For integration in the UK Health economy providing interoperability for the NHS and Social Care sectors, to provide information, data and messaging between disparate applications the platform is ITK certified.
- Based on a unique, queue-based peer-to-peer architecture
- Deployed across cloud-to-cloud or hybrid environments.
- Built on modern web standards including REST and JSON containers
- integration flows to be deployed as message-pipelines
- ITK v2 accreditation for integrating NHS systems.
- HL7v2, HL7v3 HL FHIR EDIFACT, XML, flat file messaging
- Utilizing graphical, executable, orchestration tools
- Simple routing and system adapter configuration
- Document transmission
- Message tracking with non-repudiation
- Tools enable describe transformations, mappings content based routing.
- Peer-to-peer architecture with linear scalability and parallel processing
- Drag - Drop & Integration to rapidly compose enterprise-scale flows
- Studio allows you to centrally monitor the flow of data
- The Integration platform has achieved 40-80% productivity gains
- Software re-use is the primary benefit of Microservices
- Easy service orchestration and choreography allows rapid deployment
- Modification in near-real time, of process is easily facilitated
- integrates heterogeneous applications, databases, cloud and other systems
- B2B enables the secure exchange of business documents
£35000 per licence per year
- Education pricing available
- Free trial available
2 9 8 6 3 6 6 3 3 8 6 2 8 5 4
|Software add-on or extension||Yes, but can also be used as a standalone service|
|What software services is the service an extension to||The software is an integration platform that provides the interoperability for the Case Management System. It can be a standalone platform for integration of any application or service, which is NHS Digital ITK certified|
|Cloud deployment model||
|Service constraints||Connect4Care has in place management protocols for maintenance of its application platform, downtime is always planned and carried out at the most convenient times for our clients normally between 3 am and 4 am on a Sunday. There is no unplanned downtime necessary for the application as the application of patches are restricted to scheduled maintenance windows.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||The response times are set out in an SLA, the service delivery is 24/7 and that covers weekends and bank holidays|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||Web chat|
|Web chat support availability||24 hours, 7 days a week|
|Web chat support accessibility standard||WCAG 2.1 AA or EN 301 549|
|Web chat accessibility testing||We are currently providing web chat testing for the Refero connectivity to NHS St Helens|
|Onsite support||Yes, at extra cost|
Connect4Care provides a range of support services that all operate to ITIL guidelines.
Support Levels are
24x7 Total Service support which includes a helpdesk, advice, and guidance, breaks fix and maintenance.
9 to 5 or 8 to 6 support including the above services.
All service carry a separate price tag. the pricing is simply geared to the potential and actual usage of the service. the potential is geared to the possible number of users.
Connect4Care provides both an operational and technical account manager with named individules assighned to each client.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Connect4Care provide a wide range of training services. These include the provision of tailored on-site training, online training, all coupled with extensive and detailed product documentation. The service also provides online video demos and tutorials. The service also provides a comprehensive technical support portal with discussion forums|
|End-of-contract data extraction||
This element of the Connect4Care service is purely related to system integration and data flows. By its nature user data is only held on a transitory basis so at any point the integration element can be empty of data.
Data mapping and flows can be retained by the client.
|End-of-contract process||From a Connect4Care perspective if a client is only using the Interoperability/ Integration engine aspect of the service then when the contract ends the integration service ceases. There are no additional costs|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||No|
|Description of service interface||
The ESB platform is capable of any form of interface. Each microservice has an interface that defines the acceptable formats of each input and output. Most microservices typically require runtime parameters and other variables to be configured before they are run/executed. Configurations allow customisation of microservices for the specific business scenario/situation being solved by the Event Process. Microservices can be broadly categorised into two, based on the manner in which a microservice is invoked for processing:
Synchronous (BC component—JCA compliant)
Asynchronous (EDBC component—pure JMS)
|Accessibility standards||WCAG 2.1 AA or EN 301 549|
The Platform provides a very simple way to test the component this is to create a flow with the component and run the flow to check if desired results are obtained. At times, the result may not be the desired one, not due to a fault in the component logic but for external reasons. Therefore, the platform provides a more isolated way to test synchronous component logic. For Web service, the platform provides a Services tab which shows the details of the event processes deployed as Web Services. The User can view the status of the web service either online or offline and can enable or disable this option. The User can also test RESTful deployed from the dashboard.
The details shown for the Event Process deployed as web services are:
Context Name - Name of the context for the web service deployed
End Point URL - Effective End Point URL is http://<peerserverip>:<httpport>/<rootContext>/ContextName
Status - Indicates if the web service is online or offline
Show WSDL - Gives the link to show WSDL
Stub Name - Name of the Stub for the deployed Event Process as web service
|What users can and can't do using the API||
The Platform is an integration engine that enables users to set-up any known API. The Platforms API Management resolves the crucial problem of making data available on the web to a large number of people. It provides a user-friendly interface that smartly handles various services, hiding the underlying technical aspects and complexities, thereby creating communication which takes place seamlessly with internal as well as external Web Services.
REST/SOAP services may be used as a set of target endpoints for better security and visibility. Depending on the endpoint, the service might then return data, formatted asHL7, XML or JSON, back to the application. API Management manages all these functions smoothly, no matter what type of data is being sent/received, without direct intervention with the actual functions.
API Management can create customised "API Projects" which encapsulate the various policies/features that have to be applied to existing services.
API Management implements features such as security, metering, monitoring, management, and developer support. The Fiorano API Management platform architecture scales linearly, allowing the infrastructure to grow on an as-needed basis.
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||
The eStudio has been developed to create applications, flows, event processes, and so on. Application integration is possible by choreographing Microservices into asynchronous flows via the eStudio and its associated tools. Event Processes are composite applications created as event-driven assemblies of microservices (also known as Business Components) linked to each other by Data Routes. The composition of Event Processes is based on component-based programming model. The Event processes are designed by the drag-drop-connect function of microservices. The components are customised by configuration rather than by custom code. The routes between components are drawn by visually connecting the component ports. Every component instance in the flow can be configured so that it can be deployed on different ESB network nodes.
Users can simply create change and alter the flow parameters via the e-Studio module which is a part of the services provided.
Using the e-Studio for development is straight forward for a competent developer following training, for example, the team at NHS Wales national integration need only 10-day training before embarking on the national applications integration programme .
|Independence of resources||
The integration aspect of the service is delivered via ESB's which are the management components. The platform is made up of ESB's and Microservice peers. Messaging passes through the peers which can be isolated, this allows dedicating peers to specific clients thereby insulating client data. Peer Servers acts as a container for launching Business components at the network endpoints of a platform's network and manages the life cycle of its components.
Acts as a runtime container for the components.
Routes data between components in a Peer to Peer fashion over JMS.
Routes Business component related information to the FES server.
|Service usage metrics||Yes|
The support portal is a dedicated portal for logging incidents and queries about the products and their usage. Customers can track their requests/queries through a Support Tracking ID provided upon logging a support request. It acts as a committed communication bridge between customers and support engineers. It also gives access to the knowledge base.
All contracts are SLA based and reporting is on agreed basis client by client .
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Fiorano Software Ltd|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Baseline Personnel Security Standard (BPSS)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||The component used will be dependent on users dater type in this example we will consider the data type to be HL7, but it can be anything we are able to convert data and message types to the receiving format. Example, if the data is sent as a RUBY message the ESB's microservice will transform it be delivered via an HL7 component. The HL7 Sender component is used to send the HL7 data on to a port specified on a particular IP address in a specified format. The component receives the response generated and sends it to the output port.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||PEM Encoding|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Connect4Care operates an ITIL based best practice support services for clients backed by agreed SLA's. The Connect4Care integration software platform is available on a 24/7 basis this is important as the access to policies and procedures for Health and Social Care staff is a 365-day activity. The Connect4Care support functions mirror are availability profile and this operates in conjunction the agreed SLA, this covers both access and to experienced technical support team.
The Service Level Agreement sets out the scope of the Services to be provided by Connect4Care to the Client under the Agreement(s).
The tables within the SLA set out:
i) the extent to which a service element is in the scope of the Services;
ii) the Client and Connect4Care's responsibilities;
iii) the volumes of individual service elements that are to be provided;
iv) the targeted performance level for the delivery of the Services within the stated volumes;
v) the Connect4Care teams that shall deliver each service element.
|Approach to resilience||
Our provides Data Centre is audited annually and has been granted the latest ISO 27001 certification by DNV GL in September 2017 (Certificate No. 245825-2017-AIS-GBR-UKAS) resulting with data being securely managed and maintained. The information security management system has been audited and verified to ensure that controls are in place to protect information assets and provide the highest levels of security. The n+1 resilience of the facility provides the highest levels of uptime and ensures continuity of application availability.
Resilience is designed into the service with separated datacenters with multiple network providers with automatic BGP supporting failover.
DC's are provided with multiple utility power feeds to ensure no single point of failure. All sites have onsite 500KVA power back-up generators which are configured to be on standby at all times and will automatically start in the event of a power failure.
Connect4Care service team regularly monitor agreed to thresholds of system utilisation using tools fit for the purpose. Connecr4Care will take appropriate action or make recommendations to relieve the degradation of performance beyond the agreed thresholds. Cash client has its own dashboard which provides all relevant information on performance and availability of the service, this is intern backed up by both the Connect4Care and Data Centre support desk who are continuously monitoring all clients services.
If an outage were to occur the Support Desk Team would communicate directly with the client and this would be backed up by the designated Client Manager and all parties would also be e-mailed as to the situation.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
Connect4Care's procedure is to ensure that clients receive and processes Subject Access Requests in accordance with the General Data Protection Regulations and Data Protection Act 2018.
The procedure outlines the steps to be followed, the records to be kept and the rules which must be applied
Ensures the processing of “sensitive personal data” is fair and lawful. The best practice is to obtain explicit consent from any Data Subject whose sensitive personal data is being processed. The definition of explicit consent is not clear, but probably means express, specific, obtained on a case by case basis (and preferably in writing).
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
Connect4Care's data centre provider has an ISO 27001:2013 certification which is backed by a Data Centre Alliance Class 3 certification. The provider's sites have on-site 24/7 security controlled access. Multi-layered physical entry restrictions to the data centre.
The Board of Directors (“the Board”) is ultimately accountable for corporate governance as a whole. The management and control of information security risks is an integral part of corporate governance. In practice, however, the Board explicitly delegates executive responsibilities for most governance matters to the Operational Directors, led by the Chief Executive Officer (CEO).
The Operational Directors give overall strategic direction by approving and mandating the information security principles and policy's but delegate operational responsibilities for physical and information security to the Security Committee (SC) chaired by the Chief Technology Officer (CTO).
The Executive Directors depend heavily on the SC to coordinate activities throughout Connect4Care, ensuring that suitable policies are in place to support Connect4Care's security principles and policies. The Executive Directors also rely on feedback from the SC, CTO, Information Security Manager, auditors, Enterprise Risk Management, Compliance, Legal and other functions to ensure that the principles, and policies are being complied with in practice.
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
The Configuration Management Policy applies to all components that make up the Service and includes but is not limited to:
Business Functions of the Service (i.e. what the Service does)
Live Application Software
Hardware (physical and virtual)
Hosting environment (e.g. Data centres where physical hardware resides)
Documentation and procedures relevant to the operations, support and maintenance of the Service
User access device if the configuration is essential to the Service
User skills and training if essential to the Service
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||All technical vulnerabilities are carefully assessed and evaluated during the risk assessment process. The effectiveness of existing controls are evaluated and strengthened or if necessary new controls implemented, as necessary. Vulnerability assessments are carried out on a quarterly basis or if a vulnerability is detected, and all critical and high risks are addressed within the stipulated time frame. Penetration Tests are conducted using external agencies to detect any possible vulnerabilities. Reports produced relating to vulnerabilities assessments are acted on within a framework which grades the vulnerability and the actions required.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||All systems and services employed by Connect4Care in their delivery are continuously monitored. All Technologies and tools deployed for monitoring and intrusion attempts are approved by Connect4Cares security officer. Access to the monitoring systems and logs generated by the monitoring systems are secure and available only to the personnel responsible for monitoring security. Any suspicious activities, for example, abnormal connections, network probing, or large data flows are investigated immediately and acted on.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Connect4Care has an Incident management policy based on ITIL principles. The objective of the Incident Management Process an appropriate priority level will be set for each Incident. All Incidents will be prioritised. Priority will be set as a product of Impact and Urgency assessment of the Incident. The Service Desk will agree on the Impact and Urgency ratings with the user. All Incidents will be managed in accordance with the Incident Management Process. Priority 1 and 2 Incident will be defined as Major Incidents. all reporting to Clients will be managed via the Connect4Care service desk.|
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£35000 per licence per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||We offer a full evaluation integration platform there is normally a 30-day license issued but this can be extended with a consultation. This comes with full online documentation of however training would be chargeable.|