Altrix Technology Limited

Altrix Technology Platform

Altrix provides an online market place for fully compliant staff to engage directly with hospitals. This significantly reduces costs, time and effort in the sourcing of suitably compliant resources to increase patient care and ensure compliance with NHS Employers guidelines.


  • Online Workforce Scheduling
  • Risk Management
  • NHS Employers Compliance
  • Time Management
  • Real-time Reporting


  • Cost Management
  • Patient Safety
  • Improved Staffing Levels
  • Increased Compliance
  • Full visibility of Staffing Levels


£3000 to £15000 per licence per month

Service documents


G-Cloud 11

Service ID

2 9 7 2 8 4 7 9 7 5 2 7 4 4 7


Altrix Technology Limited

James Lock


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements Internet access via a web browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within our policy we will always respond within 2 hours. This is provided 24 hours a day, 7 days a week.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels The support provided by Altrix is available 24 hours a day, 7 days a week including all Bank holidays. There is no additional cost required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Altrix has a dedicated account manager who will be available to provide training onsite at no extra cost. Online training videos are available as is user documentation. The account manager will be able to provide additional training sessions as and when required.
Altrix provides the resources to onboard the Trust onto the Altrix platform and will build the links with the e-rostering tools.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Video
End-of-contract data extraction Users will request their information via the technology platform and deletion of all data in line with GDPR regulations.
End-of-contract process Full suite of services are in one low fixed cost.

At the end of the service the Trust would be removed from the platform and no longer visible to users.

The are no additional costs at the end of the contract.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The service is mobile optimised and has identical features and functionality on mobile and the desktop service providing all features and benefits.
Service interface Yes
Description of service interface The service interface has been designed and tested to be ultra user-friendly. Offering a range of intuitive options for end-users.
Accessibility standards None or don’t know
Description of accessibility Service is accessible for any user that can use a web browser. All features of the platform are available for users.
Accessibility testing None currently. We have this within our development road map.
What users can and can't do using the API The API has been designed to be as flexible to interface with host systems as possible. This is made available freely to any contracting authority to allow simple integration.
The API allows shifts to be published from the e-rostering tools and send back booked shift and staff details for real time updates.
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available No


Independence of resources The service is hosted on AWS with load balancing and redundancy built into the architecture. We continuously stress test the load to ensure no service interruption as we add more Trusts and users.


Service usage metrics Yes
Metrics types There is a full audit trail of usage statistic.
Altrix are able to provide a full reporting suite for end - users and can tailor our reporting packages to meet the requirements of our clients.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach All information is available to the account holder and any user within the system can export shift transaction details in Excel through the platform. Any further information can be made available on request.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XLSX

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Our SLA ensures that guaranteed up time for our system is 99.9%
Approach to resilience The Altrix platform is built and run in AWS and we leverage the AWS tools for fail over and redundancy to ensure continued service with 2 locations specified. As a default Altrix nominate the two locations acting as stand-by for each other.
Outage reporting Email alerts are sent in the unlikely event of an outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Each user has their own unique username and password required to access the service.
Access restriction testing frequency At least once a year
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date May 2017
CSA STAR certification level Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover None
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We adhear to the principles of ISO27001 and it is the intention of Altrix to achieve ISO27001 certification during the life-cycle of the G-Cloud 11 framework. Currently, our security governance is in line with these standards.
Information security policies and processes Altrix is a relatively small team with the 2 founding directors intimately involved in the day to day operations. Our Information Security policy which forms part of the staff handbook contains data classifications, and provide direction as well as details on how to protect confidential information at varying sensitivity levels.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We use three environments, one for Development, one for UAT and one for Production. Any changes to the Production environment must be validated through testing in the UAT environment first. Deployment of patches to the Production environment take a few seconds and are run out of normal working hours so the users are oblivious to any disruption.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We use the latest versions of the software and libraries available within AWS for the operation and development of the Altrix platform.

Please learn more about vulnerability management approach implemented by AWS
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach We use CloudWatch ( to monitor the application health. We receive real-time notifications for potential threats.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach We have an incident management policy in place that is included in the staff handbook. The aim of this policy is to ensure that Altrix acts appropriately to any actual or suspected security incidents relating to information systems and data. All users must understand and adopt use of this policy and are responsible for ensuring the safety and security of the Altrix systems and the information that they use or manipulate.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £3000 to £15000 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial The full-suite is available for trial - this is on a transactional basis rather than a subscription basis but can run for any agreed time period.
Link to free trial

Service documents

Return to top ↑