Cloud Data Service Limited

Healthy Hive

Case management and reporting software for delivering holistic wellbeing services, managing payments for outcomes and spanning the boundaries for joined up care across LTCs, social prescribing, health checks, mental health, smoking cessation and other public health issues to identify multi-morbidity cases and where cost savings can be made.


  • Web-based access from any device
  • Custom export
  • Advanced reporting in real-time
  • Full patient view
  • Fine-grained permissions for different users
  • Link with GPs for social prescribing
  • Dedicated support service from Vital Service
  • Dynamic dashboards


  • Manage cases from anywhere
  • Easily find data for reporting requirements
  • Little to no burden on local IT
  • Highlights multi-morbidity cases
  • Measure outcomes faster
  • Hourly back ups taken as standard in UK data centres


£3000 per licence per quarter

  • Education pricing available

Service documents

G-Cloud 9


Cloud Data Service Limited

David Jamieson

0191 495 7465

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints There is a minimum hardware requirement
System requirements
  • Latest major version of most modern web browsers is prefered.
  • A stable/fixed internet connection (of at least 1Mbit) is required.
  • Browsers must have cookies and javascript enabled.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email acknowledgement is automated and sent immediately.
The service desk is operated 9am-5pm Monday to Friday.
Emails and tickets send outside this time will be dealt with as soon as possible during the next working day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Minimum email and phone support is included with cost:
Monday - Friday, 9am to 5pm
Coverage outside this time can be arranged and will be costed separately.
A named person will deal with your support request and follow it through to resolution.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Included with the service:
Online training through the demo site and video consultation (Skype or TocBox) one half day for administrators. Or at a venue in Newcastle upon Tyne.
Administrators are set up by us and they are then expected to set up their own users.
User documentation.

Services that can be arranged for addition cost:
Other users set up.
Onsite training at your place of business.
Additional data imports.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction After the extraction is requested, the data is provided in a suitable raw format delivered in a secure way that is mutually beneficial to both parties.
End-of-contract process Data extraction and purging is included.
If extra third party assurances are required, that would incur an additional cost.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Must still be accessed via internet connection and browser
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing Testing has not been officially carried out with users of assistive technology but has been tested against independent measurement sites and by our partner company Vital Service who deal with the user-facing side of the service.
We are confident that the service meets the selected standard but have no official assurances to offer at this time.
What users can and can't do using the API An API in RESTish, JSON can be provided but we will need the details of what the buyer expects from it at the time of onboarding.
API documentation Yes
API documentation formats Other
API sandbox or test environment No
Customisation available Yes
Description of customisation Outcome reporting and dashboard views can be customised per user. Further customisation requirements can be discussed at the onboarding stage if necessary.


Independence of resources Our dedicated server through our hosting company can handle ad hoc requests placed on it. The usage is also managed by our hosting company who would when excessive loads were placed, would accommodate for that automatically - then notify us and get us to change our expected usage and buy more space from them. However the likelihood of this happening is small as we always have a certain percentage free just in case.


Service usage metrics Yes
Metrics types Google analytics will be added if you give us a Google account to add at the time of onboarding.
Other metrics can be added separately on request.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Users are able to export their data in CSV format, and in PDF from the reporting functionality available in the system.
If there are any other requests for data in a different format, this can be requested from the support desk and this will be provided where necessary.
Data export formats
  • CSV
  • Other
Other data export formats Additional cost may be incurred for something other than CSV
Data import formats
  • CSV
  • Other
Other data import formats Additional cost may be incurred for something other than CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability At the datacentre level, backups are taken hourly. These are both transferred and stored off-site using encryption.
Backups can be restored at any time.
Should the service suffer catastrophic hardware failure, it can be brought back online within four hours. If the datacentre suffers a serious disaster, service can be resumed within 24 hours.
Financial recompense model for not meeting service levels is not offered at a generic level, but individual terms can be agreed with customers at time of purchase if required.
Approach to resilience The server infrastructure is managed by a trusted third party, Paragon Internet Group Ltd t/a Vidahost. Further information is available on request.

Under normal conditions, the service will be fully available 24/7. Monitoring systems will be in place to detect any issues relating the availability of the service. Issues will be reported immediately, and dealt with as soon as possible during office hours.
Outage reporting Outage reporting will be done via email alerts by Vital Service.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication 2-factor authentication
Access restrictions in management interfaces and support channels Where someone requests change over the telephone, this is verified by email. Access to project management tool (Trello) is restricted to management also and they would have to put in a secondary request through this channel to authorise any changes.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Exova BM Trada
ISO/IEC 27001 accreditation date 16/02/2015
What the ISO/IEC 27001 doesn’t cover Nothing, the whole company is covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our policies and processes are part of the scope of our ISO27001 certification.
Internal yearly information security training takes place for all staff and all hands information security meetings take place quarterly.
Because we are a micro company everyone directly reports to the Managing Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Using a project manangement tool, Trello, roadmapping and ISO27001 controls
Vulnerability management type Supplier-defined controls
Vulnerability management approach Details of how we monitor for attack, misuse or malfunction can be found in our ISMS, if you would like further information please request. We are happy to work with a buyer to put in place a robust monitoring system of their choosing to entirely meet their needs at the time of onboarding.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We respond to compromise, potential or otherwise, by following our procedures that make up part of our ISMS.
If you would like details on this please get in touch and we can forward you the relevant documentation.
Incident management type Supplier-defined controls
Incident management approach We have implemented the relevant controls regarding incident management from ISO 27001 into our system.
We have pre-defined processes for reporting incidents and reports are created as part of our ISO 27001 management system.
Users can report incidents to the IT helpdesk generally and there is a dedicated email for submitting faults and information security risks and breaches to.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £3000 per licence per quarter
Discount for educational organisations Yes
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑