Panacea Applications Limited

Panacea Print Management

A comprehensive print management tool incorporating instant estimating, proofing, approvals, file sharing, and automated administration. Ensures optimum use of digital, litho, web-offset, large-format and specialist print. Clear, shared workflow and audit trail, from requirement through to delivery, payment and charging. Saves time and cuts costs for buyers and suppliers alike.

Features

  • Manage print and related services using in-house and out-sourced suppliers
  • Sustainable cost savings of 35-72% on print and related services
  • Collaboration: simple shared workflow for colleagues, clients and suppliers
  • Monitor service delivery against KPIs, client satisfaction up by 66%
  • Artwork templates fully customised to your clients specific branding guidelines
  • Estimating and purchasing: instant competitive quotes, mini-tenders amongst approved suppliers
  • Job bags act as central repository for all relevant documentation
  • Planning and scheduling: project management, work allocation and resource management
  • Real-time management reporting, benchmarking and performance monitoring
  • Budget control: Budget codes for control of expenditure across departments

Benefits

  • Build client loyalty: intuitive portal, one-click ordering, forms, history, templates
  • Sustainable time and cost savings, improve operating margins
  • Avoid duplication of effort, share assets, with intuitive collaboration features
  • Increase productivity, supported self-service options, efficient planning and time management
  • Upload variety of artwork, images and documents to job bags
  • Generate income and increase operating margins on your services
  • Obtain instant client feedback on completed work using 5-point scale
  • Track use of service and monitor performance against KPIs
  • Improve reputation and service delivery with intuitive and efficient workflow
  • Support remote working with 24 hour access for all users

Pricing

£7,930 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@panacea-software.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 2 3 2 3 6 3 5 9 0 3 2 5 8 7

Contact

Panacea Applications Limited Rachel Wynne
Telephone: 02079760116
Email: info@panacea-software.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
There are no constraints. The buyer needs no specific hardware configuration required, no software installation. Panacea Software is available online 24/7 using any browser. Essential maintenance work and software up-grades are performed outside office hours.
System requirements
  • Internet access
  • Internet browser e.g. Internet Explorer 9+, Edge, Chrome, Firefox, Safari

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our helpdesk is manned by competent staff from 9am - 5.30pm every business day. We respond to all support requests and questions, by email, ticket, webchat or telephone, within four working hours, and in most cases our response is immediate. Online support (user manuals, videos, frequently asked questions, etc.) is available to all Panacea Software Users 24 hours a day including weekends and bank holidays. User testimonial: "The support from Panacea is invaluable - there are very few suppliers who provide this level of support so efficiently and consistently.” A. Desai, Buckinghamshire County Council
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Web chat is tested on implementation, and is regularly tested. Accessibility testing uses Wave web accessibility evaluation tool - Dragon from Nuance
Onsite support
Onsite support
Support levels
Support is provided to all Users:
a. Online user manuals, support advice and FAQs are available to all Users at no additional cost, via the support icon displayed prominently on every screen of Panacea Software.
b. Panacea’s support desk is manned by competent staff providing Users with technical support and advice on the use of Panacea Software by email or telephone, in clear written or spoken English. Included in our subscription fees, at no additional cost is five hours of one-to-one user support each calendar month in accordance with Panacea’s Support Services Policy.
c. Online and onsite training and support is provided by agreement as required. Eight hours' training for each Key User is included in our set-up fees. Additional training can be provided by arrangement.
d. Each subscriber is nominated a named technical account manager who proactively works with the subscriber and is available by email, telephone and onsite as required.
e. The Subscriber may purchase additional or enhanced support services as required.
"The system enables our colleagues to self-serve, encouraged by the exceptional support provided by Panacea. They also support our suppliers, which is brilliant. Panacea demonstrates great
service alongside a great product.”." K.Parfitt, Buckinghamshire County Council
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We work closely with the Subscriber to set up and configure the software as required to ensure it is implemented with minimum effort creating a simple, intuitive workflow for all users. We provide user-guides, on-boarding communications and on-site training as standard when the software is launched, and provide online training to all users as required. Implementation for public sector subscribers takes 4-8 weeks and we offer support to all parties to ensure this process is efficient and effective and achieves the desired outcomes. "Working with the skilled and professional team at Panacea has been a great experience. With their support the system was implemented smoothly and we were quickly up and running" Bolton Council.
As with the implementation of any new workflow, Panacea Software requires careful change management, to overcome the inevitable resistance of users comfortable with their old way of working. Our specialist staff work closely with each subscriber, to ensure the software is configured effectively to meet their specific requirements and guidelines. Our support team on-board and support all users to ensure they quickly and fully benefit from the efficiencies of the software.
"Panacea is a fantastic partner, supporting us all to make the change seemless" Basildon Council.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • MS Word
  • MS Excel
End-of-contract data extraction
Upon the termination of the contract, we allow the Buyer access to the Panacea Software for a period of 10 Business Days for the sole purpose of the retrieval of Customer Data. The buyer can extract all their data at this stage, using the interactive export functionality in the modules they subscribe to. Data is extracted in MS Excel format.
End-of-contract process
On termination of the contract, Panacea allows the Customer access to the Panacea Software for a period of 10 Business Days for the sole purpose of the retrieval of Customer Data and the following apply:
(b) all licences and rights granted to the Customer immediately cease;
(c) the Customer ceases all activities (apart from data retrieval) authorised by the agreement;
(d) each party shall return and make no further use of any software, equipment, property, Documentation and other items (and all copies of them) belonging to the other party;
(d) Panacea will destroy or otherwise dispose of any of the Customer Data in its possession, subject to the 10 business days allowed for data retrieval.
(e) The Customer shall pay all reasonable expenses incurred by Panacea in returning or disposing of Customer Data; and the Customer shall immediately pay to Panacea any sums due to Panacea under the contract; and
(e) any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Collapsible menu responsive to lower resolution screen size, for user-friendly view on smaller screen.

Simple mobile view for interpreters to confirm availability, accept and decline bookings, etc. on their smart phones.
Service interface
Yes
Description of service interface
Our service interface is interactive, configurable and granular so as to provide intuitive and user-friendly tools and data access according to User Role. This enables truly efficient and collaborative working. For example Administrator Users can customise the interface for their clients and colleagues according to each organisation or team's requirements. Suppliers access the tools they need to fulfil their side of the work, and Key Users can monitor the activity of their clients, colleagues and suppliers and manage and report on all activity. The interface to Panacea Software is available online using any browser.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Interface testing with: Wave web accessibility evaluation tool and Dragon from Nuance
API
Yes
What users can and can't do using the API
Users can securely connect and authenticate to our API using SOAP, XML, JSON and REST-compliant interfaces. Users call specific methods to reflect their requirements to make changes through the API. Limitations to how users can set up or make changes to their data on Panacea Software through the API are defined by our security protocol and policies and data integrity checking applies. For example, a user will not be able to add or amend an object which does not exist in the database.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Administrator Users have access to relevant settings, templates and configuration options to customise each module of Panacea Software they purchase, as appropriate. Our support team can, alternatively, customise the software for these users if they prefer. Customisation options are extensive, and include. Customisation options are extensive and include, for example:
- Branding of software: Colours and logo as standard, bespoke landing page option if required
- Client interface and e-catalogue: forms, options, automated quotes, available items, products and services with preset calculators for instant quotes, preferred suppliers for each service if required
- Templates: Schedules, forms, calculators, branded artwork, branded e-mails
- Code format rules: Budget codes, GL Codes, Cost Centre codes, etc.
- Data for import to finance system(s): Batch files formatted for import (manual or automated) for charging, invoice generation, supplier invoice payment, budget management
- Supplier evaluation documents: evaluate interpreters and translators' qualifications, DBS checks, and capabilities by customising interactive questionnaires - question content, structure, formats, types, rules, scoring, pass/fail, etc. and tender stages, timing and workflow, supplier qualification
- Schedule and format for automated export of data
- Consent statements for GDPR are customisation by the buyer to ensure full compliance with data protection rules.

Scaling

Independence of resources
Panacea Software is hosted within a hybrid-cloud comprising Virtual Private Servers and Dedicated servers. Each Subscriber’s service runs under its own instance on IS with their own database and data folder. Future versions of the software may employ secure multi-tenancy architecture. Every element of our network is monitored and logged 24x7, (Cisco, Juniper). Performance issues requiring investigation are escalated to on call engineers who quickly take the necessary steps to minimise any impact on users. Servers are patched weekly. All attempts to access the software are logged. Malicious characters and repeated attempts to login with incorrect passwords are blocked.

Analytics

Service usage metrics
Yes
Metrics types
Subscribers can monitor service usage, view login records and user activity metrics including event logs, audit trails, history notes and real-time management information available at the click of a button, including:
• Usage of service
• Analysis of activity, expenditure and income by organisation, department, section, individual, etc.
• Performance reporting on KPIs, supplier selection, feedback, etc.
• Contract management of suppliers, clients, account etc.
• Extensive expenditure and income reporting
• Resource management including time-sheet reporting
• Data export files for interface with other systems
• Customised reports available subject to agreement.
Our service uses TLS Version : v1.2
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
- We comply with the provisions of the Data Protection Act 2018 and GDPR
- Access to Panacea Software is restricted via a secure login for authorised users, with password encryption, multifactor authentication, SSO
- The physical servers are located at Data Centres in the UK with security infrastructure and procedures in compliance with ISO 27001, ISO 22301 and PCI DSS SP L1 Req 9.
Our servers are held in locked racks which can only be opened by individuals.
Firewall : The network is protected by two Fortigate IPS (Intrusion Protection Systems) units maximising reliability while filtering malicious traffic
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can generate, download and export their data in a variety of file formats including html, pdf, csv or xls.
Data can be exported in the format required for import into user's finance systems for supplier payment, client invoicing, internal charging, budget management, etc. Subscribers can opt for specified users to have access to generate and download or export this data, or to automatically generate and export this data by automated file transfer (e.g. daily FTP) to a specified destination.
Data export formats
  • CSV
  • Other
Other data export formats
  • Html
  • Xls
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
Xls

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Panacea Software is hosted on dedicated managed servers with 99.9% network uptime SLA.

Our servers are powered by 6 independent 11kv three phase electrical supplies from 3 separate national grid substations. Standby Generation is provided at N+1 redundancy via diesel engine driven generators. On-site fuel is stored to maintain full load operation for all generator sets for continuous running of 24 hours.

Every element of our network is monitored, supported (by Cisco, Juniper and Fortinet) and logged 24x7, should an event occur which requires further investigation an on call engineer is paged and working on the issue within minutes, before any small problem impacts our service.
Our online support is available 24/7 with telephone and email support available from our help desk during working hours, manned by competent staff providing Users with technical support and advice by email or telephone, in clear written or spoken English.

Defect resolution SLA of 5 working hours for a Severity Class 1 issue, 10 working hours for Severity Class 2 and 2 business days for Severity Class 3 issue, as detailed in our Software Maintenance Policy (available online, as well as via a link on the home page of Panacea Software)
Approach to resilience
Panacea Software is hosted in the UK on dedicated managed servers in secure purpose-built hosting facility (details available on request), backed-up to a linked location and a data centre in the UK, to allow data to be restored in the event of catastrophic disaster at the primary site.
Servers are housed in locked racks in centres with accredited security infastructure, including:
- Independent client card identification access system
- Single-person point of entry, guarded 24/7 and monitored by integrated digital video camera surveillance
- Proximity card access control system
- Protected perimeter fence, fitted with intruder sensing
- 24/7 CCTV coverage of perimeter, common areas, facilities management suites.
Planned maintenance is performed outside business hours, maintenance procedures minimise disruption from unscheduled issues. Business continuity and disaster recovery procedures in place in the event of a catastrophic situation.
Logs and certificates are retained pertaining to the secure disposal of equipment: Hard drives are securely shredded into 15mm strips to prevent recovery of data.
Backed-up data stored in proprietary format is automatically deleted and over-written after seven days.
Subscribers retain access to retrieve their data for 10 working days after termination of contract; thereafter their data is deleted and destroyed.
Outage reporting
Subscribers are informed of any planned server outage (e.g., due to a scheduled upgrade), by email alerts (using an approved CRM software)

Every element of the network is monitored and supported (by Cisco, Juniper and Fortinet) and logged 24x7, should an event occur which requires further investigation an on call engineer is paged and is working on the issue within minutes, preventing or minimising any impact on our subscribers.

We use Uptime Robot to monitor the performance of our service and receive outage information via automated email alerts.

We monitor service performance (including outages) and provide performance reports to subscribers if required.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Users are granted access to only relevant and authorised sections of the software. This is strictly monitored and reviewed. Additionally, passwords are fully encrypted. Two-factor authentication and single-sign-on (SSO) can be set to mandatory as required.
Access restrictions in management interfaces and support channels
Only authorised individuals can authenticate to and access management interfaces for Panacea Software or perform actions affecting our service through support channels.
Access to Panacea Software, management interfaces and support channels is strictly restricted to authorised individuals according to clearly defined user roles following secure login process using encrypted passwords.
Every attempt to access the software is logged, repeated attempts with incorrect password are blocked, and users are alerted to any concurrent use of their credentials.
Our operational folders are stored on secure external servers, which can only be accessed via SSL VPN and password, to ensure secure service administration.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
IAS Accredited the certification by Advanced Certification Ltd
ISO/IEC 27001 accreditation date
28/12/2017
What the ISO/IEC 27001 doesn’t cover
All aspects of our service are covered by ISO 27001 accreditation.The software, management, and service provision is covered by the certificate noted above, and our hosting subcontractor also holds ISO 27001 accreditation covering the hosting and back-up of our software and data. Certificates are available upon request.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Coalfire for Service Provider, Lloyds Bank Cardnet for Merchant
PCI DSS accreditation date
2017 for Service Provider, 2013 for Merchant
What the PCI DSS doesn’t cover
This certification is held by our hosting sub-contractor and covers the hosting of our servers. It does not cover our software. We do not currently plan to obtain this certification for our software itself, since the software does not currently accept, process, store or transmit credit card information.
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Certification
  • ISO 9001: 2015 (Quality Management)
  • ISO 14001:2015 (Environmental Management)
  • RMADS (Public Sector Compliance)- Sub-contractor
  • PSN connection compliance (Public Sector Network) - Sub-contractor

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our integrated management system, certified ISO 27001, ISO 9001 and ISO 14001 incorporates clear processes to support our company objectives, ensuring compliance with our security policies:
• Privacy and security of customer data
• Physical security and asset management
• Server security
• Security screening of personnel
• Security incident management
• Software maintenance
• Password security and user access restrictions
• Development and configuration management
• Quality assurance and software testing
• Disaster recovery
• Business continuity

To ensure our policies are followed:
All our personnel are trained on our information security policies, processes, roles and responsibilities:
- Security induction training (in-house)
- Security training up-dates and team training (in-house)
- Security training and cyber-security up-dates (external accredited provider)
Our processes, including risk assessment, operational planning, all security controls are subject to regular audit and review:
a) Fortnightly testing: functionality, regression and security
b) Business continuity exercises
c) Penetration testing
d) Disaster recovery testing

Those security policies and standards affecting our subscribers and their data are included in user training and support materials available to all users and on our website.

Our reporting structure ensures fortnightly management review and approval by top technical and company management to ensure compliance.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow standard development guidelines our management system includes GitHub for source control and Jira for issue tracking to monitor each requirement from specification, development and testing to release.
Specifications for development and configuration are reviewed against feedback, security guidance and business requirements. Organisational and technical interfaces are defined and tracked. Configuration and change requirements are are assessed in terms of scope, adequacy, impact on functionality, scalability, ease of use and potential security.
Our fortnightly release process supports stringent testing protocols. Validation process tests each component is fit for purpose and regression testing ensures security and integrity of existing functionality.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Automated error messages alert us to any attempts to inject malicious code and the software blocks repeated attempts to login with incorrect passwords. Vulnerabilities identified are recorded on our tracking system and resolved and deployed as a matter of priority. As standard upgrades deployed fortnightly. All attempts to access the software are automatically logged including failed logins. Penetration test results confirm our defence against malicious threats including SQL and JS injection attack. Passwords and other sensitive data is encrypted. Windows Servers are patched on a weekly basis and AntiVirus software is automatically updated to identify and deal with any vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are monitored through:
• Fortigate IPS (Intrusion Protection Systems)
• Every element of network monitored and logged 24/7 (Cisco, Juniper, Fortinet)
• Automated emails alert us to any suspected malicious activity
• Penetration testing by third party accredited provider
• Full-time in-house testing team following strict protocols
Response to potential compromise
- On-call engineer (24/7) resolves any potential compromise to network
- Potential vulnerabilities immediately logged and resolved according to severity, in line with our maintenance policy SLA:
Response time:
Severity class 1: 5 working hours
Severity class 2: 10 working hours
Severity class 3: 2 business days.
Incident management type
Supplier-defined controls
Incident management approach
Our Incident Management policy is on our website and is covered in our staff and user training and operational manuals:
- Users notify Panacea Support as soon as an incident is suspected or identified, via Phone, Email or WebChat, providing all possible information on details, impact, steps taken
- Our staff and contractors log any incidents, notify Management immediately and thoroughly investigate cause(s), impact on the software and data, immediate action, future mitigation measures and may need to invoke the Continuity of Business plan if required
Incident reports are provided to our subscribers by email and in service review meetings.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
Yes
Connected networks
Other
Other public sector networks
Public Services Network (PSN) - via our hosting provider

Pricing

Price
£7,930 a licence a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@panacea-software.com. Tell them what format you need. It will help if you say what assistive technology you use.