CommonTime Ltd

Intelligent Communication

Intelligent Communications is a combined consumer IM and pager replacement solution developed by CommonTime with unlimited integration capabilities.

Empower staff with a secure communication channel that enables instant messaging and transforms front-line intelligence. The solution provides server infrastructure, workflow and integration and iOS and Android Apps.


  • Complete organisation wide solution for messaging and critical alerting
  • Secure (end to end encryption) and reliable delivery of messages
  • Integrated with your Active Directory ensuring appropriate access to data
  • Individual or group messaging which can be patient/subject specific
  • Messages can be received over WIFI/4G/3G
  • Support for smartphones, tablets and desktop usage
  • See individual messages have been read and received
  • Send images and audio files quickly and securely
  • Workflow and BOT integration to third party api's and systems
  • Proven integrations to HL7-FHIR, Netcall, RIO, Capita Vision


  • Provides one secure, reliable and appropriate messaging solution organisation wide
  • Replace legacy radio pagers with a modern mobile communication solution
  • Improving working efficiency with support for data on demand
  • Audit trail of all messages sent, read, acknowledged
  • Removing Instant Messaging i.e. 'WhatsApp Problem' with your organisation
  • Improving Communication - fast delivery with receipt/read acknowledgement
  • Solution compliant with organisations Information Governance
  • Improve response times and level of care
  • Improved staff efficiency by not waiting for landlines or PC
  • Full directory of staff through Active Directory integration


£2500 to £30000 per licence per month

  • Free trial available

Service documents


G-Cloud 11

Service ID

4 5 8 5 6 1 5 3 3 8 7 6 6 0 8


CommonTime Ltd

Rebecca Middle


Service scope

Software add-on or extension
What software services is the service an extension to
Additional integration modules delivered and supported through our workflow data integration engine
Pre defined process management modules for clinical and operational areas.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
There are no constraints for this offering
System requirements
  • IOS
  • Android
  • Windows Desktop OS
  • Apple Desktop OS

User support

Email or online ticketing support
Email or online ticketing
Support response times
The email and online ticketing system is pro actively managed by the support team in our support operation centre during standard office hours (Monday to Friday 08.00 to 18.00, excluding UK Bank Holidays). All other times the support team are engaged via telephone support line. Active cases are then monitored and managed on a 24 * 7 basis.
Systems are pro actively monitored by our teams during office hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
24 * 7 * 365 support included as part of the license fee
Support available to third parties

Onboarding and offboarding

Getting started
Service on-boarding is done through our support team, there is a blend of on-line training, plus on-site group or individual training and support provided.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Contract exit will start a process of engagement where live data and code can be exported and provided via a download link. Services to cover this will incur a small charge
End-of-contract process
There is no additional cost at the end of the contract, unless professional services are required to manage data and code extract Account Management closure is included There may be some small admin charges to close the account which will be specific to the user of the service

Using the service

Web browser interface
Application to install
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
Designed for use on mobile devices
Differences between the mobile and desktop service
The majority of the features are in both the mobile and desktop services, however there are some specific alerting features (pager functionality) that are designed for IOS and Android devices.

Integration and workflow configuration is typically a desktop process.
Service interface
What users can and can't do using the API
CommonTime have a flexible integration layer that allows information to be shared with and received from third party systems.
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Clinical Messaging has a number of configurable items to support the setting up of users and roles within the system.

The solution supports an in app BOT which can query and update third party systems via a flexible integration layer that can be configured by CommonTime, a partner or the end customer.


Independence of resources
Each customer is allocated a defined area and does not share resources with other customers on the service.


Service usage metrics
Metrics types
App usage statistics
User statistics/information
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Less than once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
A tool is provided for users to export their data
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The SLA for standard availability is 99.9%. Where greater availability is required this can be discussed further
Approach to resilience
The Data Centre's for CommonTime are designed to N+1 standards which comply to ISO22301:2012. Further details are available on request.
Outage reporting
Service outages are reported by email alerts.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
All access is controlled through Active Directory and RBAC controls. This is managed by the CommonTime Support manager and controlled under the ISMS policy for Access Control ISO27001:2013
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
QMS International
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
CESG Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Datacentre compliance OFFICIAL/ISO27001
Information security policies and processes
CommonTime adheres to the ISO27001:2013 framework and has implemented an ISMS to reflect the working practices of the company

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
CommonTime follows the ITILv3 Change Management principles and follows a defined Change Management process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
In the ISMS manual for CommonTime, processes are in place for Risk Management including identification of risks and vulnerabilities, with a defined process in place for mitigating these risks under a Vulnerability Management model.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
CommonTime follows the CESG GPG13 principles in risk management, inline with Control A.16 of the ISO27001:2013 ISMS manual. All access is monitored and audited, with Security Incidents reported to the Support Manager with immediate affect. The Security Incident policy for the organisation contains the escalation process dependent on the impact of the incident.
Incident management type
Supplier-defined controls
Incident management approach
CommonTime follow ITILv3 Incident Management and ISO27001:2013 policies for Incident Managment processes and uses a ticketing system for managing all Incidents. Customers have access to this system to raise new incidents and provide feedback and further information.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£2500 to £30000 per licence per month
Discount for educational organisations
Free trial available
Description of free trial
CommonTime offer trial usage of the full standard product for one month to support a business case to an agreed scope. At the end of the trial period, all data is deleted as part of off-boarding. The customer will provide their own devices and network configuration to access the environment.

Service documents

Return to top ↑