AzeusCare Case Management System
AzeusCare is a highly flexible person and family-centric, birth-to-grave case management application suite. Designed for use in local authorities, CCGs and third-sector organisations it supports case recording, provisioning, service delivery management and finance management for children’s social care, adult social care, non-clinical health and community health services.
- Integrated Children, Adult and Family Case Management System
- Hospice and Care Home Management
- Integral Finance Management module for Care Act 2014 compliance
- Remote Working in online/offline modes
- Customer self assessment via public facing portals
- Provider management and interaction via public-facing portal
- Controlled partner access to records via public-facing portal
- Integrated document management store
- Integrated Open Source Reporting tool & real-time dashboard reporting
- Inbuilt Statutory returns for NHS Digital and Department for Education
- Compliant with statutory requirements (Care Act, Children and Families Act)
- Fully integrated modules with seamless interface
- Intuitive and easy to use
- Flexible and adaptive to local requirements
- Promotes remote working in online and offline modes
- Enables service users to access their own records
- Encourages information sharing amongst professionals
- Supports workforce organisation and task allocation and workflows
- Supplies extensive reporting capabilities and output types
- Encourages inter-systems integration with inbuilt API
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Questions will be responded within 1 business day|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||None or don’t know|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Each customer is assigned an Account Manager. He/she manages the ongoing contract, any amendments or additions to any aspect of it, provides general customer engagement, new product information and guidance and the provision and pricing of any new or additional business, technical, project management, user training and consultancy services as may be required by the customer. The services of the Account Manager are included gratis for each customer.
Application Support is provided via the medium of the Help Desk for the ongoing maintenance and support of the licensed application(s). Such support also covers the management of the delivery to the customer of upgrades to the application. The cost of Help Desk support is included in the application licence.
Our Standard Support includes access to the Help Desk which can be contacted via telephone or email during office hours. All issues raised will be logged in our online tracking system JIRA to which the customer also has access and which is available 24/7.
Our Enhanced Support extends our Help Desk support hours to provide 24/7 support if desired and may include onsite visits. The cost of extended support is negotiated with the Account Manager.
|Support available to third parties||No|
Onboarding and offboarding
Prospective customers should contact Azeus UK to discuss their service requirements. It should be noted that we offer, in addition to cloud-based services, on-premise hosting if required.
On completion of the contract signing, a project manager will be assigned and Azeus UK will prepare the cloud-based instance or local environments according to the customer’s specifications.
For new customers, Azeus UK will provide data migration and implementation services to assist in moving from the existing system to AzeusCare with a view to enabling the customer to have complete ‘ownership’ of their new system.
The following services are offered:
1. Business Process Consultancy and System Configuration,
2. Data Migration,
3. Ad hoc Reports and Recording Templates development,
4. User training (hands-on and eLearning).
Azeus UK supplies an extensive resource library to customers which is regularly added to and maintained/updated. These resources include: 1. Release Notes, 2. Technical Set Up Guides, 3. User Guides per module, 4. Training Guides and Training Needs Analysis Templates, 5. Entity Relationship Diagrams, 6. Maintenance and Support Policies and Procedures.
|Other documentation formats||MS Word|
|End-of-contract data extraction||
To terminate a subscription, the customer must inform Azeus UK via a written request at least ninety days in advance of the specified date for termination. Upon request for account termination by either party, all remaining payments (if any) must be cleared.
On an agreed date Azeus UK staff will generate an XML extract file containing the complete case record. (XML is an open standard format which can be easily used to facilitate data import to another system if needed.) Should there be a need for a user friendly format, we provide a tool (XSLT) to transform the XML into HTML.
Using this tool Azeus UK will dump all case data and make it available to the customer for secure download via SFTP (secure FTP). The customer will be provided with the instructions and the certificate required in downloading the output files. The customer will be given an agreed timeframe (usually 30 days) to download the output files before the records are purged.
On the agreed date, Azeus UK will then destroy the customer's data and release all resources that were allocated to the service.
|End-of-contract process||Azeus UK will supply within the price of the contract a) the data dump described above and b) the most recently updated version of the documentation as follows: System Architecture Diagram, Entity Relationship Diagram, Logical Data Model, Database Size Report (i.e. number of records per table and total database size in GB), XML schema definition for archived records. At additional cost Azeus UK can provide the following services where it is expected that data from AzeusCare will be migrated to a new system: Data Quality Review, Bulk data cleansing/correction, Data Conversion in accordance with a customer defined format. At the customer's explicit request and for further negotiated cost, the time for which the system can remain online after the termination date can be extended if required.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||
AzeusCare's Mobile Application provides a sub-set of functions from the Case Management Application and can be used in either online or offline mode. It is essentially a recording device with capability to synchronise data with the server. Case records can be downloaded in whole or in part, core data updated, forms and case notes completed for either persons or families. Digital signatures and photographic 'evidence' can also be captured.
In addition, the application provides for the completion of Care Act financial assessments and for the calculation logic to apply whether or not the mobile device is connected to the internet.
|Description of service interface||AzeusCare is a web-based suite of applications which sit on an Oracle database. The suite comprises a case management application, public-facing portals and an online/offline mobile application the user interface being written using Java (Java 6 server side). AzeusCare uses the Open Source JasperReports as the main embedded reporting tool alongside an in-house reporting tool developed by Azeus.|
|Accessibility standards||None or don’t know|
|Description of accessibility||The AzeusCare CMS application, as well as the public-facing portals, are accessible via web browser. They were designed and tested to comply with the WCAG 2.0 AA standards.|
|Accessibility testing||The AzeusCare CMS application is compliant with assistive technologies compatible with MS operating systems such as Dragon Naturally Speaking and JAWS Screen Readers.|
|What users can and can't do using the API||
Our standard API enables users a) to interface AzeusCare with third-party systems (including the capability to search and retrieve basic person information as well as generating and retrieving data extracts) and b) to create and update case records via the generation of compatible electronic forms which can be completed outside of the system independently and then checked in once completed.
API access is executed via web services. Our system monitors all API transactions. This includes requiring user authentication and creating an audit log for all transactions. Furthermore, API transactions pass through our Role-Based Access Control framework to ensure that record access is restricted to authorised users.
For security reasons we do not provide APIs for:
- User account Administration
- Amending system configuration
- Merging person records or performing error correction
- Workflow record approval
- Performing bulk record updates
- Deleting any record
- Direct creation of person records (this is to avoid duplicate person records from being created)
|API documentation formats|
|API sandbox or test environment||No|
|Description of customisation||
AzeusCare offers significant levels of flexibility in the customisation of the applications using the in-built tools provided, all of which are under access rights to authorised administrators:
- Recording Templates: create and amend existing forms,
- Workflow Management: set up and configure workflow tasks and/or embed in recording templates,
- Rules Engine: configure rules for financial computations for RAS, financial assessments, foster carer payments etc.,
- System Parameters: configure system-wide behaviours,
- Employee, Post and Team management: set up system accounts and team structure,
- Function rights and data security: set up role-based access control,
- Financial/accounting codes: set up background codes, authorisers, budgets,
- Reports Design: design and create reports,
- Reports Management: set up reporting schedule and recipient list,
- Dashboard Reports: set up queries and access rights,
- Standard Letters: set up templates for data merging,
- Directories: populate professional, provider, carer and organisations directories,
- Reference Code Tables: populate drop-downs,
- Flags and Alerts: set up rules for generation against case records,
- Dictionary Management: manage spellchecker,
- Address Management: manage address uploads,
- Workload Management Analysis Tool: manage caseload intensity scores,
Note that local branding can be applied to portals and output types also.
|Independence of resources||Azeus hosts the AzeusCare instance for each customer on a dedicated infrastructure that is carefully designed and based on the expected number of users. By providing each customer with a dedicated set of servers and storage devices based on the computed client load, our solution guarantees that each customer is physically and logically separated from other customers, with resources exclusively reserved for each customer. Should there be an increase in demand from the current users of the system, effectively increasing the expected workload capacity required by the infrastructure, the system can be configured to be scalable vertically and horizontally.|
|Service usage metrics||Yes|
|Metrics types||AzeusCare provides extensive service metrics enabling analysis of how and when system users interact with the applications suite. These are presented in an on-screen audit facility (with multiple filter and drill-down options) from which detailed reports can be derived. This complies with Data Protection Act requirements. Reporting on case records can be executed via the embedded JasperReports tool and the proprietary query tool, powered by Saiku, which provides real-time dashboard reporting. Note that all field-level data in locally-created recording templates can be captured by reporting tools.|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||Physical access control, complying with CSA CCM v3.0|
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||
AzeusCare provides a) a standard function for extracting all case data for a single case record into a XML output file and b) a PDF output of the same for subject access request purposes. Should there be a need for a user-friendly format, we provide a tool (XSLT) to transform the XML into HTML.
For data on case load and performance, the system provides output reports in PDF and XLS formats. We also provide an ad hoc query tool for user-defined queries and extract data into CSV or XML format.
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||XML|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
The guaranteed system availability is 99%. Where the annual uptime percentage drops below 99% within a total Service Year (i.e., the preceding 365 days from the date of an SLA claim), the customer is eligible to receive a service credit equal to 0.5% of the annual service charge for each percentage below the committed availability. Note the annual service charge does not include ad hoc or pre-paid consultancy, training or project management service types.
No credits are offered if a customer is in arrears with payments or has insufficient balance to continue using Azeus cloud services during the qualifying claimed credit period for at least 10 calendar days.
The maximum total credit for the yearly billing period, including all guarantees, will not exceed 5% of the customer’s total chargeable fee for the eligible credit period (i.e. yearly billing cycle in which the most recent unavailable event included in the SLA claim occurred) nor can a credit amount in excess of 5% be carried over and applied to future fees.
The Account Manager service provides the means through which a claim can be made, account management meetings occurring quarterly.
|Approach to resilience||
Azeus UK implements a comprehensive backup strategy that keeps redundant backups of system data and its configuration. Backups are scheduled daily to ensure availability of data and will typically be kept for 14 days. A disaster recovery environment is available and is prepared in case a disaster occurs on the production site. The disaster recovery environment will be capable of taking over the operations from the production site if needed. Azeus UK will restore services to normal operations within 24 hours.
Our system infrastructure is designed to provide varying levels of availability to fit the customer's resilience requirements. The disaster recovery site is hosted on a geographically separate data centre with a system and server configuration that is identical to the production site.
The design can be adjusted to a strict resilience requirement with redundancy configured such that there is no single point of failure in the production setup or a more budget oriented approach where regular backups are configured and specific servers can be configured with hot or cold-standby configurations. The frequency of backup and replication can be configured to the customer's needs.
Our service includes a Nagios server for monitoring the system. The monitoring service is configured to check if the system is up and to monitor performance and system-related parameters such as CPU utilisation, RAM utilisation and available storage space on servers. Thresholds are set so that Nagios will automatically generate an email alert should any threshold be breached. Email alerts are sent to the Azeus System Engineer for appropriate action. Data from Nagios monitoring is also used to monitor system usage and to inform future capacity planning.
For any scheduled downtime (e.g., maintenance or system upgrade) Azeus UK will inform the customer ahead of time (at least 1 week ahead except for emergency maintenance) and schedule the activities, where possible, outside of office hours.
Azeus UK provides a report for all system outages which includes the following:
1. Date and time when the outage was detected
2. Date and time of when Azeus UK first responded
3. Impact analysis
4. Contingency measures implemented
5. Date and time of when service was restored
6. Results of the post-mortem review of the incident.
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||
The AzeusCare applications support role-based access to all areas of the system and outputs (including reports). This includes administrator functions which can be delegated 'downwards' to other posts as required. All administrator activities are audited with the same level of granularity as other user types. Direct database access is handled independently.
Note that AzeusCare's unique Data Security module extends the role-based access via enabling control over who may see/update/delete specific data types irrespective of whether the user has rights to the areas or case types via standard function rights.
|Access restriction testing frequency||At least once a year|
|Management access authentication||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||3/8/15|
|What the ISO/IEC 27001 doesn’t cover||
The following are inapplicable to Azeus UK as these are handled either by a third party (e.g., cloud hosting partner) or by another Azeus subsidiary (e.g., Azeus Systems Philippines, which is where the software is developed). It should be pointed out, however, that our hosting partner is ISO27001 accredited and our development house follows the principles of that accreditation:
- Physical security perimeter
- Physical entry controls
- Securing offices, rooms and facilities
- Delivery and loading areas
- Equipment siting and protection
- Supporting utilities
- Cabling security
- Equipment maintenance
- Removal of assets
- Security of equipment and assets off-premises
- Secure disposal or reuse of equipment
- Administrator and operator logs
- Clock synchronisation
- Secure development policy
- Technical review of applications after operating platform changes
- Secure system engineering principles
- Secure development environment
- System security testing
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||Cyber Essentials|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||The AzeusCare team operates a formal Information Security Management System (ISMS) which is based on BS779 pt.2 and ISO17799 and accredited under the ISO standard 27001. It addresses the following areas: Quality, Performance Monitoring and Review, Policy and Procedures, Managing External Relationships, Financial Management, Strategic and Business planning, Human Resource Development and Service Innovation. There is a nominated Chief Security Officer (CSO) who ensures that Azeus UK staff members are aware of the importance of meeting customer, as well as statutory and regulatory, requirements. The Chief Security Officer also ensures that staff members contribute to achieving Azeus UK’s Information Security Objectives and ensures a) that the information security policy and objectives are in line with the strategic direction of the organisation, b) that they are fully integrated into the organisation’s processes and c) that resources needed for the ISMS are available. Further, the CSO ensures that communication covering the importance of effective information security management and conformance to the ISMS requirements is in place, that the ISMS achieves its intended outcome(s), that direction and support is available to staff and that continual improvement is promoted. This is evidenced in the company’s recent preparation for the General Data Protection Regulation (GDPR).|
|Configuration and change management standard||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Configuration and change management approach||
Azeus UK tracks a range of system configuration settings (e.g. application, server, network, firewall, etc). During initial setup, we apply our standard configuration process (which includes server hardening) prior to release for customer use. Subsequent changes are then tracked and undergo our internal change management processes which includes impact analysis to system security and stability. Changes are first tested in an identical test environment before being rolled out to the production environment.
Azeus UK manages only the server-side configuration which includes OS security patches and server-side anti-virus updates. We expect the customer to maintain the configuration of all client-side devices.
|Vulnerability management type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Vulnerability management approach||Security testing is a key aspect in the overall development process for the AzeusCare Applications Suite. The system undergoes regular and methodical vulnerability scanning on both the application and the infrastructure in line with the requirements of the Digital Service Standard. Regular In-house testing ensures we are building and maintaining a body of expertise in the developer pool. Independent vulnerability scans are also often conducted by our customers for additional assurance. Potential and current vulnerabilities are made known by these scans. Appropriate rectification for these vulnerabilities are then handled in a timely manner dependent on the severity of the vulnerability.|
|Protective monitoring type||Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402|
|Protective monitoring approach||In conjunction with our hosting provider (who applies the Cloud Security Principles) our monitoring strategy embraces the NCSC's 10 Steps to Cyber Security. This strategy includes both technical and transactional monitoring, as appropriate, informed by previous security incidents and our remedial actions. Our incident response plan comprises 1. Make an initial assessment, 2. Communicate the incident, 3. Contain the damage and minimize the risk, 4. Identify the type and severity of the compromise and protect the evidence, 5. Notify external agencies and recover systems, 6. Document the incident. Response times will be dependent upon the severity and its impact.|
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Azeus UK uses JIRA (our online tracking system) to communicate, manage and report on all incidents. We provide authorised customer representatives access to our JIRA system in order to promote transparency and they can engage in the workflow from initial logging to resolution. Feedback on all incidents is available here.
Incidents are classified as critical, high, medium or low and are responded to within our response time commitment and resolution timeframes. Critical and High incidents will usually be followed by an internal Causal Analysis meeting and the appropriate updating of documentation and/or process.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||Yes|
|Price||£150 per user per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||Prospective customers may have up to 30 days free access to specific modules in order to test out functions and assess their applicability to current needs. We offer a standard 'sandpit' environment with a suitable dataset to enable real-life working scenarios to be managed.|
|Link to free trial||Please contact Azeus UK|