Information management and training system supporting the multi-professional workforce. Accent (previously Intrepid) is a comprehensive suite of fully-integrated facilities enabling the HR team to manage every aspect of the workforce - from setting up establishments, recruitment into posts and rotations within programmes, to the monitoring and assessment of career performance.
- Curricular, programmes and post management including approvals and funding
- Management of rotations
- HR administration including links to the NHS ESR (optional)
- Assessments and appraisal planning and results recording
- Courses and exam management
- Supporting revalidation activities
- Integrated document management
- Quality management
- Administration of leave, courses and assessment events
- ISO9001 and ISO27001 accredited
- Reduction in administrative overhead
- Data collected at source leading to improved data quality
- Improved business efficiency through process automation
- Improved communications between HR team and the medical workforce
- Improved access to data for management and performance reporting
£1 per person per year
- Free trial available
Hicom Technology Ltd
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
Hicom will notify the Client of any planned service disruption or downtime, although we reserve the right to temporarily restrict access to the service outside of normal Service Hours without notice to undertake system upgrades or maintenance. Hicom also reserve the right to limit use of the service to within Service Hours in the event that a risk is identified by use of the service outside of the Service Hours.
Access to the system is provided via N3/HSCN.
|System requirements||Provision of industry standard browsers for each PC|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Hicom guarantee to respond to all support calls within eight working hours from the time of receipt of the call. Response to critical problem will be within two working hours from the time of the call.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
- First-line support: Basic level user and technical support. Also used to gather information and analyze a problem
- Second-line support: In depth technical support used to troubleshoot and solve problems
- Third-line support: Expert support for complex issues. Also used to support first and second line support
All levels of support are provided through payment of the standard support and maintenance charge.
A technical Account Manager is provided.
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||We provide a comprehensive package of user training. The standard package includes on site training, but online training can also be provided. This training involves all elements necessary for users to utilise the sytem. In addition, administrative training will also be provided and, optionally, report builder training can also be delivered. User manuals and, where relevant, technical documentation is also provided.|
|End-of-contract data extraction||Data is extracted by Hicom on request in a format dependent on future needs.|
The following activities can take place at the end of the contract:
- Analysis and design: We would be keen to either provide the replacement system, or provide consultancy around the nature of the requirement. This would include comprehensive legacy analysis of the existing system to inform the requirements of the next (additional cost).
- Configuration and change management: Any change requests or defect reports will be passed to the developers of the subsequent system (additional cost).
- Data will be provided as IFF (included).
- Operations and support: The final release will still be supported until it is finally removed as long as this stage is still within contract(included).
- Transition consultancy: General consultancy is offered to enable the move to the replacement system. This may include consultancy around data migration and, specifically, around the data schema (additional cost)
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||No major difference. Some small difference in how screens are rendered.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Although not compliant to WCAG 2.0 AAA, WCAG 2.0AA or WCAG 2.0A, we are aware of these standards and incorporate them wherever possible into the design of all of our software. This awareness of Web Content Accessibility Guidelines (WCAG) 2.0 ensures that content is accessible to a wider range of people with disabilities as well as making our web content more usable to users in general.|
|Accessibility testing||Our experience of interface testing with users of assistive technology is limited. However, we are aware that WCAG 2.0 success criteria are written as testable statements and are seeking to integrate this into our testing procedures.|
|What users can and can't do using the API||
The Intrepid ESR API is a bi-directional interface between Intrepid and Trust based ESR systems.
A link between an Intrepid Post and an ESR Position is established with the ESR instance. Position data is passed to Intrepid in a daily extract.
On receipt, Intrepid will carry out the following actions:
- Discrepancies between Intrepid and ESR data are used to update Intrepid data. This is configurable on a field by field basis, and can be automatic, or subject to administrator review.
- Received Positions are added to a watch list of Posts for which changes are reported back to ESR.
The ESR Interface will daily create two exports to ESR:
- Applicant Export – 3 months before a trainee begins a Placement, details will be sent to ESR.
- Notification Export – Changes to a Placement following inclusion in the Applicant Export are detailed in a separate export to ESR.
The import/export functionality allows updates to be synchronised between Intrepid and ESR, taking advantage of up-to-date data entered on either system.
The interface is designed to run with minimal user interaction. The degree of maintenance required is dependent on the level of oversight the administrator requires for updates from ESR.
|API sandbox or test environment||Yes|
|Description of customisation||Users have limited ability to customise the service. This includes menu items, data entry templates, document templates and, to a limited extent, the look and feel of the interface. This ability is limited to those users who have appropriate role based access controls.|
|Independence of resources||
This is achieved through the following:
- Appropriate hardware: Our data centre in Brookwod in Surrey is constantly monitored to ensure it has the capability to provide the service for our current and projected workload. If required, new hardware and other infrastructure is added to accommodate demand
- Efficient software design: Our systems are designed to ensure the most effective use of service resources are made
- Our SLA: Users of the system can rely on the service level outlined in our service level agreement to ensure appropriate system provision
|Service usage metrics||Yes|
The following service usage metrics can be provided on request:
- Core user actions: Are users consistently using predefined core user actions?
- Activity time: The number of times a user visits a service and the elapsed time they spend
- Visit frequency: How often does a user return to a service
|Reporting types||Reports on request|
|Supplier type||Not a reseller|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a CHECK service provider|
|Protecting data at rest||
|Other data at rest protection approach||FIPS assured encryption|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Data can be exported either by using pre-formatted, customisable audit reports or by creating their own reports via report builder.|
|Data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
|Other protection within supplier network||Physical security.|
Availability and resilience
Hicom will endeavour to make the service available without disruption during Service Hours; however allowances should be made within this period for essential service downtime to enable critical software upgrades and system maintenance to be carried out.
Hicom guarantee system availability for 99.5% of the time during the Service Hours, however guarantees cannot be provided on the N3/HSCN network connectivity that exceeds the SLA in place with BT. The N3/HSCN network connection is provided by British Telecom and Hicom have a Service Level Agreement with BT for continuity of service in the event of a fault or failure of the N3/HSCN network connection.
The 99.5% service availability objective equates to 10.4 hours of downtime during Service Hours within the contract year. Subject to the conditions set out in the full SLA, in the event that the service is not available for more than 20 hours within the Service Hours in any one contract year then the current contract period will be extended by 10 days without charge. For each additional 10 hours of downtime within the Service Hours in the same contract year, the current contract period will be extended by a further five days.
|Approach to resilience||This information is available on request.|
|Outage reporting||All outages are reported via email alerts.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
All access to the system, including management interfaces, is provided by Role Based Access Control dependent on successful entering of a username and password. As the system is hosted within the N3/HSCN network this adds a higher level of security. Where possible access control lists are used to restrict access by IP address.
Access to online support is similarly managed by Role Based Access Control, whilst those accessing telephone support may be asked to prove their identity if required. Where possible access control lists are used to restrict access by IP address.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI|
|ISO/IEC 27001 accreditation date||16/06/2015|
|What the ISO/IEC 27001 doesn’t cover||We believe this covers all of our activities.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We are ISO 27001 accredited and, as such, our information security policies and processes are guided by this. This, therefore dictates the following:
• Information security policies
• Organization of information security
• Human resource security
• Asset management
• Access control
• Physical and environmental security
• Operations security
• Communications security
• System acquisition, development and maintenance
• Supplier relationships
• Information security incident management
• Information security aspects of business continuity management
• Compliance; with internal requirements, such as policies, and with external requirements, such as laws
ISO 27001 compliance is managed by our Office and HR Manager Elaine Smart who reports directly into our Board.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All changes related to the product specification (configuration) are either captured by the Project Manager if the system is still being implemented, or by our support department or the clinical account manager if the system has already been implemented. These are then tasked as Requests for Change and prioritised for implementation
Changes in the project processes or baseline (time, money etc.) are dealt with via the Project Manager and, if necessary the relevant Hicom Product Manager. If a change is identified, all affected project parameters will be assessed, analyzed for impact and acted upon.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Our vulnerability management process can be seen as follows:
- The information team review threats on a case by case basis
- Once alerted they review technical guidance regarding threats and other sources to identify a plan of action
- Depending on the patch we look to deploy all patches within seven days of release and critical and security patches within 48 hours
- Information about threats are gained from suppliers, industry sources, and industry publications
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Our protective monitoring process can be seen as follows:
- The information team review potential compromises on a case by case basis
- Once alerted they review technical guidance regarding potential compromises and other sources to identify a plan of action
- Depending on the patch we look to deploy all patches within seven days of release and critical and security patches within 48 hours
|Incident management type||Supplier-defined controls|
|Incident management approach||
Our approach to incident management is informed by ITIL. As such it is made up of the following components:
- Incident detection and recording
- Classification and initial support
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
- Ownership, monitoring, tracking and communication
Users report incidents through the support service defined in our standard SLA and incident reports are provided via the relevant Product Specialists.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£1 per person per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
A trial of the System and one optional component (excluding interfaces) is available for 30 days, subject to approval. This is designed to give full access on a time-limited basis to assess benefits of implementation.
The trial will be run in accordance with agreed principles. A trial agreement is available.
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|