Draper and Dash Ltd

Healthcare Analytics

Draper & Dash is a VC backed healthcare AI +Machine learning predictive data +analytics company. We leverage data from public sectors +private healthcare companies, providing organisations with solutions that improve quality, safety, outcomes, +efficiencies. We have worked with 70 providers helping them drive cost improvements, form strategic partnerships, +improve outcomes.


  • Integrates data from multiple sources
  • Automatic data processing to improve quality
  • Real time data
  • Strong visualisation to support engagement
  • Specialised dashboards for focused KPIs
  • Powerful drill down filters for in-depth insights
  • Multiple view and export options
  • Flexible automatic reporting
  • Various Section Access options
  • Available on Mobile and Desktop


  • Fast Time to Value
  • Solutions tailored to organisations specific requirements
  • Instant healthcare specific insight
  • Cost reduction for the delivery of analytics and reports
  • Visualisation and section access support high user engagement
  • Real time data supports daily meetings
  • Mobile access reduces user barriers


£20000 to £40000 per instance per year

  • Free trial available

Service documents


G-Cloud 11

Service ID

3 0 0 7 5 5 2 4 4 3 1 4 0 1 9


Draper and Dash Ltd

Operations Team

0845 0941 962


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Hybrid cloud
Service constraints No
System requirements
  • Any 64-Bit Microsoft Windows operating system/server
  • Minimum Intel Core 2 Duo processor
  • Minimum 2 GB memory required
  • Minimum 300MB disk space required
  • Microsoft Active desktop
  • SQL Environment
  • VPN Access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times For high priority tickets, with a small change, the response time is 2hrs. For high priority tickets, with a functionality change, the response time can be upto 2 days. For low priority tickets, with a small change, the response time is 1 day. Urgent queries are responded to on the weekends, but all other queries are responded to during the working week (Mon - Fri), however, the ticketing systems logs in the requests on weekends and notifies the Implementation team to deploy during working hours.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Users are able to request a webs chat with any member of the operations and technical team using our live go to meeting chat, Skype Business, or basecamp facility. This is supported throughout as we operate in three timezones and can support users in the UK, US and Australia. Users simply request an open webs chat facility and a member of the team will activate the session.
Web chat accessibility testing Users are able to request a webs chat with any member of the operations and technical team using our live go to meeting chat, Go-To Meeting, or Basecamp facility. This is supported throughout as we operate in three timezones and can support users in the UK, US and Australia. Users simply request an open webs chat facility and a member of the team will activate the session.
Onsite support Onsite support
Support levels Support levels Manage Healthcare Analytics Service: All D&D solutions are delivered on a software as a service / managed service model. This means that from the point of a data discovery and throughout the lifetime of the product, D&D focuses on providing ongoing support, software upgrades, bug fixes and amplification support for all of its solutions. The service support will also cover any changes to the module requested by the clients, migrations, additional training and maintenance, helping to improve visibility, access, performance and safety through the use of information and reporting We are aware that all clients vary in requirement, and for this reason, at the point of implementation we allow our customers, with our support, to customise the solutions to meet their clinical and operational needs. The software support is costed in our main pricing for the software. We provide a cloud engineer and technical account manager for all projects
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All solutions are delivered with user guides and onsite engagement and training for users along with a short video of how to use the product.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction At the end of the contract the users will be able to request a complete data extract and account closure which will be supported centrally.
End-of-contract process All standard D&D Healthcare solutions are priced with the necessary on-going support needed to ensure that they receive value from our solutions. Support and maintenance include an annual update as well as bug fixes and amplification support. Mandatory industry changes to KPIs will also be applied to all solutions under support and maintenance. Additional costs are only incurred when the client requests the development of a completely new feature, tab or dashboard.
The fees are normally paid on an annual basis on the anniversary of the contract but can be paid in some special cases as a CAPEX upfront for the duration of the contract. At the end of the 36 month contracted period the client will have the ability to terminate the agreement, continue the current support arrangements but on an annual basis or negotiate new equitable terms

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Both our mobile and desktop solutions can be accessed from the described web browsers. However our mobile solutions are optimised to ensure more seamless user experiences across an enterprise. Tile is as a mobile analytics solution which is targeted at business, with a primary focus on businesses which already have some level of enterprise analytics solution within their organisation. Tile is designed and built to deliver the richest experience to data for mobile users. Tile Delivers: Native Modules Instantaneous Performance 100% Offline Functionality for Mobile and PC Beautiful, Integrated Visualizations
Service interface Yes
Description of service interface The service interface is a Graphical User Interface (GUI). The interface is populated with buttons, charts, a menu bar, icons etc, that the user can manipulate to display the information they require, and use to navigate their journey through the module.
Accessibility standards None or don’t know
Description of accessibility Users can scroll through a menu bar, and click on different options that lead the user to different pages that display charts, dashboards and tables of data at different levels of granularity. Users can make a selection on a chart to hone in a particular cohort, and drill down into a specific patient, date, ward, consultant or hospital.
Accessibility testing Testing involves navigating a full end user process, beginning from the first page of the module to the final page of the module. Testing involves checking the screens with the controls like menus, buttons, and icons, making data selections to ensure the correct information is fed back, and clearing the selection to ensure the page refreshes.
Customisation available Yes
Description of customisation Bespoke Development: In addition to our tried and tested turn-key solutions, D&D’s Mode templates are designed to ensure that our partners and clients are able to build out custom solutions with the help of our award winning development and implementation team. D&D is committed to the creation of bespoke modules tailored to fit with the clients requirements. Furthermore, the data layer, user interface and colours can be changed. The user can either do this as a local instance or can do this with support from D&D. The system admin or developer from the client can customise not the end users.


Independence of resources We only take on new clients when we can allocated dedicated resourced to each client. This is managed on a weekly basis to asses the infrastructure and resources needed to maintain the best quality solutions for clients.


Service usage metrics Yes
Metrics types The reports provide clients with evidence of the user uptake of the organisation’s D&D analytics modules. The summary report outlines month on month growth of analytics usage and highlights the modules most used within the organisation. By users, times of day, frequency and content
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export all data using excel, CSV or can request a full data export from D&D.
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • SQL
  • Excel
  • Flat file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Each call logged will be assigned a priority that has been agreed with the organisation and falls in line with the priority levels as detailed below:
• SLA 1 – Major incident < 1-4 hour target
• SLA 2 – Intermediate < 8 hour target
• SLA 3 – Request < 3 working day target 1 .

The highest priority level. This classification indicates a major incident, loss of service, or serious impairment of service, which cannot be immediately circumvented. 4 working hours to resolve the issue or provide a workaround solution 2 This classification indicates an issue that is not a major service affecting fault, and generally constitutes a failure of a component of the service, which does not have a significant impact on the service as a whole. 8 working hours to resolve the issue or provide a workaround solution 3 This classification indicates an issue that is not service affecting. There is no impairment to the service for any Customers. Examples are:
• Request for support
• Request for Information
• Request for report
• Service information request 3 working days to provide information, advice or support
Approach to resilience This can be made available on request
Outage reporting All Outages will be reported via an API, email alerts and calls

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access restrictions in management interfaces and support channels D&D’s Section Access comes in many flavours. A simple username and password might be sufficient for some documents where in other scenarios you want a specific user to sit inside your domain and be logged in as a specific user to a specific machine and use a certain serial number. Section Access can do this too. here are two good reasons to implement section access into your documents.
• To help protect your data from unauthorized access.
• To limit what data authorized users can see and what they can do.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 ISO Quality Services Limited
ISO/IEC 27001 accreditation date 24th October 2018
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes D&D follows the ISO 27001:2013 Information Security Management Standard structure, and as such has clear standard operating procedures in place. Policies includeL
• Overall Information Security Policy
• Information Governance Policy.
• Confidentiality code of conduct
• Network Security Policy

In line with the standard we also have clear communication and induction processes in place, which ensure that our top management lead from the top down throughout the organisation in communicating and ensuring awareness of following policies and procedures.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach D&D operates with a dedicated change control board in place. The team are committed to ensuring the project quality and security of the client’s data is maintained throughout the lifetime of their use of D&D’s services. The board evaluates each feature of the project per client. When presented with changes or requests for changes, D&D’s change control board then issues directives on how change will be implemented while simultaneously considering any potential impact upon security. The changes made are then tracked and coordinated by the board.
Vulnerability management type Undisclosed
Vulnerability management approach D&D's Vulnerability Management Process: Step-by-Step Our vulnerability management process consists of five phases:  Preparation  Vulnerability scan  Define remediating actions  Implement remediating actions  Rescan We access threats by the potential level of impact of a seamless service to clients and their organisation. We aim to deploy patches within the same day or based of the threat within a 3 days. Our information on potential treats comes from both our scanning process and also alerts without our software.
Protective monitoring type Undisclosed
Protective monitoring approach Protective monitoring approach. Collect Security Data from collectors deployed D&D analytics on the Customer environment. The details of deployment are provided within the Deployment Plan; Transfer collected Security Data in near real time 24/7/365 according to the SLAs from the Customer monitoring environment to D&D. Generate Security Alerts by processing Security Data using detection rulesets and compliance Deploy new/modified Rulesets that have been confirmed by D&D analytics to accurately identify cyber threats Process and analyse the Security Alerts generated by the process throughout the agreed Service Hours; Raise a Security Incident once a threat has been identified by a technician
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Incident management approach D&D has a robust and pre-defined incident management process. All common events can be reported through base camp, emails and call to the service desk. An incident report is provide via basecamp to the client along with a logged service desk number and an email.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £20000 to £40000 per instance per year
Discount for educational organisations No
Free trial available Yes
Description of free trial A local version of he app with all features for 90 days

Service documents

Return to top ↑