Evalucom Consulting


CarePulse is an online platform for health and social care partners to share information. The system:

• reduces variation through standard, codified processes
• Improves transparency through standardisation and information sharing
• reduces human error and improves efficiency

Information shared includes care quality indicators, service details, real-time capacity/vacancies, and pricing/costs.


  • Dynamic, real-time error checking in forms
  • Auto-save
  • Interactive data visualisations
  • Real time vacancy reporting
  • Responsive web interfaces
  • CSV exports of datasets
  • Remote access through APIs
  • Integrated maps for service navigation


  • Improve the accuracy of self-reported information (e.g. quality metrics)
  • Enhance the user experience (quicker, easier, once only)
  • Gain insights by exploring rich data visualisations
  • Save time and money through efficient, global real-time vacancy system
  • Maximise use of existing health and social care capacity
  • Comply with reporting requirements regardless of device
  • Quickly read (and write) all relevant content on the move
  • Export or print desired datasets to share with third parties
  • Enhance service selection user experience by providing comprehensive easy-to-read information
  • Simplify service selection through map-based navigation


£30000 to £30000 per licence per year

Service documents

G-Cloud 10


Evalucom Consulting

Michael McHugh



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Web browser with enabled cookies and JavaScript
  • Stable and fast internet connectivity

User support

User support
Email or online ticketing support Email or online ticketing
Support response times P1 - Significant or complete loss of service affecting all users for which there is no workaround - 1 hour;
P2 - Failure that is limited in scope, business process impacted for which there is a short-term workaround - 2 hours;
P3 - Failure for a single or small of group of users - 4 hours;
P4 - Minor flaws, which do not impact the business function - 4 hours
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Tier 1: Initial support level responsible for basic customer issues, reachable via email and phone.
Tier 2: In-depth technical support for technical problems that can not be solved by Tier 1 support.
Tier 3: Highest level of technical support for handling the most advanced problems.

The support levels are included as part of the service and have no associated additional costs (other than on-site support).

A technical account manager is provided.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started When all new users join our service, we send personalised introductory emails which include:

• an overview of the service
• where to find key information and supporting documents within the system, including FAQs and regionally specific information
• key contact details for support

When a group of new users from the same organisation join the service, we offer onsite introductions and training alongside personal introductions. Screen sharing webinars are held to train new users from a number of different organisations simultaneously.

When a significant update is made to the system, we send a summary of the changes to all current users and offer introductory webinars.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users can extract their data using CSV exports.
End-of-contract process The user account will be closed down, access to the system will be revoked. Data will be transferred as required. There are no additional costs.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The web interfaces follow Responsive Design principles and thus look adapt their content layout based on the size and orientation of the screen. They will therefore look different on mobile and desktop environments.

Performance may be slightly worse on mobile, due to the differences in hardware capabilities. Devices with less RAM could experience longer loading times for the interactive data visualisations. The data visualisations are rendered in JavaScript and are thus dependent on device CPU and RAM capabilities.
Accessibility standards WCAG 2.0 A
Accessibility testing None
Customisation available No


Independence of resources Server capacities are monitored and in case of high usage of the system, a seamless up-scaling for additional servers can be performed.


Service usage metrics Yes
Metrics types We provide bespoke monthly quality monitoring and contract management reports.

We review Google Analytics metrics and internal page usage statistics and can provide these on request.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data via CSV exports or an API.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Available 99.5% of the time across a month based on 24/7 availability.

User refunds can be agreed on a case-by-case basis.
Approach to resilience CarePulse resides within AWS and Heroku and utilises the extensive resiliency features of AWS to deliver our solution.

Flexible up and downscaling of hosting capabilities in multiple regions allow our system to be resilient to failures in specific locations.
Outage reporting Scheduled outages are announced via CarePulse and unexpected failures are announced via email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Users are assigned to groups and groups are assigned to permissions. Based on user permissions, interfaces adjust the content displayed to the authenticated user. To ensure that only users who should access certain content are able to access the content, additional permission checks are performed in the back-end.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Information governance (IG) and security is the responsibility of a named IG lead.

The IG lead works with the IT manager to ensure all systems, services and equipment used for storing data meet acceptable security standards and that new and existing systems developed by the company are compliant with documented information security policies.

The IG lead is consulted during the design, development and/or implementation phase of any new systems, processes or projects carried out by the company to ensure information security.

The IT manager is responsible for performing regular checks and scans to ensure security hardware/software are functioning properly.
Information security policies and processes We follow detailed documented information security policies. These policies are reviewed annually at a minimum to ensure compliance with legal and regulatory requirements.

All new systems or processes undergo an Information Security Assessment. Appropriate steps are taken to mitigate any information security risks identified during the assessment.

The Information Governance lead reports directly to senior management. Information and security risks are raised with senior management as part of standard company risk reporting mechanisms.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All hardware components of the service are managed and tracked by Heroku and AWS. Maintenance work and security updates are performed on a scheduled basis by Heroku and AWS.

The service source code is designed, developed, tested and deployed internally and undergoes code reviews, user testing and automated unit tests before being deployed to the live environment. Every pull request has to be reviewed and approved by at least one senior developer before it can be merged with the master branch. Changes to the source code are tracked using version control and assessed for potential security impact (GitHub).
Vulnerability management type Supplier-defined controls
Vulnerability management approach GitHub regularly performs vulnerability checks on all software package dependencies of the service and assesses the potential threat level. In cases where a vulnerability is detected, a patch is deployed within one working day.

Vulnerabilities on an operating system level are assessed and dealt with by AWS and Heroku.
Protective monitoring type Supplier-defined controls
Protective monitoring approach A third party application is built into CarePulse to monitor, troubleshoot, and optimise security using network and in-app security signals. Audit logs are generated by the application and reviewed once a month. Automated security alerts and flags are shared in a Slack channel and via email to notify the technical team of potential breaches and security vulnerabilities. These are then investigated and appropriately dealt with within one working day as per the Incident Management processes.
Incident management type Supplier-defined controls
Incident management approach Pre-defined processes for common incidents are in place. The processes lay out specific instructions that should be followed in case an incident occurs.

Users can report incidents via the help centre (email and phone) or use the built-in feedback form functionality of the system. The incidents are then assessed and investigated using our third party protective monitoring application and dealt with accordingly.

Security incidents of relevance are reported within 5 working days through CarePulse's announcement system.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £30000 to £30000 per licence per year
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑