CommonTime Ltd

Intelligent Communication

Intelligent Communications is a combined consumer IM and pager replacement solution developed by CommonTime with unlimited integration capabilities.

Empower staff with a secure communication channel that enables instant messaging and transforms front-line intelligence. The solution provides server infrastructure, workflow and integration and iOS and Android Apps.


  • Complete organisation wide solution for messaging and critical alerting
  • Secure (end to end encryption) and reliable delivery of messages
  • Integrated with your Active Directory ensuring appropriate access to data
  • Individual or group messaging which can be patient/subject specific
  • Messages can be received over WIFI/4G/3G
  • Support for smartphones, tablets and desktop usage
  • See individual messages have been read and received
  • Send images and audio files quickly and securely
  • Workflow and BOT integration to third party api's and systems
  • Proven integrations to HL7-FHIR, Netcall, RIO, Capita Vision


  • Provides one secure, reliable and appropriate messaging solution organisation wide
  • Replace legacy radio pagers with a modern mobile communication solution
  • Improving working efficiency with support for data on demand
  • Audit trail of all messages sent, read, acknowledged
  • Removing Instant Messaging i.e. 'WhatsApp Problem' with your organisation
  • Improving Communication - fast delivery with receipt/read acknowledgement
  • Solution compliant with organisations Information Governance
  • Improve response times and level of care
  • Improved staff efficiency by not waiting for landlines or PC
  • Full directory of staff through Active Directory integration


£2500 to £30000 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

4 5 8 5 6 1 5 3 3 8 7 6 6 0 8


CommonTime Ltd

Rebecca Middle


Service scope

Service scope
Software add-on or extension Yes
What software services is the service an extension to Additional integration modules delivered and supported through our workflow data integration engine
Pre defined process management modules for clinical and operational areas.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints There are no constraints for this offering
System requirements
  • IOS
  • Android
  • Windows Desktop OS
  • Apple Desktop OS

User support

User support
Email or online ticketing support Email or online ticketing
Support response times The email and online ticketing system is pro actively managed by the support team in our support operation centre during standard office hours (Monday to Friday 08.00 to 18.00, excluding UK Bank Holidays). All other times the support team are engaged via telephone support line. Active cases are then monitored and managed on a 24 * 7 basis.
Systems are pro actively monitored by our teams during office hours
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 A
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels 24 * 7 * 365 support included as part of the license fee
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Service on-boarding is done through our support team, there is a blend of on-line training, plus on-site group or individual training and support provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Contract exit will start a process of engagement where live data and code can be exported and provided via a download link. Services to cover this will incur a small charge
End-of-contract process There is no additional cost at the end of the contract, unless professional services are required to manage data and code extract Account Management closure is included There may be some small admin charges to close the account which will be specific to the user of the service

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The majority of the features are in both the mobile and desktop services, however there are some specific alerting features (pager functionality) that are designed for IOS and Android devices.

Integration and workflow configuration is typically a desktop process.
Service interface No
What users can and can't do using the API CommonTime have a flexible integration layer that allows information to be shared with and received from third party systems.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Clinical Messaging has a number of configurable items to support the setting up of users and roles within the system.

The solution supports an in app BOT which can query and update third party systems via a flexible integration layer that can be configured by CommonTime, a partner or the end customer.


Independence of resources Each customer is allocated a defined area and does not share resources with other customers on the service.


Service usage metrics Yes
Metrics types App usage statistics
User statistics/information
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach A tool is provided for users to export their data
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The SLA for standard availability is 99.9%. Where greater availability is required this can be discussed further
Approach to resilience The Data Centre's for CommonTime are designed to N+1 standards which comply to ISO22301:2012. Further details are available on request.
Outage reporting Service outages are reported by email alerts.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels All access is controlled through Active Directory and RBAC controls. This is managed by the CommonTime Support manager and controlled under the ISMS policy for Access Control ISO27001:2013
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS International
ISO/IEC 27001 accreditation date 24/05/2019
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications CESG Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Datacentre compliance OFFICIAL/ISO27001
Information security policies and processes CommonTime adheres to the ISO27001:2013 framework and has implemented an ISMS to reflect the working practices of the company

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach CommonTime follows the ITILv3 Change Management principles and follows a defined Change Management process.
Vulnerability management type Supplier-defined controls
Vulnerability management approach In the ISMS manual for CommonTime, processes are in place for Risk Management including identification of risks and vulnerabilities, with a defined process in place for mitigating these risks under a Vulnerability Management model.
Protective monitoring type Supplier-defined controls
Protective monitoring approach CommonTime follows the CESG GPG13 principles in risk management, inline with Control A.16 of the ISO27001:2013 ISMS manual. All access is monitored and audited, with Security Incidents reported to the Support Manager with immediate affect. The Security Incident policy for the organisation contains the escalation process dependent on the impact of the incident.
Incident management type Supplier-defined controls
Incident management approach CommonTime follow ITILv3 Incident Management and ISO27001:2013 policies for Incident Managment processes and uses a ticketing system for managing all Incidents. Customers have access to this system to raise new incidents and provide feedback and further information.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2500 to £30000 per licence per month
Discount for educational organisations No
Free trial available Yes
Description of free trial CommonTime offer trial usage of the full standard product for one month to support a business case to an agreed scope. At the end of the trial period, all data is deleted as part of off-boarding. The customer will provide their own devices and network configuration to access the environment.

Service documents

Return to top ↑