Sitekit

NHS & Care Cloud Platform

The NHS & Care Cloud Platform comprises both software components (functional) and documentation (non-functional) designed to enable a digital network that securely connects health and care professionals, citizens and their family and friends to locally specified digital self-care services/apps.

Features

  • Personal Health Record (PHRs)
  • Open APIs
  • Data sharing and consent management services
  • Circle of care management services
  • Citizen authentication services
  • Professional authentication services
  • Provider registration services
  • Service bus for cloud messaging
  • Business Intelligence (BI) services
  • Audit log

Benefits

  • Empower the citizen to managed their health records
  • Build a plug-and-play ecosystem of dHealth apps
  • Enable explicit and informed consent
  • Make it easy and secure for citizens to log in
  • Make it easy and secure for professionals to log in
  • Facilitate inter-organisation data flow
  • Understand which dHealth apps/services your citizens use
  • Maintain a secure log of system access

Pricing

£9000 to £120000 per licence per year

  • Minimum contract period: Year
  • Excluding VAT
  • Trial option available

Service documents

G-Cloud 8

722847745576813

Sitekit

Sales and Marketing

0845 299 0900

sales@sitekit.net

Support

Support
Support service type
  • Service desk
  • Email
  • Phone
  • Onsite
Support accessible to any third-party suppliers Yes
Support availability 24/7/365
Standard support response times Per level definition as documented in this listing's service description section eight, Service Levels
Incident escalation process available Yes

Open standards

Open standards
Open standards supported and documented Yes

Onboarding and offboarding

Onboarding and offboarding
Service onboarding process included Yes
Service offboarding process included Yes

Analytics

Analytics
Real-time management information available Yes

Cloud features

Cloud features
Elastic cloud approach supported Yes
Guaranteed resources defined Yes
Persistent storage supported Yes

Provisioning

Provisioning
Self-service provisioning supported No
Service provisioning time 5 days
Service deprovisioning time 5 days

Open source

Open source
Open-source software used and supported No

Code libraries

Code libraries
Languages your code libraries are written in
  • .NET
  • JSON
  • PHP
  • Angular JS

API access

API access
API access available and supported Yes
API type RESTful, SOAP

Networks and connectivity

Networks and connectivity
Networks the service is directly connected to Internet

Access

Access
Supported web browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Offline working and syncing supported No
Supported devices
  • PC
  • Mac
  • Smartphone
  • Tablet

Certifications

Certifications
Vendor certification(s)
  • Microsoft Partner Gold Independent Software Vendor (ISV)
  • ISO 9001:2008

Identity standards

Identity standards
Identity standards your service uses
  • SAML
  • OpenID Connect
  • OAuth
  • WS-Federation

Data storage

Data storage
Datacentres adhere to the EU code of conduct for energy-efficient datacentres Yes
User-defined data location Yes
Datacentre tier TIA-942 Tier 1
Backup, disaster recovery and resilience plan in place Yes
Data extraction/removal plan in place Yes

Data-in-transit protection

Data-in-transit protection
Data protection between user device and service

Asset protection and resilience

Asset protection and resilience
Datacentre location
Data management location
Legal jurisdiction of service provider UK, assured by Service provider assertion
Datacentre protection Yes, assured by Independent validation of assertion
Data-at-rest protection
Secure data deletion Other erasure process, assured by Service provider assertion
Service availability 99.9%, assured by Contractual commitment

Separation between consumers

Separation between consumers
Cloud deployment model Public cloud, assured by Independent validation of assertion
Type of consumer Anyone - public, assured by Independent validation of assertion
Services separation Yes, assured by Independent testing of implementation
Services management separation Yes, assured by Service provider assertion

Governance

Governance
Governance framework Yes, assured by Service provider assertion

Configuration and change management

Configuration and change management
Change impact assessment Yes, assured by Service provider assertion

Vulnerability management

Vulnerability management
Vulnerability assessment Yes, assured by Service provider assertion
Vulnerability monitoring Yes, assured by Service provider assertion
Vulnerability mitigation prioritisation Yes, assured by Service provider assertion
Vulnerability tracking Yes, assured by Service provider assertion
Vulnerability mitigation timescales Yes, assured by Service provider assertion

Event monitoring

Event monitoring
Event monitoring Yes, assured by Service provider assertion

Incident management

Incident management
Incident management processes Yes, assured by Service provider assertion
Consumer reporting of security incidents Yes, assured by Service provider assertion
Security incident definition published Yes, assured by Service provider assertion

Personnel security

Personnel security
Personnel security checks

Secure development

Secure development
Secure development Yes, assured by Service provider assertion
Secure design, coding, testing and deployment Yes, assured by Service provider assertion
Software configuration management Yes, assured by Service provider assertion

Supply-chain security

Supply-chain security
Visibility of data shared with third-party suppliers Yes, assured by Service provider assertion
Third-party supplier security requirements Yes, assured by Service provider assertion
Third-party supplier risk assessment Yes, assured by Service provider assertion
Third-party supplier compliance monitoring Yes, assured by Service provider assertion

Authentication of consumers

Authentication of consumers
User authentication and access management Yes, assured by Service provider assertion
User access control through support channels Yes, assured by Service provider assertion

Separation and access control within management interfaces

Separation and access control within management interfaces
User access control within management interfaces Yes, assured by Service provider assertion
Administrator permissions Yes, assured by Service provider assertion

Identity and authentication

Identity and authentication
Identity and authentication controls

Secure service administration

Secure service administration
Service management model

Audit information provision to consumers

Audit information provision to consumers
Audit information provided Data made available, assured by Service provider assertion

Secure use of the service by the customer

Secure use of the service by the customer
Device access method
Training Yes, assured by Service provider assertion
Return to top ↑