promatica digital

Promatica Digital Quality Portal

Supporting the pharmacy workforce and workflow within NHS organisations.

Features

• Remote access
• Secure HSCN access to the application
• Software hosted by customer accessed via the Cloud
• Browser based for ease of access

Benefits

• Improving information exchange
• Multiple device access via secure browser
• Real-time access to workflow
• Analytics dashboard for data interpretation

£3,000 to £80,000 a licence

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mo.rahman@promaticadigital.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

990988771278797

Contact

Mo Rahman
0796 775 6921
mo.rahman@promaticadigital.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: No
• System requirements: Software licensing

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: This will depend upon the SLA. Typically 24 hours excluding weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: First line basic support and filtering.; Second line technical support as required.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide user guides and additional materials for super-users with technical help support as required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A copy of the database will be provided but customers may extract data directly from the database or via a cvs file.
• End-of-contract process: This may vary by contract but generally decommissioning is an additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile restricted to essential features.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Access via browser login
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None to date
• API: Yes
• What users can and can't do using the API: Partial API, including but limited to ADFS
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We can modify workflow to meet customer requirements

Scaling

• Independence of resources: The application sits on the customer’s own IT system and is not impacted by the demands of other customers

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users registered, the usage of the application, size of files to date, activity relating to areas of use and the number of transactions done
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: We do not hold data
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: This is not required as all reports are provided online through the platform. Bespoke arrangements can also be made if required.
• Data export formats:
  • CSV
  • ODF
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Data remains within the customer’s network and is not transferred to Promatica Digital Ltd.
• Data protection within supplier network: Other
• Other protection within supplier network: Data is not held by Promatica Digital - the application sits within the customer’s network and data is not transferred.

Availability and resilience

• Guaranteed availability: Guaranteed by the cloud service provider - typically 99.8%
• Approach to resilience: Data is held by our customers so resilience is their responsibility. Where cloud hosting is taken up the hosting service will provide this information on request.
• Outage reporting: This is a customer responsibility as they host the application ad hold the data. If support is required it can be requested by email.

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: This is the responsibility of our customers. NHS bodies generally use two factor authentication.
• Access restrictions in management interfaces and support channels: Management does not have access to data. Support staff may only access the application and data when supervised by customer staff.
• Access restriction testing frequency: At least once a year
• Management access authentication: Other
• Description of management access authentication: This is the responsibility of our customers as the data are held on their systems.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: NHS Data Security & Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Promatica Digital Ltd does not hold data - it resides within the customer’s own network
• Information security policies and processes: Promatica Digital Ltd has an Information Security policy and a Data Protection policy. Although data is held by our customers, not us, on occasion our technical staff may need to access the application to provide support. When this occurs they are closely monitored by a senior manager and by customer staff.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The service is tested throughout holy before deployment. Pen testing will be undertaken annually. Service changes will be thoroughly tested before deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats and issues are identified by the supplier or by customers. If any ‘gap’ is highlighted we will respond to high risk issues within 24 hours.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Issues are identified by the supplier or our customers and we will respond to high risk issues within 24 hours.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We have adopted the NHS incident management processes and incidents would be reported via the reporting tool associated with the DS&P Toolkit. Where we are working with local health economies that have their own preferred arrangements we will adopt those too.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  n/a
• Covid-19 recovery:

  Covid-19 recovery

  n/a
• Tackling economic inequality:

  Tackling economic inequality

  n/a
• Equal opportunity:

  Equal opportunity

  n/a
• Wellbeing:

  Wellbeing

  n/a

Pricing

• Price: £3,000 to £80,000 a licence
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Limited to 2 weeks access on a dummy site

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mo.rahman@promaticadigital.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.