3E Europe Limited

CIRIS for Healthcare Compliance

CIRIS for Healthcare Compliance is a configurable workflow solution for compliance. It is a comprehensive solution with sub-modules for a wide range of regulations, inspection management, clinical audit, committee management and document management.

Features

  • Wide range of pre-populated regulations
  • Default configuration to kick-start implementation
  • Custom email alerts
  • Custom role-based security
  • Custom field names and guidance
  • Custom reports & dashboard
  • Single Sign On (SSO)
  • Facility to import data from legacy systems
  • Application Program Interface for links to other systems if required

Benefits

  • Automated end-to-end business process configured precisely to user requirements
  • Process re-designed to minimize the need for central administration
  • Supplier maintained regulations repository, saving time
  • Transition from legacy systems facilitated with the import function
  • All workflow tasks can have user-definable timescale and escalation rules
  • Minimal end-user training required as instructions built-in to all forms
  • All the advantages of an in-house solution without the risk
  • Maximize the benefit by integrating with CIRIS for NICE Compliance

Pricing

£13750 to £46250 per licence per year

  • Free trial available

Service documents

G-Cloud 10

547261668497423

3E Europe Limited

Richard Brown

01223 421148

rybrown@3e.co.uk

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to CIRIS for NICE Compliance
Cloud deployment model Public cloud
Service constraints None
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Level 5 - 30 minutes;
Level 4 - 1 hour;
Level 3 - 4 hours;
Level 2 - 1 day;
Level 1 - 1 week.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a comprehensive level of support for the duration of the license at no additional cost (except for onsite support). Members of the support team have sufficient technical expertise to handle the vast majority of support requests, and direct access to specialists to assist in the resolution of issues.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide onsite and online training.
Service documentation No
End-of-contract data extraction Each report has an export button that allows users to export their data in CSV format. We also have a service that exports all uploaded documents, which we forward on to the client via e-mail, DVD etc.
End-of-contract process At the end of the contract, access to CIRIS is denied and customer data is deleted. Therefore, customers should ensure that they export any data they wish to retain prior to expiry of the contract. There are no additional costs involved in the off-boarding process.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility CIRIS displays information in a simple and consistent way, and has a set of consistent methods by which users cam navigate. This significantly reduces the time required to learn how to use CIRIS.

All data entry controls have associated captions that succinctly summarise the information required. Furthermore, CIRIS displays guidelines where further information is available.

Users can resize the text on each page to aid accessibility.

Where colour is used to provide feedback, CIRIS also displays descriptive text.
Accessibility testing None
API Yes
What users can and can't do using the API Users can retrieve reports and insert, edit and delete data via the API
API documentation Yes
API documentation formats PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The configurable elements in CIRIS include forms, email alerts, reports, dashboards, data transformations, query customisation and query permissions, making it a feature-rich and flexible enterprise platform for managing compliance. CIRIS can be configured by 3E or by the customer with or without reference to 3E. We initially configure CIRIS so that only users who are system administrators can customise it. However, system administrators can grant other users permission to customise the application if they desire.

Scaling

Scaling
Independence of resources Our hosting partner has built-in support for enterprise-class network segregation between client environments, and segregation between networks within client environments. On the application side, we monitor the response times for each customer, and adjust the system as necessary to maintain response times as stated in our service level agreements.

Analytics

Analytics
Service usage metrics Yes
Metrics types For each user, CIRIS keeps a record of the dates and times that the user logged in and logged out, along with which reports the user ran. CIRIS also includes an audit trail facility that can be configured to record every change to a field in a record as well as providing a function to view records that have been deleted.
Reporting types
  • API access
  • Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process No
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach CIRIS provides users the functionality to export any report to CSV format, which can be read by Microsoft Excel. Added flexibility for exporting data is provided through the CIRIS Application Programming Interface (API).
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 3E shall use all reasonable commercial efforts to ensure that CIRIS is operational and available 99.99% of the time in any calendar month, excluding the Scheduled Maintenance Time, and that it runs 90% of reports within 6 seconds, and all reports within 30 seconds. However, this does not apply to any performance issues cause by events outside of 3E’s control, customer equipment and/or third party equipment that is not within the primary control of 3E, limitations, delays, and other problems inherent in the use of the internet and electronic communications.
Approach to resilience Available on request.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels CIRIS allows system administrators to control access to the application and to individual reports. 3E provide support to named contacts.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We have Cyber Essentials accreditation. We are working towards compliance with ISO 27001 : 2013.
Information security policies and processes We have developed internal polices and procedures regarding information security. All employees must adhere to these policies and any breach reported to senior management. We perform audits to ensure that policies are being correctly followed.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have operational documents that detail the configuration of each component in the system. Any changes required must be documented, and must include the procedure for making those changes and a roll-back plan. This is then submitted to QA, who apply it to a test environment, evaluate it and perform regression testing prior to accepting/rejecting it. Once accepted, the operational documents are updated and a schedule for rolling out the change is drawn up.
Vulnerability management type Undisclosed
Vulnerability management approach 3E has a patch management policy that specifies that all critical patches released by vendors be applied within one month of their publication, and important patches within two months. News regarding potential treats come from signing-up to vendor news feeds and daily industry bulletins.
Protective monitoring type Undisclosed
Protective monitoring approach We collect and study the event logs and application logs of all servers involved in the delivery of CIRIS. Furthermore, we monitor firewall logs, web-server logs and database logs. Any potential compromise is recorded in the incident log and an investigation begun immediately.
Incident management type Undisclosed
Incident management approach 3E has a documented incident management policy that describes how to handle incidents. Users can report incidents via email or telephone.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £13750 to £46250 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial We provide a guided tour of the application and then give the customer a free unrestricted access to a fully-functional version of the application containing demo data. The trial period is usually for a period of up to one month.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑