Soft Recruit (Vendor Management Software)
Soft Recruit vendor management system manages the provision of agency staff for hospitals. The VMS manages the entire agency framework process from the publishing of job requests to frameworks, candidate submission and confirmation, electronic time sheets, invoice validation, direct engagement and real-time reporting.
- Simple intuitive user interfaces (desktop, tablets)
- Captures exact staffing requirements and publishes to agency framework
- Cascades jobs in accordance with your framework agreements
- Automation of job allocation with framework agency
- Real-time compliance – Manages agency compliance
- Performance management – calculates agency fill rates
- Highly configurable to match the precise needs of the customer
- Communicates automatically with agency framework
- Real-time roster reports automatically emailed to ward managers
- Risk Management - Keeps you compliant to your framework agreement
- Provides clarity and visibility on agency expenditure
- Facilitates multiple rate cards and rate caps across multiple professions
- Agency VAT Recovery - facilitates direct and indirect engagement contracts
- Vastly reduces administration overhead
- Real-time access to customisable management information reports
- Provides agencies with direct online access to vacant shifts
£25000 per licence per year
- Free trial available
2 3 0 5 6 2 1 1 7 8 8 2 9 0 0
Medical Banks Limited
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||24 Hours|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Our web chat is accessible from the user online portal and will connect you to our support centre during operating hours or you can leave a message during out of hours.|
|Web chat accessibility testing||None|
|Onsite support||Yes, at extra cost|
Level 0 is provided by the system i.e. automated system support. This is included in the subscription cost
Level 1 support is provided by trained client administrators. This is also the escalation point for higher levels of support provided by MediBanks technicians.
Level 2 and 3 (and, where relevant Level 4 support) is provided by MediBanks. Access to these support levels is via formal escalation from level 1 support. This is included in the subscription cost.
Onsite training can be provided in accordance to our rate card.
MediBanks provides technical account manager.
|Support available to third parties||Yes|
Onboarding and offboarding
During implementation the implementation team will define and implement an agreed training schedule. This training is required for administrative staff only.
From an end user perspective, this system is highly intuitive and therefore guidance is provided via user help guides such as FAQ's and video tutorials embedded throughout the system.
|End-of-contract data extraction||Upon termination of a contract all client related data can be provided in CSV format.|
|End-of-contract process||At the end of the contract, data extraction to CSV is provided at no extra cost.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
If accessed via a web browser on a mobile device the users will have full functionality.
|Description of service interface||Our service interface provides users with access to a full control to manage their account.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Our service interface is accessible via a login portal we provide to active clients.|
|What users can and can't do using the API||An API is available for the framework agencies to receive, confirm and cancel bookings.|
|API sandbox or test environment||Yes|
|Description of customisation||Clients can configure the system to meet their custom requirements/workflows within the constraints of the overall system. Configuration options are available through the client administrator portal. Client users with appropriate administrative access can edit configuration options.|
|Independence of resources||
MediBanks is hosted by Sungard Availability Services. Sungard AS are a recognised market leader in global cloud hosting services. Our SLA with Sungard includes:
1. Redundancy - a minimum level of redundancy on our servers to allow for peaks in service or system failure.
2. 99.8% up time/availability
3. Access to sufficient servers to allow us to maintain our redundancy and uptime standards as we increase the number or service clients.
|Service usage metrics||Yes|
Yes we do provide service usage metrics.
User reports detail the number of active users, user logins, browsers employed and so forth.
Booking and placement reports detail the number of jobs placed on the system and their associated fill rates.
Financial reports detail the amount of money processed via MediBanks also detailing accruals, savings achieved and future liabilities.
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||European Economic Area (EEA)|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||Users can export their data via the reports tab of their online portal. These reports can be customised to the users preferences via a data picker and are exported in a standard excel format.|
|Data export formats||
|Other data export formats||Excel|
|Data import formats||
|Other data import formats||Excel|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||
Availability and resilience
The hosting platform is based in Sungard Availability Services. This provides high availability failover and failback options that keep critical applications up and running.
The infrastructure is based on dedicated high availability devices providing packet filtering and load balancing service.
Uptime is over 99.8% and in the unlikely event of failure refunds for downtime are provided on a pro-rata basis of the licence fee.
|Approach to resilience||The hosting platform is based in Sungard Availability Services. Full details are available on request.|
|Outage reporting||In the event of an outage we depend on email to notify user of system outages and service updates.|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Management interfaces and support channels are restricted by IP address. This is addition to the normal user login processes and user profile permissions.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||We are in the process of obtaining ISO/IEC 27001 accreditation. We currently hold ISO 9001:2008 accreditation.|
|Information security policies and processes||
We currently hold ISO 9001:2008 accreditation. This certification is audited annually.
Our staff are well versed in these policies with regular training provided for the same.
Managers are responsible for the day to day adherence of our security policies. Any breaches of policy must be reported to the IT Director.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
We have an active Product Development Roadmap. Changes to the system are subject to our Change Control Process (CCP).
Enhancements to the system arise from one of three main sources:
• Anticipated Needs
• Client Issues
• Client Opportunities
Enhancements are assessed against:
• Client impact
• Development Cost
• Development duration
• Regression impact
• Risk Assessment (including risks associated with the regression impact)
Approved enhancements are integrated into the development roadmap.
Enhancements are developed in accordance with our overall development model: (1. Discovery, 2. Develop, 3. Test (including regression testing), 4. Deploy and 5. support handover).
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
We have a threat manager service on our hosted platform which monitors, analyzes and logs security events based on non-SSL traffic to customer identified nodes in real time using hardened security appliances.
This service is comprised of
i) a hardened sensor appliance;
ii) logical and dynamic system analysis;
iii) sensor tuning and optimization;
iv) on-going threat and vulnerability signature updates;
v) intrusion detection services;
vi) asset identification and criticality ranking;
vii) vulnerability assessments and reporting;
ix) customer selected notification of detected threats via e-mail or page;
x) Service-software patches, upgrades and updates;
Patches are deployed immediately/ASAP
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
Potential compromises are monitored via our threat monitor service. Also internally we have monitors for network traffic to identify potential DOS attacks, server and db usage information, fileserver throughput - often times significant traffic from a particular source is indicative of an attack.
Potential compromises are always examined immediately upon discovery. Responses start by analysing server logs, to running different commands on the server to identify any bottlenecks caused.
Response time is immediate, with focus on returning the service as soon as practicable, resolution time often is determined by the seriousness of the compromise.
|Incident management type||Supplier-defined controls|
|Incident management approach||
The company maintains an incident register where all incidents are logged and managed.
All incidents are reported by users or staff are recorded on the incident register where the severity of the incident is asssessed and appropriate action is taken by the manager responsible.
Incident reports are available electronically are the register is electronic and incident reports with their resolution are issued to the user in question if applicable.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£25000 per licence per year|
|Discount for educational organisations||No|
|Free trial available||Yes|
|Description of free trial||
The licence fee is waived for the first 3 months of signed contracts.
Implementation and setup fee