Datatrial Ltd

Nucleus

Nucleus provides a cost effective hub for clinical information (documents, communication, and technologies) to enhance collaboration and decision making. Built for the compliant clinical research environment, it can be deployed simply to enable more efficient access to information and other third party technology

Features

  • Compliant document repository
  • Collaboration and workflows
  • Permission management and audit trail enabled
  • Multi program management
  • Instant messaging
  • Single sign on and application management
  • TMF reference model 3.0 folder structure
  • Two factor authentication

Benefits

  • All documents and data in a compliant environment
  • Information/people can be grouped to improve ease of access
  • Enhanced security can be enabled to protect sensitive data
  • Access the latest version of documents (inbuilt document version control)
  • Improved communication via instant messaging and document sharing
  • Access multiple applications with or without single sign on
  • Initiate/manage workflows for document reviews or tasks

Pricing

£50 per person per month

Service documents

G-Cloud 11

107049597735358

Datatrial Ltd

Julie Wright

07828787225

julie.wright@datatrial.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Nucleus requires a Windows or Macintosh computer with a minimum of 2GB of memory and Microsoft Internet Explorer 11, Safari v11, Chrome v64 or Firefox v58 or later browser.

Maintenance and upgrades will be notified to users prior to happening and application of any changes/maintenance will be done at a time with least impact on users.
System requirements
  • Microsoft Internet Explorer 11 or later
  • Safari v11 or later
  • Chrome v64 or later
  • Firefox v58 or later

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Response times depend on ticket types. Standard Support Services Policy defines this.
Hours of support by a support agent are Monday to Friday 9-5pm excluding public holidays; access to online support (raising tickets, accessing the knowledge base) is available 24 hours a day, 7 days a week
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support based on our standard SLA is included in the license fee.
First tier support including management of user access will increase the license fees per user by £5 per month however permission management can be done by the customer
Second / third level support is provided by us and support enhanced by technical staff
An account manager will be provided but they will not be technical
Following training and implementation, all support provided via the helpdesk
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide initial configuration training which can be done onsite or online. The system also comes with a user guide by way of the knowledge base. Configuration and permission management are the key areas of focus for the administrators of the system. For all other users, the system is straightforward to use as users only see what they are able to access
Service documentation No
End-of-contract data extraction Batch download
End-of-contract process The license fee includes access to the system, support, hosting, and backup/disaster recovery. Training is a fixed fee; if template documents for qualification are required these are an optional extra. All data and documents can be removed from the system by any user but if a batch export is required then this will be an additional cost

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The only differences are in the way the screens are viewed once they respond to the screen size
API Yes
What users can and can't do using the API Public API available for authentication, document management and data set management.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation The organisation structure, how information is grouped, collaborations, the document folder structure, permissions and user groups

Mainly the configuration is controlled by one or more administrators (there are a number of administrator levels), however certain users can add folders to the folder structure in the documents module

Scaling

Scaling
Independence of resources The service is hosted in Microsoft Azure and performance monitoring is part of our overall hosting services. Where there are peaks of use, additional hosting resources can be activated to ensure performance as a whole is not impacted

Analytics

Analytics
Service usage metrics Yes
Metrics types Active user numbers
Amount of data stored

As the product is further enhanced these metrics and other information will be available via dashboard
Reporting types
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach All information within Nucleus can be downloaded to the users local machine as long as they have permission to do that.
Data export formats Other
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Any

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Microsoft Azure guarantee 99.95% uptime in their SLA. We do not offer any refunds for loss of service unless it comes under our liabilities in the contract
Approach to resilience Available on request
Outage reporting Email alerts
Website that shows real time availability

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Covered by the Logical Security SOP
Permissions managed at Group level via Active directory
Within Nucleus, permissions can be set by pre-defined administrators and this controls user access to all information
Access restriction testing frequency Less than once a year
Management access authentication Identity federation with existing provider (for example Google Apps)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach DPO - GDPR expectations - data breach policy and procedure. Procedures defining logical and physical security
Information security policies and processes Logical security procedures; Data Breach Policy and procedure, Data Protection / Privacy Policies

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Internal procedures on Change Control and Configuration management are in place and available for review via audit
Security impact is handled via software development procedures (code review and risk assessment)
Vulnerability management type Supplier-defined controls
Vulnerability management approach We resolve critical bugs in the software immediately
Microsoft Azure is responsible for data centre vulnerability management
Protective monitoring type Supplier-defined controls
Protective monitoring approach Procedures in place for logical security
Network protected via third party under SLA
Incident management type Supplier-defined controls
Incident management approach Users can report issues with the software/hosting via the helpdesk
Any critical issues are addressed immediately
Other issues fixed under terms of SLA

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £50 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A sandbox can be created with all features enabled apart from the ability to add additional users to the system

We can offer a free 90 day trial upon request
Link to free trial https://www.datatrial.com/contact

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑