Altrix Technology Limited

Altrix Technology Platform

Altrix provides an online market place for fully compliant staff to engage directly with hospitals. This significantly reduces costs, time and effort in the sourcing of suitably compliant resources to increase patient care and ensure compliance with NHS Employers guidelines.


  • Online Workforce Scheduling
  • Risk Management
  • NHS Employers Compliance
  • Time Management
  • Real-time Reporting


  • Cost Management
  • Patient Safety
  • Improved Staffing Levels
  • Increased Compliance
  • Full visibility of Staffing Levels


£3000 to £15000 per licence per month

Service documents


G-Cloud 11

Service ID

2 9 7 2 8 4 7 9 7 5 2 7 4 4 7


Altrix Technology Limited

James Lock


Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
System requirements
Internet access via a web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within our policy we will always respond within 2 hours. This is provided 24 hours a day, 7 days a week.
User can manage status and priority of support tickets
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
The support provided by Altrix is available 24 hours a day, 7 days a week including all Bank holidays. There is no additional cost required.
Support available to third parties

Onboarding and offboarding

Getting started
Altrix has a dedicated account manager who will be available to provide training onsite at no extra cost. Online training videos are available as is user documentation. The account manager will be able to provide additional training sessions as and when required.
Altrix provides the resources to onboard the Trust onto the Altrix platform and will build the links with the e-rostering tools.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
End-of-contract data extraction
Users will request their information via the technology platform and deletion of all data in line with GDPR regulations.
End-of-contract process
Full suite of services are in one low fixed cost.

At the end of the service the Trust would be removed from the platform and no longer visible to users.

The are no additional costs at the end of the contract.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The service is mobile optimised and has identical features and functionality on mobile and the desktop service providing all features and benefits.
Service interface
Description of service interface
The service interface has been designed and tested to be ultra user-friendly. Offering a range of intuitive options for end-users.
Accessibility standards
None or don’t know
Description of accessibility
Service is accessible for any user that can use a web browser. All features of the platform are available for users.
Accessibility testing
None currently. We have this within our development road map.
What users can and can't do using the API
The API has been designed to be as flexible to interface with host systems as possible. This is made available freely to any contracting authority to allow simple integration.
The API allows shifts to be published from the e-rostering tools and send back booked shift and staff details for real time updates.
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
The service is hosted on AWS with load balancing and redundancy built into the architecture. We continuously stress test the load to ensure no service interruption as we add more Trusts and users.


Service usage metrics
Metrics types
There is a full audit trail of usage statistic.
Altrix are able to provide a full reporting suite for end - users and can tailor our reporting packages to meet the requirements of our clients.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All information is available to the account holder and any user within the system can export shift transaction details in Excel through the platform. Any further information can be made available on request.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLS
  • XLSX
Data import formats
  • CSV
  • Other
Other data import formats
  • XLS
  • XLSX

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our SLA ensures that guaranteed up time for our system is 99.9%
Approach to resilience
The Altrix platform is built and run in AWS and we leverage the AWS tools for fail over and redundancy to ensure continued service with 2 locations specified. As a default Altrix nominate the two locations acting as stand-by for each other.
Outage reporting
Email alerts are sent in the unlikely event of an outage.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Each user has their own unique username and password required to access the service.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
May 2017
CSA STAR certification level
Level 5: CSA STAR Continuous Monitoring
What the CSA STAR doesn’t cover
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
We adhear to the principles of ISO27001 and it is the intention of Altrix to achieve ISO27001 certification during the life-cycle of the G-Cloud 11 framework. Currently, our security governance is in line with these standards.
Information security policies and processes
Altrix is a relatively small team with the 2 founding directors intimately involved in the day to day operations. Our Information Security policy which forms part of the staff handbook contains data classifications, and provide direction as well as details on how to protect confidential information at varying sensitivity levels.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We use three environments, one for Development, one for UAT and one for Production. Any changes to the Production environment must be validated through testing in the UAT environment first. Deployment of patches to the Production environment take a few seconds and are run out of normal working hours so the users are oblivious to any disruption.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We use the latest versions of the software and libraries available within AWS for the operation and development of the Altrix platform.

Please learn more about vulnerability management approach implemented by AWS
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We use CloudWatch ( to monitor the application health. We receive real-time notifications for potential threats.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We have an incident management policy in place that is included in the staff handbook. The aim of this policy is to ensure that Altrix acts appropriately to any actual or suspected security incidents relating to information systems and data. All users must understand and adopt use of this policy and are responsible for ensuring the safety and security of the Altrix systems and the information that they use or manipulate.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£3000 to £15000 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
The full-suite is available for trial - this is on a transactional basis rather than a subscription basis but can run for any agreed time period.
Link to free trial

Service documents

Return to top ↑