InPhase Integrated Health Management : Governance, Compliance & Assurance
The total unifying Health solution that brings together everything needed to drive quality improvements.
From automated board reporting, unified KPI and outcome dashboards, though cascaded delivery against commissioner plans to audit, compliance, CQC, to low level action and SOP management. All linked to transaction data to check success.
Features
- Single view of organisation wide assurance
- Action tracking of Actions including CQC, NICE, CAS
- Triangulate performance and assurance
- Pre-configured templates for Audits, SOP's, Trust KPI's
- Automated Board Assurance Reporting
- Integrated Crisis Management and staff availability
- Interactive Heatmaps showing all key organisation issues
- Self service, fun and easy to use for all
- integrated with Microsoft including Teams
- Collaborative decision making & sign off
Benefits
- ensure standards are met, but care about their teams
- take the pain out of regulation
- make the most of their people’s time and effort
- enthusiastic teams contributing to joint outcomes and goals
- be best prepared for a crisis
- teams receive clear, easy instructions on what to do when
- embed continuous improvement
- inclusive culture of team work and in it together
- standardise approach to management, but encourage innovation
- nurture team performance and create an inclusive culture
Pricing
£0 to £10,000 a licence a month
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
1 2 4 1 8 4 9 0 8 0 5 8 1 6 7
Contact
InPhase Limited
Victoria Keogh
Telephone: 0044 (0) 1753 480480
Email: info@inphase.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Community cloud
- Hybrid cloud
- Service constraints
- None
- System requirements
- Software Licence
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Typically within the hour. 100% in 3 working hours
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- As per hub spot compliance
- Onsite support
- Yes, at extra cost
- Support levels
-
Remote on line support, billable on an hourly rate, or provided as a total solution.
day rates for consultancy and technical also available - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
The software is commissioned for you.
Training is via video - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
- Word
- End-of-contract data extraction
- InPhase can provide this service at an additional cost, or you can download it via the front end table views.
- End-of-contract process
- A full copy of your database is available at an additional cost. Everything else is included.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Full data capture, self service and reporting is all achieved via the mobile device.
- Service interface
- Yes
- Description of service interface
- This is the main application
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Jaws and other screen reading software
- API
- Yes
- What users can and can't do using the API
- The API is to the main InPhase application.
- API documentation
- Yes
- API documentation formats
- Other
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
- Content and graphics can be customised.
Scaling
- Independence of resources
- The Hosted service is available as either a fully elastic resource or as a customer separated fixed resource where desired, ensuring the resource for one customer is never impacted by another customer.
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Users export either as pfd, excel, word, bmp or other image file type.
automating export to MS Office eg task integration is also possible. - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- Excel
- Word
- Xml
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- Xml
- Excel
- SQL
- Access
- Oracle
- ODBC
- SSRS
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
-
SSL3.0
Azure AD and 2FA at additional costs. - Data protection within supplier network
-
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- SSL3.0, Azure AD at additional costs.
Availability and resilience
- Guaranteed availability
- INPHASE is designed to deliver 100% connectivity and an availability of better than 99.9% for the solution. Over the past year INPHASE hosted customers experienced availability of better than 99.975%, based on single combined web and application server. In the previous 5 years they experienced 100% availability, excluding scheduled maintenance. Service credits for the non-availability of connectivity are defined.
- Approach to resilience
-
InPhase has built its solution upon the Microsoft development stack, in large part for the highly resilient, fault tolerant and performant nature of the platform.
The datacentre hardware setup is configured with 100% failover hardware resilience. - Outage reporting
- Email Alerting
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Limited access network (for example PSN)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
ISO 27001 compliant.
Specified individuals access. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyds Register LRQA
- ISO/IEC 27001 accreditation date
- 29/5/2015 expiry 28/52018
- What the ISO/IEC 27001 doesn’t cover
-
Activities other than
-the build, deployment and support of cloud and managed hosting solutions
- systems integration and IT managed services
are not covered. - ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- On Azure - 15/10/2016
- CSA STAR certification level
- Level 3: CSA STAR Certification
- What the CSA STAR doesn’t cover
- CSA Star certification on INPHASE on Azure covering the networking, compute, database on Azure. Non-Azure not STAR Certified.
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- We have a defined in house structure of security policies that effect each department differently. For all matters relating to security the process is immediate CEO level reporting.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Component traceability, version control, throughout their lifetime with software source control.
Appointed security officer assessment and test. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Use of industry leading third party threat detection and prevention software and hardware systems including automated security patch deployments.
Microsoft Gold Partner for related threat and security information and updates. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
ISO 27001 compliance.
Detailed access audits.
DOS threat monitoring and automated email alerting. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
IS0 27001 compliant
Multi-channel reporting supported.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
- NHS Network (N3)
Pricing
- Price
- £0 to £10,000 a licence a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
To set up a free trial contact info@inphase.com or call +44 1753 480480.
14 day periodicity - Link to free trial
- http://inphase.com/