Brightwire

Brightwire - Care Management and Digital Record of Care

Brightwire provides consulting, configuration and integration of its cloud-based care management solution to help organisations to focus on individual-centred care. Care teams can capture, manage and assess individuals digital records, automate processes such as letters, trigger workflows to escalate or route cases, and manage and report on care plans.

Features

  • Customer and client care with information all in one place
  • On-demand reporting and analytics
  • GDPR compliant
  • Digital care records
  • Integration-capable with other line of business applications
  • Flexible system can be tailored and adapted
  • Integrated Royal Mail postcode lookup
  • Automated processes and tasks built-in
  • Insights and reporting

Benefits

  • Increased staff productivity
  • Users work better and more effectively
  • Improves agility through better data insight
  • Streamlines and supports business process improvement
  • Better engagement with customers and people receiving care
  • Rapid user adoption through familiar interface
  • On-demand access to business analytics and data
  • Flexible solution for patient/person and veterinary care management

Pricing

£675 per person per day

Service documents

Framework

G-Cloud 11

Service ID

1 1 1 8 4 4 5 1 0 5 9 3 9 0 7

Contact

Brightwire

Clare Millar

0131 541 2159

clare.millar@brightwire.net

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Clients have a choice of deployment and support models depending on organisational and infrastructure requirements.
System requirements
Web browser (IE, Chrome, Safari, Firefox, Opera)

User support

Email or online ticketing support
Email or online ticketing
Support response times
There are defined SLAs and Out of hours support models covering weekends and bank holidays. Support incidents are classed in three categories (Level 1 Critical, Level 2 Major and Level 3 Minor) each with four defined stages. A Level 1 incident has a maximum response time of 1 hour. Our support desk runs within office hours for the majority of clients, with year-round out of hours support also available on request.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support levels are based on an agreed allocation of time per month, with time reporting to indicate usage. Support can be scaled back or topped up accordingly. Support is based on a day rate. For out of hours support this cover is based on the client's need and an appropriate cost is calculated. We have clear support procedures in place and a technical account manager as well as a nominated support engineer are both provided as part of the support agreement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We offer a variety of training plans to help users start using the service. Some training is face to face for administrators but we have extensive user based online training for our SaaS offerings. User documentation is provided where required in electronic format. Onsite training: provided to groups of trainees who are usually split by administrative and user type. We recommend a 'train the trainer' approach with advocates who will be the key 'go to' people within the organisation, and provide floorwalking. User guides: these can either be documented or video guides for users and contain quick tips and handy reference information. Online training: we can provide online training if required - typically to larger groups of users. The level of onboarding and offboarding support depends on the customer's requirements. We can provide full support for organisations where there is an organisation-wide rollout, as well as pilot or trials within a specific business area.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
All data can be exported as a SQL Server database backup or via reporting tools.
End-of-contract process
The support agreement would normally allow for basic handover at contract end - however if there were more specific or custom requirements (such as a new target environment to which to replicate) then these would be assessed and a cost agreed with the Client. Brightwire will provide appropriate assistance to the client to extract any data or move to another supplier as required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The application can be configured depending on client need.
Service interface
Yes
Description of service interface
Our care management application offers a service interface out of the box.
Accessibility standards
None or don’t know
Description of accessibility
The application is designed to be usable and accessible and meet current guidelines and best practice that fall under section 9 (Web). For example: multi-media content: the application does not include video or audio content use of colour: colour is not used to convey information in the application contrast: text contrast ratios meet the 3:1 requirement on large fonts headings: areas and pages are clearly described navigation and menus: are consistent across the application
Accessibility testing
None
API
No
Customisation available
Yes
Description of customisation
Our care management application can be extensively customised to suit client needs. A range of areas can be customised - ranging from simple to complex workflows, triggers and notifications (as examples)

Scaling

Independence of resources
There are multiple deployment routes - each of which would be assessed in the light of specific functional and non-functional requirements such as performance. Performance can be affected by user bandwidth/connectivity as well as network capacity. We implement techniques to improve application performance and can recommend hosting models that will reduce the risk of load that negatively impacts performance.

Analytics

Service usage metrics
Yes
Metrics types
Service usage might apply to two scenarios - the behaviour of the users consuming the service, on which analytics can be provided, and/or the draw-down of the support time allocation, analytics for which are typically provided on a monthly basis.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
All data can be exported as a SQL Server database backup or via reporting tools. The way in which we would recommend this be done would depend on customer need and the target environment.
Data export formats
  • CSV
  • Other
Other data export formats
Excel
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Our guarantee for service level uptime is 99.9%. Should the service fall below this in a given quarter then a credit may be given against the applicable quarter's fee. This is based on a sliding scale.
Approach to resilience
The underlying solution is based on a high availability configuration on a private cloud using vMWare vSphere. Further information is available on request.
Outage reporting
Administrator dashboard with automatic error reports via alerts and notifications.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Admin access is limited by role based controls built into the software to ensure that only users with appropriate rights have access to management functionality.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Authentication is based around username and password with role based authentication within the application itself. All access to the application is over a TLS 1.2 encrypted secure channel.
Information security policies and processes
We follow ISO 27001 methodology for policy and processes, and ensure that this is mapped closely to the Government's Cloud Security Principles. We have a defined reporting structure in place with ultimate responsibility for security and compliance resting with the CTO.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow a structured change procedure, which provides a high degree of management and quality of output with a controlled approach to changes in scope – it being essential to track changes and ensure that all amendments are assessed and authorised. Specific processes for change management are as follows:
Request: Initiation of a change with a request for change (RFC);
Classification: Assigning a priority to the change after assessing its urgency and impact;
Authorisation: Processing the RFC through to the change advisory board;
Development: Developing the change, release management;
Release Management: Releasing the change for testing;
Review: Conducting post-deployment review.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We have a policy of applying all Microsoft related security patches within a day of them becoming available. For our hosting environment we subscribe to VMWare notifications and apply these to our private cloud environment within 3 days of them becoming available. For other general software that we use such as Umbraco we subscribe to notification lists and deploy these based on a triage of the exposure and risk and a prioritisation. Critical updates are always deployed as soon as they become available and always within a 4 hour window.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We limit exposure by only allowing access via firewall control to services which need to be accessed externally and have automatic lock out on accounts if suspicious activity is assumed or detected. We track and monitor invalid login attempts via event logging mechanisms and respond based on the SLA times as detailed earlier in this section.
Incident management type
Supplier-defined controls
Incident management approach
Users report incidents online using our incident reporting tool or by phone or email if required. We have specific processes that are triggered by incidents being reported to us which are followed and users are able to track and monitor the incident as it progresses through the SLA that corresponds to its priority. All incidents are followed by an incident report explaining what happened and what action is to be taken to prevent a reoccurance.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£675 per person per day
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑