Occupational Health Management Cloud software. Software for Occupational Health departments to manage cases, health surviellance, management and self referrals, pre placements, vaccinations & immunisations, travel health etc. Managers can complete on line referrals, staff can complete a range of forms and review reports. Book & manage appointments within the application.


  • Online Occupational Health management solution
  • Online forms to complete on laptop, desktop & mobile
  • GDPR features to support record retention, SARs, processing restrictions etc
  • Reports securely delivered online
  • Appointment booking & sync with all major calendars
  • Automated letters, emails, reports, text messages
  • Realtime reports & dashboards
  • Configurable by WICS and client
  • Interfaces with Audiometers and Spirometers
  • All data reportable & ability to create own reports simply


  • Access anywhere with web connectivity, mobile working, business continuity
  • Accessible, reduces reliance on paper, available 24/7
  • Demonstrate compliance with GDPR, supports SEQOHS, ISO accreditation etc
  • Securely delivered sensitive information 24/7 on self serve basis
  • Appointment managementand ease of use, single system for OH information
  • Reduces administration & streamlines processes in consistant manner
  • Evidence compliance and status of activity
  • Manage costs, ensure system reflects change in process, requiremnts etc.
  • Reduces data entry, provides easy comparisons of data
  • Powerful MI, track, trend, manage costs, react quickly


£0 per unit

Service documents


G-Cloud 11

Service ID

6 8 9 2 8 4 1 7 2 5 5 4 0 4 0



Guy Beaudin

+44 (0)844 692 8639

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements Internet access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Our SLAs state between 1 - 4 hours depending upon severity however we aim to respond to all questions immediately they enter the support department
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Unlimited phone, email, Zendesk support Monday - Friday 08:30 - 17:30 for issues and 'how to' type queries+ 20 hours of report writing time Dedicated Account Manager
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training is delivered as part of the implementation project, training documentation is supplied and accessible at any time. The WICS support team will provide guidance once you are using OPAS G2 as will your dedicated Account Manager.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats MS Word & Videos
End-of-contract data extraction Data can be provided by us
End-of-contract process Data provided in format required, system decommissioned

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service N/A
Service interface No
Customisation available Yes
Description of customisation Field names can be changed, new forms can be created, existing forms changed, triggers and actions can be set i.e. automated emails. Automated Letter templates can be created and amended, new processes created etc.


Independence of resources The support and project departments have the largeset teams of any at WICS. Cloud is easily scalable to accommodate increased usage.


Service usage metrics Yes
Metrics types Reports as reqired however OPAS G2 has a full audit capability
Reporting types Reports on request


Supplier type Reseller providing extra support
Organisation whose services are being resold OPAS G2

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data is extracted from OPAS-G2 by the WICS DevOps team. Customers would specify the types of data required and rules for scoping.
Data export formats Other
Other data export formats Data can be extracted in CSV or XML format
Data import formats
  • CSV
  • Other
Other data import formats
  • Data is bulk imported into OPAS-G2 by the WICS DevOpsteam
  • And can be done using CSV or XML

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The availability of the application is monitored from a remote location to ensure the system is available over the Internet. We strive for 99.5% uptime and regularly achieve 100% uptime during the month.
Approach to resilience "Written on a full JavaScript stack, OPAS-G2 utilises modern frameworks/platforms such as React, Flux, Node.js, Express and MongoDB. These modern, yet proven, platforms enable OPAS-G2 to be secure, scalable and highly performant. The solution is developed in a dedicated Development environment using an agile methodology. Source code is securely stored, and code changes constantly audited and monitored.

Automated unit, integration and functional tests are ran daily to ensure bugs are not introduced and performance does not decrease. A dedicated QA team use a segregated environment to perform manual tests prior to releasing features to the DevOps team for integration into the Production environment.
Although there is a single load balanced and scalable OPAS-G2 application accessed by all customers – each customer has a dedicated and isolated data store. This prevents unauthorised access to information and/or contamination of data.
As OPAS-G2 is delivered on the IBM Cloud as a SaaS solution, data backups are automatically taken care of. Database backups are taken on a daily, weekly and monthly basis and are retained for 7 days, 4 weeks and 3 months respectively.
Databases backups are encrypted and remain within the UK.
Outage reporting All services are monitored for uptime by WICS IT Team.  They will be notified as soon as there is any outage and remedial action taken as soon as possible.  Customers will be notified by WICS Support Desk if they are affected by any outage.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication OPAS-G2 is a role-based system and requires users to authenticate in order to gain access. The default method is Forms Authentication.
Access restrictions in management interfaces and support channels "Security measures include: • Authentication tokens have a maximum life of 10 hours
• Captcha displayed after 5 incorrect login attempts
• Authentication token expires after 15 minutes of inactivity
• Magic links, i.e.password resets or applicant form requests, expire after 5 days
Default password policy states: Must be changed every 31 days
• Minimum length of 10 characters
• Unable to have 3 identical consecutive characters
• 2 categories of character (upper,lower,numerical,symbol) must be used
Credentials are always transmitted within a secure HTTPS tunnel. Additionally, all user passwords are encrypted/hashed within the database using bcrypt with individual salts.
Access restriction testing frequency At least every 6 months
Management access authentication 2-factor authentication

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BSI
ISO/IEC 27001 accreditation date 23/08/2016
What the ISO/IEC 27001 doesn’t cover N/A Certification covers - All activities performed by Warwick International Computing Systems staff in relation to the delivery of management of internal and hosted IT systems, whether physical or cloud basedand the provision of Occupational Health and Health and Safety Management Software Solutions
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards Cyber Essentials Plus
Information security policies and processes Warwick International is committed to ensuring the fulfilment of customer needs and continuity of its business in the face of security breaches and unwanted events and has implemented an Information Security Management System (ISMS). This ISMS is compliant with ISO/IEC 27001 the international standard for information security.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach "The WICS IT Change Control Process is of paramount importance due to the potentially disruptive effects to users.
Adherence to this procedure is essential to ensure that Changes are thoroughly planned and documented, and properly executed. Un-authorised Changes are subject to investigation. The WICS change control roles are as follows:
Change Proposer: This is the person who requests the change
Change Manager: This is the person who approves the change
Change Implementer: All people who will be completing the work as part of the change
An individual cannot act as both the change proposer & change manager.
Vulnerability management type Supplier-defined controls
Vulnerability management approach "·       Systems will have antivirus deployed as per the Hosted Servers Policy / Internal Systems Policy. • Systems will be patched in accordance with the Internal Systems Policy / Hosted Servers Policy• Penetration testing will be performed by an agreed third party as part of the application development process (Development Procedures) or as the need arises as part of application or infrastructure improvement.Warwick International maintains an ongoing risk analysis of its information security assets in order to assess:
Protective monitoring type Supplier-defined controls
Protective monitoring approach "Remote monitoring tools are used to monitor capacity:The Corporate and hosted infrastructures are monitored with PRTG & SpiceworksWAN links are monitored with PRTG Bandwidth is monitored by PRTG.All Warwick International event logs are protected and shall be maintained until the laptop or server’s event log repository exceeds 10MB. Following this, the oldest logs will be overwritten, as per Internal Systems Policy.
For hosted environment additional log files are retained for the purposes of tracing activity on a customer’s system as per the Hosted Server Policies and Procedures.The software installed on the Cloud Systems are entered into WICS asset management system.
Incident management type Supplier-defined controls
Incident management approach At the point an Information Security Incident occurs the employee should notify the Information Security Forum of this at the earliest possible opportunity. For this purpose, a form named ‘Information Security Incident’ form has been created on the company’s internal, Information Security SharePoint Site. This form should be used as the primary method for an employee to report all Information Security Incidents. Upon completion of the form, this facility will immediately alert the Information Security Forum by email when an incident has taken place.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £0 per unit
Discount for educational organisations No
Free trial available No

Service documents

Return to top ↑