Business Systems (UK) Ltd

Digital Interview Recording for the Department of Health & NHS

Interview Recording solutions from Business Systems incorporate digital, video and audio recording capabilities. Secure and accurate Interview Recording with military-grade security and storage for the NHS and other Department of Health needs. The digital Interview Recording solutions turn conversations into powerful insight. Record, review and analyse conversations on or off-site.

Features

  • Digital video Interview Recording for HR and patient interviews
  • Portable units available for offsite Interview Recording
  • Access and share Interview Recordings with authorised users anywhere
  • Segment dialogue into key themes based on organisation's unique metrics
  • Proprietary Interview Recording and transcription technology
  • Market-leading Interview Recording Supplier with NHS experience and know-how
  • Long-term military grade storage and unique microphone technology
  • Fast and fully tailored Interview Review process
  • Trusted choice by the Home Office for Interview Recording
  • Sophisticated artificial intelligence for powerful risk analysis and complete visibility

Benefits

  • Reduce paper files and management costs through digitised Interview Recording
  • Reduce time spent interviewing and focus on addressing specific problems
  • Achieve compliance and improve conduct - PACE, GDPR and DPA
  • Increased public security through safer information sharing
  • Quickly identify interview trends and patterns
  • Honest and unbiased representation of an interview
  • Conduct secure Interview Recording on-site or out in the field
  • Improve training and development of staff through Interview Recording evidence
  • No tapes, CD's or 2nd-tier storage archive required
  • Improved Management Information with easier information sharing

Pricing

£85 per device per month

Service documents

G-Cloud 10

629250767517580

Business Systems (UK) Ltd

Julie Kerman

0208 326 8326

contact@businesssystemsuk.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints Minimum supported hardware requirements for recording devices are: 2Gz dual­core processor for Windows PCs that will use the advanced fixed­position microphones 1Ghz single core processor for Windows PCs or Laptops that will use the field microphones. Buyers will need enough bandwidth to upload and work with audio. Firewalls and proxy­servers may need additional configuration to allow certain types of content, including audio, 'straight through'.
System requirements Firewalls / proxy servers must whitelist the Service for audio

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 98% of support phone calls are answered within 5 seconds by our Customer Service centre. They will log a case and assign the priority of the query or problem. Typically Business Systems provide technical 1st response within 20 minutes for Support related issues. Response times differ outside core business hours due to the automated routing of calls. A 24 hour facility is available where cases can also be logged 24/7 (calls are routed to the Out Of Hours Team; emails would be logged and picked up the first business day). Tailored support is also possible e.g. manned 24/7 help desk.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Onsite support
Support levels Business Systems provides five levels of support including:

1. Platinum - Full support, 24 hours a day, 365 days per year with 4 hours response (remote access is a pre requisite).

2. Gold - Full support, 0800-2000 hours a day, 365 days per year with 4 hours response (remote access is a pre requisite)

3. Silver - Standard on-site support (including telephone support), 0800-
2000 Monday-Saturday; Response time of 8 hours UK (typically 4 hours in the City of London)

4. Bronze - Basic on-site support (including telephone support), 0900-1700 Monday-Friday; Response time of 8 hours UK (typically 4 hours in the City of London)

5. Tailored Service Level based on the customer's requirements e.g. custom support hours, on-site support, technical account manager etc.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User documentation is provided as standard. Where required, training is provided on site and delivered by Business Systems Consultants (see pricing document). Training is 'Train the Trainer' based, to enable additional training to be conducted internally.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction If required, bulk extraction is performed by Business Systems (as per the pricing document) using audio and metadata formats according to the needs of the customer. Media types and electronic and physical delivery must be specified by the customer.
End-of-contract process Where required, data extraction is charged on a time and materials basis and managed by Business Systems (see pricing document). Buyers may request the inclusion of fixed offboarding costs on their Call Off Contracts but will need to specify maximum extraction volumes, media and metadata formats and delivery methods, as audio media typically requires large electronic files.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install Yes
Compatible operating systems
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The face to face digital interviewing experience is virtually identical between iPad, laptop and mobile versions. The iPad version may not support as richly customised eForms.
Accessibility standards WCAG 2.0 A
Accessibility testing User interfaces have been tested with users of common screen-reader technologies. Audio equipment has been tested with a variety of conductive loop technologies. Please note that as the service specifically deals with user-generated audio there are aspects of WCAG, particularly at AA and AAA levels, where alternative access methods cannot be provided.
API Yes
What users can and can't do using the API Optional API access must be licenced as an Add On (as outlined in the pricing document). Currently, provisioning features, such as setup or user provisions are not available via the API. All operational system features, such as uploading, accessing or downloading records are available using the API.

Individual API methods are role restricted to the credentials being used for API access.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisation is performed through requests to Business Systems, either as part of the Call Off Contract or through change requests throughout the contract.

Typical customisation areas concern the Capture Form for use by users or management information (MI) requirements. Some buyers choose to customise or extend areas of the service functionality that require some amount of supplementary software development.

Scaling

Scaling
Independence of resources Capacity is proactively managed. An N+1 approach is applied to all system design to ensure there are extra compute resources at all times beyond that required for peak user utilisation. Customers that have particularly high volume usage, or spikes in their workloads may be provided with dedicated compute infrastructure to ensure they do not interfere with other users.

Analytics

Analytics
Service usage metrics Yes
Metrics types A real-time management information system is included in the electronic portal. This allows service usage to be broken down by key medadata, as captured by the form system, that may include departments and user identities. Breakdowns by telephony and metadata will depend on whether the information is electronically supplied to the service as part of any integration or import.
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Recordsure

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Individual audio records and generated PDF records may be exported via the electronic portal by authorised users. Where required by the customer, bulk export will need to be managed by Business Systems according to the daily rate in the pricing document.
Data export formats
  • CSV
  • Other
Other data export formats
  • WAV
  • OPUS
  • JSON
  • XML
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • WAV
  • OPUS
  • MP3
  • Verint CODEC
  • Other audio CODECS
  • JSON
  • XML
  • PDF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99% availability for viewing of stored files.
Approach to resilience All software and infrastructure uses an N+1 availability model and all hardware is high availability.
Outage reporting Incident reporting is via email, with critical incidents notified by telephone.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Multiple tiers of authentication must be performed in order to access management interfaces and systems. These include private-key based authentication, remote desktop access and username and password combinations with strong minimum password complexity rules.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 UKAS
ISO/IEC 27001 accreditation date In the process of migrating to UKAS accredited Certificate due September 2017
What the ISO/IEC 27001 doesn’t cover All operational areas are covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Certificate

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Business Systems's ISO 27001 certification covers the full scope of the business including all systems, operations and personnel.

All security incidents posing a threat to the information storage and processing facilities are reported and documented. For each reported incident it is required that a thorough investigation is conducted and remedial action taken leading to a satisfactory closure. All employees and contractors are made aware of what constitutes an information security incident and are familiar with the reporting procedures.

It is the responsibility of all employees and subcontractors to report any information security incident or suspicion to the ISO Security Officer and ensure that the incident is duly recorded on the Information Security Incident form. It is the responsibility of the Security Incident Management to take appropriate action to provide a prompt response to the incident and to facilitate normal operation as soon as safely possible. This is overseen by the Board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All configuration and change management processes are fully covered by ISO27001 certification and ISMS. All change is approved via a Change Advisory Board where all change requests are assessed via a number of security impact criteria. All changes are pre-configured and tested, with automated deployment to ensure consistency of production releases with pre-production testing.
Vulnerability management type Supplier-defined controls
Vulnerability management approach A Continuous Systems Improvements team meets monthly to evaluate and mitigate risks and vulnerabilities. There is in addition, subscription to vendor and independent vulnerability forums and newsfeeds. Critical patches are often performed as zero-day fixes, following testing.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All servers and computers utilise anti-virus and anti-malware protection. Intrusion Detection Systems are also utilised at the network edge. Consolidated logging and alerting are used to ensure notification and rapid response to potential incidents.
Incident management type Supplier-defined controls
Incident management approach Incident management processes are in line with ISO 27001 accredited governance procedures. Users can report incidents by telephone and email. System alerts also notify of incidents. Critical outages or other significant incidents are immediately notified by telephone, with non critical incidents initially notified by email. All incidents are reported in document format by email following root cause investigation.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £85 per device per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑