Microlink PC (UK) Ltd

Workplace Adjustments Digital Workflow System

Empowers supervisors/carers to maintain health care excellence and interaction via case management for those with disabilities and other medical conditions in workplace environments.
The Azure Cloud solution platform Facilitates monitoring progress, impact on absence, performance and other metrics. Generates tailored outputs of requirements for carers, suppliers and other parties.

Features

• Wellbeing and disability management workplace
• Carer/supervisor case management with configurable workflow, documentation and reporting
• User-Centric work flow system, Step by step task guidance
• Comprehensive real time insights and dashboards
• Organisation manager stores org structure and interfaces with core system
• Supports medical referrals and interaction with EMIS/Babylon
• Reporting and requesting of care requirements & types
• Tracking of all communications, related to cases and absences
• Notifications via email and SMS to managers and others
• Sends output to related procurement/supply/HR systems

Benefits

• Improves engagement for those with disabilities and supervisor/carers
• Provides a platform to facilitate improve employee health and wellbeing
• Manages workflow for specific workplace/education health & wellbeing case types
• Interacts with other case management and HR systems
• Detailed output on employee health and absence data
• Enables Occupational Health (OH) governance and compliance
• Builds a structured path for improvement and engagement
• Manages related suppliers/supply chains
• Facilitates ratings & QA for providers of workplace adjustment services
• Securely integrated with Microsoft office 365 and sharepoint

£10 to £25 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

355156666058128

Contact

Stavroula Papageorgaki
02380240300
sam@microlinkpc.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Office 365 and other services
• Cloud deployment model: Public cloud
• Service constraints: No service constraints - the platform configures extensively and has multiple integration options
• System requirements: Late-release internet browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9-5 Monday to Friday - 2 hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Microlink works with each of our individual clients to agree upon an appropriate support structure for the service in scope of that contract. Support services are aligned to meet unique needs and preferences as Microlink recognises that each client will be different.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Implementation is project-driven, starting with requirements gathering via web session or in-person, and them managed via project team between Microlink and the organisation. is set up. ; ; Onsite and online training is packaged as part of the project and tailored to specific requirements.
• Service documentation: No
• End-of-contract data extraction: On request by email at any time or at end of contract. Microlink will ask the organisation to specify any format extract required and usually supplies data outputs in .csv format.
• End-of-contract process: Upon end/termination of contracts, and platform extensions and API's, plus user accounts, are automatically de-activated and the user is notified via email or other means as selected by the user. Any user-specific application data within the platform (note this excludes personal/sensitive data) will be only be retained in accordance with our data retention policy to facilitate any specific requirements for extraction of data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is fully responsive on Mobile devices and the functionality is similar.
• Service interface: Yes
• Description of service interface: Various options depending on the user existing systems and requirements
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: The API is used for transfer of data to and from the platform. There is no Adminstrator accessibility for setup of the system via API
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: There is extensive configuration that is implemented by Microlink at user level during set up. Certain customisation will always be accessible by the user, examples include workflow configuration, report output preferences, display preferences, communication/alerting (SMS, Email, etc..)

Scaling

• Independence of resources: The platform is hosted in the Microsoft Azure cloud and benefits from their latest platform and infrastructure-as-a-service (IaaS) offerings. This allows us to monitor service demand in real time, and to effect additional system or user resources accordingly. The platform itself has been designed around a modular architecture, facilitating platform performance management at modular level, which in turn allows dynamic scaling up (or down) of user-specifics within the platform.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Empactis

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: By email request to us under a pre-approved procedure for this. We will arrange a secure File Transfer of the data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our hosting provider ids Microsoft (Azure Platform). Full details of their SLA's are available at www.microsoft.com/azure.
• Approach to resilience: Resilience is underwritten by our service provider, Microsoft Azure.
• Outage reporting: Any outage is reported by dynamic email alerting. Outage alerts are sent to pre-registered user(s) at the client by the support desk

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the management interfaces is restricted by MS Azure using their IP address controls and additional user authentication as specified by them.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 09/01/2018
• What the ISO/IEC 27001 doesn’t cover: No exclusions from NQA'a assessment
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: SEC-1 Ltd
• PCI DSS accreditation date: To answer
• What the PCI DSS doesn’t cover: No exclusions.
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Microlink is ISO 27001:2013 certified and maintains information security policies accordingly. ; ; This includes the Business Management System Manual, which details the scope, the objectives, the responsibilities and the risk rating and management, as well as the mobile device policy, clear desk, access, teleworking and encryption management policy. ; ; Several other policies are also in force, including Change and Release procedure, document retention policy, incident management procedure, information classification and handling policy and the physical security policy. ; ; Finally, Microlink maintains a detailed Risk register for logging of events and triggering any preventative/remedial measures. There is a documented escalation path from operator level right through to our board with dynamic stakeholder alerting at each level.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to the production platform go through a change request process, overseen by our services delivery manager. This process ensures appropriate approvals are in place before changes are made. ; ; Configuration information is stored in a revision control system to track all changes made through the lifetime of the system
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Through Microsoft Azure we have a number of systems in place including automated container vulnerability scanning, monthly patching of servers, and annual penetration testing of the service. ; ; We subscribe to relevant vendor security announcement lists in addition to monitoring the IT media for new vulnerabilities and threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring approach includes a monitoring system that provides real-time status information and alerting to our operations team. Logging is aggregated centrally to enable effective search and correlation of events to take place, and logs are mirrored to a remote location to prevent tampering.; In addition, we monitor and log all data access, log on activity and other metrics to highlight a potential compromise.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an Incident Management Process that defined the process for reporting and handling incidents. Any incidents are logged on an internal issue tracking system.; ; This alerts appropriate members of staff to the incident so that they can prioritise and resolve the incident effectively as well as providing a log of such incidents. ; ; The procedure includes steps for initial investigation, containment, recovery and client notification as well as later analysis and remediation of the cause.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £10 to £25 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free, time-specific full access to the service, subject to some pre-agreed criteria around the cost to set up and GDPR management between Microlink and the customer.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF