TWME8 Limited

iRIS Health Simulation Authoring Platform

iRIS is a unique web-based platform to help you design high quality health simulation scenarios and offer the best learning experience possible, as well as helping you get the best value from the investments you have made in manikins and other resources.

Features

  • Standardised web development template for simulation scenarios
  • Step by step template and guidance to improve quality
  • Collaborative authoring
  • Develop a centralised repository of simulation scenarios
  • Sharing of simulation scenarios across departments and organisations
  • Access with any web browser on any device

Benefits

  • Ensure scenarios are developed in a standardised, high quality manner
  • Reduce the time required for designing scenarios
  • Reduce the time and effort required to train colleagues
  • Build engagement with a wider range of clinicians
  • Drive interprofessional collaboration/sharing of content with other simulation professionals

Pricing

£250 per user per year

Service documents

Framework

G-Cloud 11

Service ID

6 8 2 4 5 3 5 3 9 1 2 2 8 1 9

Contact

TWME8 Limited

Gary Taylor

07976 908934

gary.taylor@twme8.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None
System requirements
None. Only a web browser is required

User support

Email or online ticketing support
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support is included to the administration team of iRIS. This is typically managed remotely. Onsite support is available from a consultant at a cost of £850 + VAT per day plus expenses at cost.
Support available to third parties
No

Onboarding and offboarding

Getting started
Each client signing up to iRIS receives support from the Product Management Team through a serious of online inductions. This includes supporting the client in the development of their first scenarios.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
All scenarios can be explorted as Microsoft Word files
End-of-contract process
At the end of the contract exporting of scenarios is included. Contracts may be renewed. All access to the solution will be revoked on the date of expiry, but not permanently deleted for a period of 90 days to allow late renewal if required.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None. iRIS is built using a responsive design.
Service interface
No
API
Yes
What users can and can't do using the API
IRIS utilises Microsoft SharePoint meaning that the SharePoint APIs are available to access the information held. This means that integration with other solutions is possible and we are happy to explore with clients.
API documentation
No
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
IRIS is held on virtual servers with Rackspace to ensure that the solution can be easily scaled as required.

Analytics

Service usage metrics
Yes
Metrics types
Metrics can be requested by clients to understand which users have accessed iRIS. The system automatically records and notifies teams of content changed by team members.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Scenarios can be exported by the user as Microsoft Word files
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The target for 24/7 Service Availability is 99.00% of the time in any given month. The target for Service Hours availability is 99.5%.

Downtime exists when all or a significant number of customers are unable to access the application and is measured from the time the issue ticket is opened until the downtime condition as defined here no longer exists.

Service hours for this service are 8.30 to 17.30 on normal business working days (excluding bank holidays and public holidays).

Contract terms may be renegotiated if we failed to meet this level of availability
Approach to resilience
IRIS is hosted by Rackspace, within their SharePoint Cloud.

Rackspace are a Tier 4, ISO27001 compliant datacentre in the UK.

The technical resilience of the service is supported through:
• Use of an established data-­‐centre, Rackspace, registered to ISO27001
• Multiple data-­‐lines and ISPs to the data-­‐centre
• High specification Cloud server for the application and data.

Backups
Each night an image of the whole server is fully replicated to a second virtual server so this can be fully restored to another virtual server. This
is an automated process.

Each Sunday, an image of the whole server is fully replicated to a third
virtual server so this can be fully restored to another virtual server.
This is an automated process.

At any point in time there are therefore two complete images of the server
– a daily and the most recent weekly image. These two methods provide a
robust and secure backup process should a rebuild of the services ever be
required.

Prior to software upgrades we take a full backup of the SharePoint Farm.
This enables complete recovery of a previous version if required.
Outage reporting
Clients will be notified of an outage by email from our support team in the event of any problems. We will always strive to rectify problems as soon as possible.

Identity and authentication

User authentication needed
Yes
User authentication
  • Username or password
  • Other
Other user authentication
We utilise SharePoint Claims Authentication
Access restrictions in management interfaces and support channels
Support is given administrators only and identity is confirmed via security questions.

Management interface access is restricted through a permissions model incorporated in to the iRIS solution. Access is via username and password using SharePoint Claims Authentication.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI accredited Rackspace. Certificate IS 636168
ISO/IEC 27001 accreditation date
07/10/15
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Visa accredited Rackspace
PCI DSS accreditation date
01/06/2009
What the PCI DSS doesn’t cover
N/a
Other security certifications
Yes
Any other security certifications
  • UK DATA PROTECTION ACT 1998 AND EU DIRECTIVE 95/46/EC
  • SAFE HARBOR

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security is included in all staff induction and regular briefings are held with all staff.

All staff credentials are recorded securely
Any breach is recorded in a security incident log
The log and improvement are reviewed quarterly
Information security policies and processes
All information security is overseen by Alex Clark, Managing Director and Product Director in collaboration with Rackspace, our ISP used for hosting. Information security policies form part of all staff inductions. Any breach is reported directly to Alex Clark.

All client data falls into two categories
Restricted – disclosure causes significant risk to clients and/or TWME8
Private – disclosure causes moderate risk to clients and/or TWME8
We are responsible for ensuring the security of data held
Access to systems:
- Auto-secure of unattended workstations
- Auto-secure of TFS Server
- User Authentication for each Developer
- All code changes tracked
- All versions of code maintained
- Rackspace – RDP Autosecure

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
A defined SDLC process is followed. All tasks are tracked and managed via project management software. Strict quality guidelines and followed for all aspects of the solution development process including development, Testing, code review, code management, etc. Code is managed and stored in Team Foundation Server with scheduled backups.

All client driven change requests are controlled and managed using Vivantio and Wrike is used for internal change requests. Before client server update, backups are taken to ensure complete reversibility in case of any unexpeceted issues.
Regular Daily and Weekly cloud servers backups are automated
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible. Should an incident be identified or reported, we aim to respond to incidents within 4 hours.
Incident management type
Supplier-defined controls
Incident management approach
Whether incidents are internal or external, users are asked to complete our Incident Response Report Form which is then added to our Incident Log. Information captured includes a summary, notifications made and action taken.
For each incident there is a post incident analysis which generates a lessons learnt. Processes are then updated accordingly.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£250 per user per year
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑