Alphatec Software Ltd

Claim Control - Incident, Claims and Insurance Risk Management Software

Alphatec Software's ClaimControl is an award winning incident, claims and insurance risk management SaaS solution that helps you efficiently manage all incidents, all types of claims, policies and more in a single, simple to use system.

The solution is written specifically for the insured organisations benefit


  • Integrated diary action system with built in workflow
  • Document and image management
  • Ability to add fields and workflows
  • Detailed financial and insurance planning reporting
  • Automatic highlighting of potentially fraudulent claims
  • Highly configurable solution - ClaimControl fits your organisation
  • Client / Partner / Schools Portals
  • Integrated First Notification of Loss with Automatic Notifications workflow
  • Complete audit trail of changes


  • Supports home working and hot desking
  • Reduces administration costs, saving you time and freeing up resources
  • Real-time visibility and evidence on all incidents and claims
  • Proven industry track record of fast, efficient and configured implementations
  • Reduction in claims/incidents due to improved visibility of trends
  • All corespondance, policy documents and photographs are at your fingertips
  • Automatic service levels, escalation and jackson reminders ensures claim progression
  • ClaimControl is continually enhanced to meet your needs


£110 per person per month

Service documents

G-Cloud 9


Alphatec Software Ltd

Brian Boyce

0845 680 1911

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No
System requirements
  • Users must have access to a web browser
  • Users should have access to a PDF viewer
  • Users should have access to a Excel viewer

User support

User support
Email or online ticketing support Email or online ticketing
Support response times During normal Support Hours on weekdays we respond

To level 1 and 2 queries within 15 mins
To level 3 and 4 queries within 4 hours

Weekend support for users is not provided as standard but can be provided at an agreed cost.

The system is monitored and supported 24/7/365.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a single level of support for all our users.

This support is included in the cost of the subscription. Each account is allocated a primary account manager and primary support contact.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Alphatec use our expertise in dealing with hundreds of organisations to help guide new accounts through the process of configuring and setting up their account in order to gain maximum benefit.

As part of the implementation process we provide onsite training or online training depending organisations preference.

There is also user documentation available as well as in application helpin a number of the modules.
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Online on certain modules
End-of-contract data extraction Over 97% of ours users have never unsubscribed, choosing instead to extend their subscription but for anyone who does wish to end the contract we will supply all of their information in .CSV format with all of the relevant linkages to allow them to relate it.

All of the information in ClaimControl always belongs to the client, unlike in some other claims systems we have had users migrate from.
End-of-contract process At the end of the contract the user is required to give notice of wishing to end the contract. At that point in time we will start discussions with them to agree a date when they want us to supply their information to allow them to have a seamless transition. We will then discuss the informational needs and will supply them with their information on the day they want it delivered and once they confirmed receipt of the information we will revoke their access to the account. If they would like us to we will hold their data on the system for up to 2 weeks to allow them to ensure they have everything they need for moving forward and will then confirm with them that we are going to delete their information from ClaimControl permanently. The information will then be deleted. At all stages we will work with the client to help ensure the move is as simple and easy for them as possible.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10+
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service The mobile and desktop services are identical but the system has been designed to be responsive so that the screen rendering takes account of the size and form factor of the mobile device being used.

Certain add-on applications are not available for the mobile as yet:

1. The bulk document and image uploader
2. MS Word Add-In
Accessibility standards None or don’t know
Description of accessibility At the moment the the system has no specific audio alternative or media alternative for disabled users. The system has been designed using standard HTML5 front end and therefore most browser accessibility enhancements and features will work with the system.
Accessibility testing No interface testing with users of assistive technology has been carried out
Customisation available Yes
Description of customisation Users are able to add new fields, values and options. They can even specify what types of clams these appear on.

Unlike many systems these user defined fields also become part of the data they can report on enabling this information to be used productively - immediately.

The organisational structure can be configured by the user as can all organisational specific values in drop downs throughout the system.

Any users with administration access can also customise what features and functions the users have access to even down to very specific actions within areas of the system (e.g. admin access users can configure what roles exist and what any users in each role can do).


Independence of resources Resource utilisation is monitored and flexed to ensure the system operates quickly and smoothly for all users.


Service usage metrics Yes
Metrics types Users can themselves report on the various metrics including user use of the system, number of incidents / claims recorded etc.
Reporting types
  • Regular reports
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
Other data at rest protection approach In addition to the above the network and database are also both secured and the users password credentials are encrypted.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can export their data in a number of ways including Excel, PDF and CSV (simplified excel)
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks We also implement a number of additional security measures to ensure security of both the system, the communication and the users data. e.g. we implement secret key authentication on all pages to protect users from cross site scripting.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability The applications are monitored 24 hours a day, 365 days a year, with 24 hour support at network, developer and DBA level.

We guarantee 99.9% up time. We do not provide refunds.
Approach to resilience This information is available on request
Outage reporting Through our web site, e-mail alerts and twitter.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces is secured and in addition, the feature group and features are enforced such that even if communication were compromised the protection cannot be circumvented
Access restriction testing frequency At least once a year
Management access authentication Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information No audit information available
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Our Datacentres that host and operate ClaimControl are accredited

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We work closely with our data centre provider who are the UK's most accredited cloud company to ensure our clients data is both physically and digitally secure.

At the application level all system upgrades are reviewed for functionality, resilience and informational security at both the design and pre-test code review stages. This helps ensure that security is considered as much a part of the system as functionality.
Information security policies and processes All releases are subject to security assessments based on the following criteria:
a) New or Major Application Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.
b) Third Party components – will be subject to full assessment after which it will be bound to policy requirements.
c) Point Releases – will be subject to an appropriate assessment level based on the risk of the changes in the application functionality and/or architecture.
d) Patch Releases – will be subject to an appropriate assessment level based on the risk of the changes to the application functionality and/or architecture.
e) Emergency Releases – An emergency release will be allowed to forgo security assessments and carry the assumed risk until such time that a proper assessment can be carried out. Emergency releases will be designated as such by a Director or appropriate manager who has been delegated this authority.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All change management is managed through our change management system Jira and Confluence.

All source changes are managed through source control.
Vulnerability management type Supplier-defined controls
Vulnerability management approach This information is available on request.
Protective monitoring type Undisclosed
Protective monitoring approach We have threat detection and DDoS protection within the datacentre and also have the application configured to provide logging and automatic notification of both errors and unauthorised behaviours.
Incident management type Supplier-defined controls
Incident management approach Users can report incidents by e-mail or by telephone to our support team. We have documented processes in place for common events (e.g. user access etc).
All support incidents are logged in Jira our incident management system and tracked through the SCRUM broads.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £110 per person per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Terms and conditions document View uploaded document
Return to top ↑