Draper and Dash Ltd
Healthcare Analytics
Draper & Dash is a VC backed healthcare AI +Machine learning predictive data +analytics company. We leverage data from public sectors +private healthcare companies, providing organisations with solutions that improve quality, safety, outcomes, +efficiencies. We have worked with 70 providers helping them drive cost improvements, form strategic partnerships, +improve outcomes.
Features
- Integrates data from multiple sources
- Automatic data processing to improve quality
- Real time data
- Strong visualisation to support engagement
- Specialised dashboards for focused KPIs
- Powerful drill down filters for in-depth insights
- Multiple view and export options
- Flexible automatic reporting
- Various Section Access options
- Available on Mobile and Desktop
Benefits
- Fast Time to Value
- Solutions tailored to organisations specific requirements
- Instant healthcare specific insight
- Cost reduction for the delivery of analytics and reports
- Visualisation and section access support high user engagement
- Real time data supports daily meetings
- Mobile access reduces user barriers
Pricing
£20000 to £40000 per instance per year
- Free trial available
Service documents
Framework
G-Cloud 11
Service ID
3 0 0 7 5 5 2 4 4 3 1 4 0 1 9
Contact
Service scope
| Software add-on or extension | No |
| Cloud deployment model | Hybrid cloud |
| Service constraints | No |
| System requirements |
|
User support
| Email or online ticketing support | Email or online ticketing |
| Support response times | For high priority tickets, with a small change, the response time is 2hrs. For high priority tickets, with a functionality change, the response time can be upto 2 days. For low priority tickets, with a small change, the response time is 1 day. Urgent queries are responded to on the weekends, but all other queries are responded to during the working week (Mon - Fri), however, the ticketing systems logs in the requests on weekends and notifies the Implementation team to deploy during working hours. |
| User can manage status and priority of support tickets | No |
| Phone support | Yes |
| Phone support availability | 24 hours, 7 days a week |
| Web chat support | Web chat |
| Web chat support availability | 9 to 5 (UK time), Monday to Friday |
| Web chat support accessibility standard | None or don’t know |
| How the web chat support is accessible | Users are able to request a webs chat with any member of the operations and technical team using our live go to meeting chat, Skype Business, or basecamp facility. This is supported throughout as we operate in three timezones and can support users in the UK, US and Australia. Users simply request an open webs chat facility and a member of the team will activate the session. |
| Web chat accessibility testing | Users are able to request a webs chat with any member of the operations and technical team using our live go to meeting chat, Go-To Meeting, or Basecamp facility. This is supported throughout as we operate in three timezones and can support users in the UK, US and Australia. Users simply request an open webs chat facility and a member of the team will activate the session. |
| Onsite support | Onsite support |
| Support levels | Support levels Manage Healthcare Analytics Service: All D&D solutions are delivered on a software as a service / managed service model. This means that from the point of a data discovery and throughout the lifetime of the product, D&D focuses on providing ongoing support, software upgrades, bug fixes and amplification support for all of its solutions. The service support will also cover any changes to the module requested by the clients, migrations, additional training and maintenance, helping to improve visibility, access, performance and safety through the use of information and reporting We are aware that all clients vary in requirement, and for this reason, at the point of implementation we allow our customers, with our support, to customise the solutions to meet their clinical and operational needs. The software support is costed in our main pricing for the software. We provide a cloud engineer and technical account manager for all projects |
| Support available to third parties | Yes |
Onboarding and offboarding
| Getting started | All solutions are delivered with user guides and onsite engagement and training for users along with a short video of how to use the product. |
| Service documentation | Yes |
| Documentation formats | |
| End-of-contract data extraction | At the end of the contract the users will be able to request a complete data extract and account closure which will be supported centrally. |
| End-of-contract process |
All standard D&D Healthcare solutions are priced with the necessary on-going support needed to ensure that they receive value from our solutions. Support and maintenance include an annual update as well as bug fixes and amplification support. Mandatory industry changes to KPIs will also be applied to all solutions under support and maintenance. Additional costs are only incurred when the client requests the development of a completely new feature, tab or dashboard. The fees are normally paid on an annual basis on the anniversary of the contract but can be paid in some special cases as a CAPEX upfront for the duration of the contract. At the end of the 36 month contracted period the client will have the ability to terminate the agreement, continue the current support arrangements but on an annual basis or negotiate new equitable terms |
Using the service
| Web browser interface | Yes |
| Supported browsers |
|
| Application to install | Yes |
| Compatible operating systems | Windows |
| Designed for use on mobile devices | Yes |
| Differences between the mobile and desktop service | Both our mobile and desktop solutions can be accessed from the described web browsers. However our mobile solutions are optimised to ensure more seamless user experiences across an enterprise. Tile is as a mobile analytics solution which is targeted at business, with a primary focus on businesses which already have some level of enterprise analytics solution within their organisation. Tile is designed and built to deliver the richest experience to data for mobile users. Tile Delivers: Native Modules Instantaneous Performance 100% Offline Functionality for Mobile and PC Beautiful, Integrated Visualizations |
| Service interface | Yes |
| Description of service interface | The service interface is a Graphical User Interface (GUI). The interface is populated with buttons, charts, a menu bar, icons etc, that the user can manipulate to display the information they require, and use to navigate their journey through the module. |
| Accessibility standards | None or don’t know |
| Description of accessibility | Users can scroll through a menu bar, and click on different options that lead the user to different pages that display charts, dashboards and tables of data at different levels of granularity. Users can make a selection on a chart to hone in a particular cohort, and drill down into a specific patient, date, ward, consultant or hospital. |
| Accessibility testing | Testing involves navigating a full end user process, beginning from the first page of the module to the final page of the module. Testing involves checking the screens with the controls like menus, buttons, and icons, making data selections to ensure the correct information is fed back, and clearing the selection to ensure the page refreshes. |
| API | No |
| Customisation available | Yes |
| Description of customisation | Bespoke Development: In addition to our tried and tested turn-key solutions, D&D’s Mode templates are designed to ensure that our partners and clients are able to build out custom solutions with the help of our award winning development and implementation team. D&D is committed to the creation of bespoke modules tailored to fit with the clients requirements. Furthermore, the data layer, user interface and colours can be changed. The user can either do this as a local instance or can do this with support from D&D. The system admin or developer from the client can customise not the end users. |
Scaling
| Independence of resources | We only take on new clients when we can allocated dedicated resourced to each client. This is managed on a weekly basis to asses the infrastructure and resources needed to maintain the best quality solutions for clients. |
Analytics
| Service usage metrics | Yes |
| Metrics types | The reports provide clients with evidence of the user uptake of the organisation’s D&D analytics modules. The summary report outlines month on month growth of analytics usage and highlights the modules most used within the organisation. By users, times of day, frequency and content |
| Reporting types |
|
Resellers
| Supplier type | Not a reseller |
Staff security
| Staff security clearance | Other security clearance |
| Government security clearance | Up to Developed Vetting (DV) |
Asset protection
| Knowledge of data storage and processing locations | Yes |
| Data storage and processing locations | United Kingdom |
| User control over data storage and processing locations | Yes |
| Datacentre security standards | Managed by a third party |
| Penetration testing frequency | At least every 6 months |
| Penetration testing approach | ‘IT Health Check’ performed by a CHECK service provider |
| Protecting data at rest | Encryption of all physical media |
| Data sanitisation process | Yes |
| Data sanitisation type | Deleted data can’t be directly accessed |
| Equipment disposal approach | A third-party destruction service |
Data importing and exporting
| Data export approach | Users can export all data using excel, CSV or can request a full data export from D&D. |
| Data export formats |
|
| Other data export formats |
|
| Data import formats |
|
| Other data import formats |
|
Data-in-transit protection
| Data protection between buyer and supplier networks | IPsec or TLS VPN gateway |
| Data protection within supplier network | IPsec or TLS VPN gateway |
Availability and resilience
| Guaranteed availability |
Each call logged will be assigned a priority that has been agreed with the organisation and falls in line with the priority levels as detailed below: • SLA 1 – Major incident < 1-4 hour target • SLA 2 – Intermediate < 8 hour target • SLA 3 – Request < 3 working day target 1 . The highest priority level. This classification indicates a major incident, loss of service, or serious impairment of service, which cannot be immediately circumvented. 4 working hours to resolve the issue or provide a workaround solution 2 This classification indicates an issue that is not a major service affecting fault, and generally constitutes a failure of a component of the service, which does not have a significant impact on the service as a whole. 8 working hours to resolve the issue or provide a workaround solution 3 This classification indicates an issue that is not service affecting. There is no impairment to the service for any Customers. Examples are: • Request for support • Request for Information • Request for report • Service information request 3 working days to provide information, advice or support |
| Approach to resilience | This can be made available on request |
| Outage reporting | All Outages will be reported via an API, email alerts and calls |
Identity and authentication
| User authentication needed | Yes |
| User authentication |
|
| Access restrictions in management interfaces and support channels |
Access restrictions in management interfaces and support channels D&D’s Section Access comes in many flavours. A simple username and password might be sufficient for some documents where in other scenarios you want a specific user to sit inside your domain and be logged in as a specific user to a specific machine and use a certain serial number. Section Access can do this too. here are two good reasons to implement section access into your documents. • To help protect your data from unauthorized access. • To limit what data authorized users can see and what they can do. |
| Access restriction testing frequency | At least every 6 months |
| Management access authentication |
|
Audit information for users
| Access to user activity audit information | Users have access to real-time audit information |
| How long user audit data is stored for | At least 12 months |
| Access to supplier activity audit information | Users have access to real-time audit information |
| How long supplier audit data is stored for | At least 12 months |
| How long system logs are stored for | At least 12 months |
Standards and certifications
| ISO/IEC 27001 certification | Yes |
| Who accredited the ISO/IEC 27001 | ISO Quality Services Limited |
| ISO/IEC 27001 accreditation date | 24th October 2018 |
| What the ISO/IEC 27001 doesn’t cover | N/A |
| ISO 28000:2007 certification | No |
| CSA STAR certification | No |
| PCI certification | No |
| Other security certifications | No |
Security governance
| Named board-level person responsible for service security | Yes |
| Security governance certified | Yes |
| Security governance standards | ISO/IEC 27001 |
| Information security policies and processes |
D&D follows the ISO 27001:2013 Information Security Management Standard structure, and as such has clear standard operating procedures in place. Policies includeL • Overall Information Security Policy • Information Governance Policy. • Confidentiality code of conduct • Network Security Policy In line with the standard we also have clear communication and induction processes in place, which ensure that our top management lead from the top down throughout the organisation in communicating and ensuring awareness of following policies and procedures. |
Operational security
| Configuration and change management standard | Supplier-defined controls |
| Configuration and change management approach | D&D operates with a dedicated change control board in place. The team are committed to ensuring the project quality and security of the client’s data is maintained throughout the lifetime of their use of D&D’s services. The board evaluates each feature of the project per client. When presented with changes or requests for changes, D&D’s change control board then issues directives on how change will be implemented while simultaneously considering any potential impact upon security. The changes made are then tracked and coordinated by the board. |
| Vulnerability management type | Undisclosed |
| Vulnerability management approach | D&D's Vulnerability Management Process: Step-by-Step Our vulnerability management process consists of five phases: Preparation Vulnerability scan Define remediating actions Implement remediating actions Rescan We access threats by the potential level of impact of a seamless service to clients and their organisation. We aim to deploy patches within the same day or based of the threat within a 3 days. Our information on potential treats comes from both our scanning process and also alerts without our software. |
| Protective monitoring type | Undisclosed |
| Protective monitoring approach | Protective monitoring approach. Collect Security Data from collectors deployed D&D analytics on the Customer environment. The details of deployment are provided within the Deployment Plan; Transfer collected Security Data in near real time 24/7/365 according to the SLAs from the Customer monitoring environment to D&D. Generate Security Alerts by processing Security Data using detection rulesets and compliance Deploy new/modified Rulesets that have been confirmed by D&D analytics to accurately identify cyber threats Process and analyse the Security Alerts generated by the process throughout the agreed Service Hours; Raise a Security Incident once a threat has been identified by a technician |
| Incident management type | Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402 |
| Incident management approach | Incident management approach D&D has a robust and pre-defined incident management process. All common events can be reported through base camp, emails and call to the service desk. An incident report is provide via basecamp to the client along with a logged service desk number and an email. |
Secure development
| Approach to secure software development best practice | Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0) |
Public sector networks
| Connection to public sector networks | No |
Pricing
| Price | £20000 to £40000 per instance per year |
| Discount for educational organisations | No |
| Free trial available | Yes |
| Description of free trial | A local version of he app with all features for 90 days |