Occupational Health Management Cloud software. Software for Occupational Health departments to manage cases, health surviellance, management and self referrals, pre placements, vaccinations & immunisations, travel health etc. Managers can complete on line referrals, staff can complete a range of forms and review reports. Book & manage appointments within the application.


  • Online Occupational Health management solution
  • Online forms to complete on laptop, desktop & mobile
  • GDPR features to support record retention, SARs, processing restrictions etc
  • Reports securely delivered online
  • Appointment booking & sync with all major calendars
  • Automated letters, emails, reports, text messages
  • Realtime reports & dashboards
  • Configurable by WICS and client
  • Interfaces with Audiometers and Spirometers
  • All data reportable & ability to create own reports simply


  • Access anywhere with web connectivity, mobile working, business continuity
  • Accessible, reduces reliance on paper, available 24/7
  • Demonstrate compliance with GDPR, supports SEQOHS, ISO accreditation etc
  • Securely delivered sensitive information 24/7 on self serve basis
  • Appointment managementand ease of use, single system for OH information
  • Reduces administration & streamlines processes in consistant manner
  • Evidence compliance and status of activity
  • Manage costs, ensure system reflects change in process, requiremnts etc.
  • Reduces data entry, provides easy comparisons of data
  • Powerful MI, track, trend, manage costs, react quickly


£0 per unit

Service documents


G-Cloud 11

Service ID

6 8 9 2 8 4 1 7 2 5 5 4 0 4 0



Guy Beaudin

+44 (0)844 692 8639

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Internet access

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our SLAs state between 1 - 4 hours depending upon severity however we aim to respond to all questions immediately they enter the support department
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Onsite support
Support levels
Unlimited phone, email, Zendesk support Monday - Friday 08:30 - 17:30 for issues and 'how to' type queries+ 20 hours of report writing time Dedicated Account Manager
Support available to third parties

Onboarding and offboarding

Getting started
Training is delivered as part of the implementation project, training documentation is supplied and accessible at any time. The WICS support team will provide guidance once you are using OPAS G2 as will your dedicated Account Manager.
Service documentation
Documentation formats
  • PDF
  • Other
Other documentation formats
MS Word & Videos
End-of-contract data extraction
Data can be provided by us
End-of-contract process
Data provided in format required, system decommissioned

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
Customisation available
Description of customisation
Field names can be changed, new forms can be created, existing forms changed, triggers and actions can be set i.e. automated emails. Automated Letter templates can be created and amended, new processes created etc.


Independence of resources
The support and project departments have the largeset teams of any at WICS. Cloud is easily scalable to accommodate increased usage.


Service usage metrics
Metrics types
Reports as reqired however OPAS G2 has a full audit capability
Reporting types
Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data is extracted from OPAS-G2 by the WICS DevOps team. Customers would specify the types of data required and rules for scoping.
Data export formats
Other data export formats
Data can be extracted in CSV or XML format
Data import formats
  • CSV
  • Other
Other data import formats
  • Data is bulk imported into OPAS-G2 by the WICS DevOpsteam
  • And can be done using CSV or XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The availability of the application is monitored from a remote location to ensure the system is available over the Internet. We strive for 99.5% uptime and regularly achieve 100% uptime during the month.
Approach to resilience
"Written on a full JavaScript stack, OPAS-G2 utilises modern frameworks/platforms such as React, Flux, Node.js, Express and MongoDB. These modern, yet proven, platforms enable OPAS-G2 to be secure, scalable and highly performant. The solution is developed in a dedicated Development environment using an agile methodology. Source code is securely stored, and code changes constantly audited and monitored.

Automated unit, integration and functional tests are ran daily to ensure bugs are not introduced and performance does not decrease. A dedicated QA team use a segregated environment to perform manual tests prior to releasing features to the DevOps team for integration into the Production environment.
Although there is a single load balanced and scalable OPAS-G2 application accessed by all customers – each customer has a dedicated and isolated data store. This prevents unauthorised access to information and/or contamination of data.
As OPAS-G2 is delivered on the IBM Cloud as a SaaS solution, data backups are automatically taken care of. Database backups are taken on a daily, weekly and monthly basis and are retained for 7 days, 4 weeks and 3 months respectively.
Databases backups are encrypted and remain within the UK.
Outage reporting
All services are monitored for uptime by WICS IT Team.  They will be notified as soon as there is any outage and remedial action taken as soon as possible.  Customers will be notified by WICS Support Desk if they are affected by any outage.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
OPAS-G2 is a role-based system and requires users to authenticate in order to gain access. The default method is Forms Authentication.
Access restrictions in management interfaces and support channels
"Security measures include: • Authentication tokens have a maximum life of 10 hours
• Captcha displayed after 5 incorrect login attempts
• Authentication token expires after 15 minutes of inactivity
• Magic links, i.e.password resets or applicant form requests, expire after 5 days
Default password policy states: Must be changed every 31 days
• Minimum length of 10 characters
• Unable to have 3 identical consecutive characters
• 2 categories of character (upper,lower,numerical,symbol) must be used
Credentials are always transmitted within a secure HTTPS tunnel. Additionally, all user passwords are encrypted/hashed within the database using bcrypt with individual salts.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
N/A Certification covers - All activities performed by Warwick International Computing Systems staff in relation to the delivery of management of internal and hosted IT systems, whether physical or cloud basedand the provision of Occupational Health and Health and Safety Management Software Solutions
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
Warwick International is committed to ensuring the fulfilment of customer needs and continuity of its business in the face of security breaches and unwanted events and has implemented an Information Security Management System (ISMS). This ISMS is compliant with ISO/IEC 27001 the international standard for information security.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
"The WICS IT Change Control Process is of paramount importance due to the potentially disruptive effects to users.
Adherence to this procedure is essential to ensure that Changes are thoroughly planned and documented, and properly executed. Un-authorised Changes are subject to investigation. The WICS change control roles are as follows:
Change Proposer: This is the person who requests the change
Change Manager: This is the person who approves the change
Change Implementer: All people who will be completing the work as part of the change
An individual cannot act as both the change proposer & change manager.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
"·       Systems will have antivirus deployed as per the Hosted Servers Policy / Internal Systems Policy. • Systems will be patched in accordance with the Internal Systems Policy / Hosted Servers Policy• Penetration testing will be performed by an agreed third party as part of the application development process (Development Procedures) or as the need arises as part of application or infrastructure improvement.Warwick International maintains an ongoing risk analysis of its information security assets in order to assess:
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
"Remote monitoring tools are used to monitor capacity:The Corporate and hosted infrastructures are monitored with PRTG & SpiceworksWAN links are monitored with PRTG Bandwidth is monitored by PRTG.All Warwick International event logs are protected and shall be maintained until the laptop or server’s event log repository exceeds 10MB. Following this, the oldest logs will be overwritten, as per Internal Systems Policy.
For hosted environment additional log files are retained for the purposes of tracing activity on a customer’s system as per the Hosted Server Policies and Procedures.The software installed on the Cloud Systems are entered into WICS asset management system.
Incident management type
Supplier-defined controls
Incident management approach
At the point an Information Security Incident occurs the employee should notify the Information Security Forum of this at the earliest possible opportunity. For this purpose, a form named ‘Information Security Incident’ form has been created on the company’s internal, Information Security SharePoint Site. This form should be used as the primary method for an employee to report all Information Security Incidents. Upon completion of the form, this facility will immediately alert the Information Security Forum by email when an incident has taken place.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£0 per unit
Discount for educational organisations
Free trial available

Service documents

Return to top ↑