time data transfer.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There are specific configuration components that will allow for client inputs during the implementation of the package outlined in the statement of work in the referenced documents.; If there are additional requirements and or other business workflows not met through the packaged implementation clients can add on additional scope as a follow on phase to the packaged deployment to create a more tailored fit solution. The additional requirements can be reviewed with Cority to provide an additional scope, effort and cost for additional phases of work.

Scaling

• Independence of resources: We perform continuous monitoring of the system in terms of performance and capacity. We can detect when your system is running low on resources of capacity like database space or processing. We have the capacity to increase your resources when it is necessary.

Analytics

• Service usage metrics: Yes
• Metrics types: There are logs within the application that track when a user logs in and what records they view or update within the system.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data via the Cority ad hoc reporting tools.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Network boundaries between trusted and untrusted networks are protected with common state of the art protection methods to control the flow based on common standards (least privilege / need to have etc.) for in and outbound data flows. Security controls are implemented to identify threats and logfiles are collected and analyzed to identify anomalies according to the criticality. Firewall and router configurations restrict connections between untrusted networks and Customer's network, restrict inbound and outbound traffic to that which is necessary, and specifically deny all other traffic.
• Data protection within supplier network: Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Cority guarantees 99.5% system uptime, with actual measured uptime well over this figure for the lifetime of the system.
• Approach to resilience: Cority maintains high availability services by maintaining redundant hardware -firewalls, servers and switches, multiple hosting locations, and dedicated failovers sites.
• Outage reporting: If there are any service outages detected, a communication will be sent out to all customers by our customer support team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Other
• Other user authentication: Cority requires authentication to our products prior to use. Cority Enviance applications support HTTP basic (username, password or session token) authentication over TLS as well as SSO using SAML v2.0.
• Access restrictions in management interfaces and support channels: Security assignment is based modular configuration. The client will create a user profile and assign the user to a specific functional role. The role(s) will be granted access to specific modules within a Product Suite.; Additional security features will allow the client to prohibit or grant explicit functions to a particular role and/or prohibit access to Reports, Fields, Metrics, Views, and the ability to Create Views.; The security configuration can be assigned to a single user or multiple users who use the same profile.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 31/12/2011
• What the ISO/IEC 27001 doesn’t cover: Please refer to attached ISO 27001 certificate for details.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27017
  • ISO 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO 27001:2013 certified ISMS is in place with staff to execute and support.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All Network components are managed and configured in an established service management framework (ITIL). Network Devices are hardened and access permissions are limited and restricted. Identification is happening via strong authentication and changes are tracked and verified against master configuration templates.; The Cority internal Change Advisory Board oversees all physical and logical changes that may result in an interruption to service. Any maintenance, scheduled or otherwise, that potentially impacts clients will be communicated to the client base. Communication is sent at least seven days in advance with a reminder sent 24 hours in advance.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cority uses a third-party service to perform automatic vulnerability scans on its production services on a monthly basis. Issues of concern are prioritized and mitigated as soon as possible.; Cority performs external penetration and vulnerability tests regularly. BSI conducts annual network security audits in compliance with Cority's ISO 27001 Certification for Information Security.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: As a SaaS provider, Cority monitors metrics from end-to-end in the aggregate for our hosting clients and can provide key data. Cority monitors transaction time, volume, bandwidth, download and upload speeds, and more. The results are consolidated in an ApDex report which can be shared monthly.Over time, we will us this data help us optimize our solution to ensure we are delivering maximum value to our clients.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Cority has formed team named Computer Security Incident Response Team. ; Upon a security breach, the CSIRT will:; • Determine if an event constitutes a security incident. ; • Conduct an investigation to determine the root cause, source, nature, extent of damage; • Preserve evidence of the incident; • Interview affected personal; • Act as a liaison with law enforcement and legal counsel; • Manage the release of information to the media in co-ordination with corporate communications; • Prepare reports of findings, root causes, lessons learned and actions for management review; • Carry out the directions of management communicated through the CSO

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  As part of Cority's Corporate Social Responsibility Policy, Cority is committed to the protection of the environment, and will ensure that the activities of our organization are conducted in an environmentally friendly manner. Cority employees contribute to the EHSQ community by creating continuing education materials accessed by thousands of professionals through webinars and speaking engagements. Cority supports industry trade associations and specific professional development initiatives, such as AIHA's Future Leaders Institute, to develop the next generation of EHSQ professionals.
• Covid-19 recovery:

  Covid-19 recovery

  Covid-19 has impacted a lot of small businesses and Cority wants to do its part in supporting them tide over these challenging times. Cority introduced Cority Marketplace, a network of small businesses that are owned and managed by friends and family members of Cority employees. We have compiled a list of small businesses known to our Cority employees and published them internally to encourage everyone to support these entrepreneurs. We continue to add new businesses that our employees bring to our attention.
• Tackling economic inequality:

  Tackling economic inequality

  As part of Cority's Corporate Social Responsibility Policy, Cority strives to ensure that non-discriminatory employment practices are utilized, and that human rights are protected at all times. Cority is an equal opportunity employer and does not tolerate violations of the law, human rights, or any workplace regulations or legislation. Cority also works to ensure that the workplace is free of discrimination, harassment, and bullying based on any of the protected grounds of employment found in the applicable Human Rights Act/Code. Cority will also ensure that its wages, benefits (both compensable and non-compensable) are appropriate for the job market and the geographic location.
• Equal opportunity:

  Equal opportunity

  Cority is committed to providing equal employment opportunities to all employees and applicants in all aspects of employment. We will not tolerate nor condone discrimination based on age, race, color, religion, gender, gender identity, gender expression, sexual orientation, country of origin or physical or mental disability. Cority also prohibits the harassment of any individual on any basis listed above. We will comply with the spirit and the letter of all local, provincial and federal laws pertaining to employment. The intent of this policy is to ensure that equal employment opportunity is extended to all persons in all aspects of the employer-employee relationship, including recruitment, hiring, promotion, compensation, training, transfer, benefits, layoff, recall, termination and participation in company-sponsored events.
• Wellbeing:

  Wellbeing

  Cority is invested in the mental and physical wellbeing of all its employees and is committed to providing a workplace that is free of discrimination, harassment, and bullying based on any of the protected grounds of employment found in the applicable Human Rights Act/Code. Cority is vitally interested in the ongoing health and safety of our staff, clients, visitors, and the public at large, and will work to ensure that our workplace meets or exceeds all applicable requirements under health and safety legislation. Cority also supports Workplace Health Without Borders (WHWB) which engages volunteers to improve workplace health and safety in under-served worker populations and foster skills development in these regions.

Pricing

• Price: £43,020.00 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tjeerd.HendelBlackford@cority.com. Tell them what format you need. It will help if you say what assistive technology you use.