Black Space Technology Limited

Rapid-EPR

Rapid-EPR - A fully automated prehospital care electronic care record (ePR) combined with wireless monitoring systems for the real-time management of emergencies. There is optional low bandwidth-high-definition videoconferencing. The cloud based platform has the advantages of simpler deployment, easier maintenance, and multinational language interoperability.

Features

• Real Time Monitoring
• Remote Access
• Configurable
• Integrate with 3rd party systems
• Real Time Reporting
• Analytics

Benefits

• Multi agency data visibility
• Coordinate and push data to multiple devices
• Handle multiple scenarios in multiple locations
• Downloadable onto any device
• Browser agnostic

£840.00 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.morgan@blackspacetechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

993587285901092

Contact

Dr David Morgan
+447836648923
david.morgan@blackspacetechnology.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Video conferencing; GIS data
• Cloud deployment model: Hybrid cloud
• Service constraints: No - hardware, operating system and browser agnostic
• System requirements: Will work on any device

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normally within 7 hours max - 24 hours including weekends
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: On site
• Web chat accessibility testing: Not at moment on road map
• Onsite support: Yes, at extra cost
• Support levels: Level 2 and 3; Cost depends on number of devices ; Technical account manager provided
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Discovery phase meetings, define functionality with end user stories, onsite and online training with documentation - paper and embedded including videos
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Videos MPEG
• End-of-contract data extraction: We will supply data in appropriate format and storage as defined in contact
• End-of-contract process: License, support, updates, training, project management, project closure costs including data export; Cloud usage charges extra depending on usage

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • Windows
  • Windows Phone
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Configurable to service needs
• Accessibility standards: None or don’t know
• Description of accessibility: Any web browser
• Accessibility testing: Extensive testing with disability users
• API: Yes
• What users can and can't do using the API: Defined during project set up
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: User defined initiated by BST

Scaling

• Independence of resources: Separate cloud server configuration per customer

Analytics

• Service usage metrics: Yes
• Metrics types: Definable by customer during discovery phase
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Customised to customers requirements
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: THIRD PARTY SERVICE LEVEL AGREEMENT; Black Space Technology Limited (BST) provides to the Customer the following software maintenance services, on payment of the agreed fee;; ; Priority 1 - Critical: A critical problem that:; • renders the product unable to serve/process data, or; • causes repeated multi-user crashes, or; • total system hang, or; • an issue causing serious impact to the Customer; ; Priority 2 - Serious: A serious problem that:; • produces intermittent loss of function, or; • degraded, but tolerable, system performance, or; • an issue causing nominal impact to the Customer; ; Priority 3 - Moderate: A moderate problem that:; • impedes, but does not prevent, a user from following the process, or accomplishing the desired function; • an issue which will be need to be addressed, but currently has minimal impact on users/data processing to the Customer; ; Priority 4 - Minor: A minor problem that:; • identifies a design/function which is not implemented; ; Priority 1 99% within 1 working day Priority 2 95% within three working days Priority 3 95% within fourteen working days; Priority 4 at the next planned software release, or where appropriate, in time scales agreed with the Customer
• Approach to resilience: Available on request
• Outage reporting: Dashboard, API and email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: These activities may be conducted through a service management web portal, or through other channels, such as telephone or email. They include such functions as provisioning new service elements, managing user accounts and managing consumer data.; all management requests which could have a security impact are performed over secure and authenticated channels
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: In process with BSI
• ISO/IEC 27001 accreditation date: In process
• What the ISO/IEC 27001 doesn’t cover: TBA
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME Gold Iot

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: IASME gold IoT
• Information security policies and processes: ISO 9001, 13485 and Cyber Essentials plus

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management as defined by ISO 9001 processes and Cyber Essential Plus
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular 3rd party penetration testing and security patches as required; Potential threats from 3rd party and Govt surveillance
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: SIEM Tools; Security Analysis; Network Analysis; Network Logging; Data Analysis; Response times defined in SLA
• Incident management type: Supplier-defined controls
• Incident management approach: Predfined incident management plas as part of business continuity planning; Email/phone/online/within app incident reporting; Incident reports - email as part of ISO 9001/13485 Incident Reporting Process

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  The company has implemented an equal opportunities policy in accordance with guidance from and to the satisfaction of the Equality Commission.

Pricing

• Price: £840.00 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Small scale end user trial for 1 month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.morgan@blackspacetechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.