iRIS Health Simulation Authoring Platform
iRIS is a unique web-based platform to help you design high quality health simulation scenarios and offer the best learning experience possible, as well as helping you get the best value from the investments you have made in manikins and other resources.
- Standardised web development template for simulation scenarios
- Step by step template and guidance to improve quality
- Collaborative authoring
- Develop a centralised repository of simulation scenarios
- Sharing of simulation scenarios across departments and organisations
- Access with any web browser on any device
- Ensure scenarios are developed in a standardised, high quality manner
- Reduce the time required for designing scenarios
- Reduce the time and effort required to train colleagues
- Build engagement with a wider range of clinicians
- Drive interprofessional collaboration/sharing of content with other simulation professionals
£250 per user per year
|Software add-on or extension||No|
|Cloud deployment model||Private cloud|
|System requirements||None. Only a web browser is required|
|Email or online ticketing support||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||Support is included to the administration team of iRIS. This is typically managed remotely. Onsite support is available from a consultant at a cost of £850 + VAT per day plus expenses at cost.|
|Support available to third parties||No|
Onboarding and offboarding
|Getting started||Each client signing up to iRIS receives support from the Product Management Team through a serious of online inductions. This includes supporting the client in the development of their first scenarios.|
|End-of-contract data extraction||All scenarios can be explorted as Microsoft Word files|
|End-of-contract process||At the end of the contract exporting of scenarios is included. Contracts may be renewed. All access to the solution will be revoked on the date of expiry, but not permanently deleted for a period of 90 days to allow late renewal if required.|
Using the service
|Web browser interface||Yes|
|Application to install||No|
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||None. iRIS is built using a responsive design.|
|What users can and can't do using the API||IRIS utilises Microsoft SharePoint meaning that the SharePoint APIs are available to access the information held. This means that integration with other solutions is possible and we are happy to explore with clients.|
|API sandbox or test environment||No|
|Independence of resources||IRIS is held on virtual servers with Rackspace to ensure that the solution can be easily scaled as required.|
|Service usage metrics||Yes|
|Metrics types||Metrics can be requested by clients to understand which users have accessed iRIS. The system automatically records and notifies teams of content changed by team members.|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||Encryption of all physical media|
|Data sanitisation process||No|
|Equipment disposal approach||A third-party destruction service|
Data importing and exporting
|Data export approach||Scenarios can be exported by the user as Microsoft Word files|
|Data export formats||CSV|
|Data import formats||CSV|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
The target for 24/7 Service Availability is 99.00% of the time in any given month. The target for Service Hours availability is 99.5%.
Downtime exists when all or a significant number of customers are unable to access the application and is measured from the time the issue ticket is opened until the downtime condition as defined here no longer exists.
Service hours for this service are 8.30 to 17.30 on normal business working days (excluding bank holidays and public holidays).
Contract terms may be renegotiated if we failed to meet this level of availability
|Approach to resilience||
IRIS is hosted by Rackspace, within their SharePoint Cloud.
Rackspace are a Tier 4, ISO27001 compliant datacentre in the UK.
The technical resilience of the service is supported through:
• Use of an established data-‐centre, Rackspace, registered to ISO27001
• Multiple data-‐lines and ISPs to the data-‐centre
• High specification Cloud server for the application and data.
Each night an image of the whole server is fully replicated to a second virtual server so this can be fully restored to another virtual server. This
is an automated process.
Each Sunday, an image of the whole server is fully replicated to a third
virtual server so this can be fully restored to another virtual server.
This is an automated process.
At any point in time there are therefore two complete images of the server
– a daily and the most recent weekly image. These two methods provide a
robust and secure backup process should a rebuild of the services ever be
Prior to software upgrades we take a full backup of the SharePoint Farm.
This enables complete recovery of a previous version if required.
|Outage reporting||Clients will be notified of an outage by email from our support team in the event of any problems. We will always strive to rectify problems as soon as possible.|
Identity and authentication
|User authentication needed||Yes|
|Other user authentication||We utilise SharePoint Claims Authentication|
|Access restrictions in management interfaces and support channels||
Support is given administrators only and identity is confirmed via security questions.
Management interface access is restricted through a permissions model incorporated in to the iRIS solution. Access is via username and password using SharePoint Claims Authentication.
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||BSI accredited Rackspace. Certificate IS 636168|
|ISO/IEC 27001 accreditation date||07/10/15|
|What the ISO/IEC 27001 doesn’t cover||N/a|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Who accredited the PCI DSS certification||Visa accredited Rackspace|
|PCI DSS accreditation date||01/06/2009|
|What the PCI DSS doesn’t cover||N/a|
|Other security certifications||Yes|
|Any other security certifications||
|Named board-level person responsible for service security||Yes|
|Security governance certified||No|
|Security governance approach||
Security is included in all staff induction and regular briefings are held with all staff.
All staff credentials are recorded securely
Any breach is recorded in a security incident log
The log and improvement are reviewed quarterly
|Information security policies and processes||
All information security is overseen by Alex Clark, Managing Director and Product Director in collaboration with Rackspace, our ISP used for hosting. Information security policies form part of all staff inductions. Any breach is reported directly to Alex Clark.
All client data falls into two categories
Restricted – disclosure causes significant risk to clients and/or TWME8
Private – disclosure causes moderate risk to clients and/or TWME8
We are responsible for ensuring the security of data held
Access to systems:
- Auto-secure of unattended workstations
- Auto-secure of TFS Server
- User Authentication for each Developer
- All code changes tracked
- All versions of code maintained
- Rackspace – RDP Autosecure
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
A defined SDLC process is followed. All tasks are tracked and managed via project management software. Strict quality guidelines and followed for all aspects of the solution development process including development, Testing, code review, code management, etc. Code is managed and stored in Team Foundation Server with scheduled backups.
All client driven change requests are controlled and managed using Vivantio and Wrike is used for internal change requests. Before client server update, backups are taken to ensure complete reversibility in case of any unexpeceted issues.
Regular Daily and Weekly cloud servers backups are automated
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Logs are reviewed on a monthly basis to identify any potential threats. Should a vulnerability be detected, it is treated as urgent and prioritised over all other development and hotfixes issued as quickly as possible. Should an incident be identified or reported, we aim to respond to incidents within 4 hours.|
|Incident management type||Supplier-defined controls|
|Incident management approach||
Whether incidents are internal or external, users are asked to complete our Incident Response Report Form which is then added to our Incident Log. Information captured includes a summary, notifications made and action taken.
For each incident there is a post incident analysis which generates a lessons learnt. Processes are then updated accordingly.
|Approach to secure software development best practice||Supplier-defined process|
Public sector networks
|Connection to public sector networks||No|
|Price||£250 per user per year|
|Discount for educational organisations||No|
|Free trial available||No|