Malinko Scheduling Software

Malinko Intelligent Scheduling Software

Clinically safe intelligent scheduling management system automates patient care scheduling, ensuring visits are appointed in an optimal way. Live data and location of staff collected from staff in the field. Mobile app enables service reporting and automates the mileage reclaims process. Staff feel safer with enhanced lone worker protection.

Features

  • Clinically safe intelligent scheduling and service management system
  • Unique clinical scheduling algorithm to optimally schedule patients care
  • Automated caseload scheduling and visit booking and mileage reclaim
  • Open and published APIs: Enables interoperability between organisations IT systems
  • Intuitive design with real-time service capacity and demand view
  • Set of service management reports including ‘Sit Rep’ reports
  • Realtime staff location view and lone worker delayed visit alerts
  • Android, iPhone and Windows apps with Mobile Device Management (MDM)
  • SMS and voice text patient visit reminder service
  • GDPR compliant, DSP Toolkit and ISO27001 certified

Benefits

  • Release ‘time to care’ by optimising the scheduling of care
  • Improve the quality and safety of the community nursing service
  • Reduce clinical risk, improve productivity, service delivery and patient care
  • Reduce costs and unwarranted variation by standardising service delivery
  • Safer and more equitable caseload allocations to staff.
  • Eliminate missed visits and scheduling errors
  • Improved caseload management and workforce management
  • Staff will feel safer through enhanced lone worker safeguarding arrangements
  • Improved staff satisfaction and improved recruitment and retention of staff
  • Reduce travel costs, patient complaints and enquiries

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Access to the web application
Microsoft Internet Explorer 11
Microsoft Edge (most up to date version)
Chrome (most up to date version)
Firefox (most up to date version)
Safari (most up to date version)
No additional plug ins are required

Mobile application
Android 6.0 +
iOS 7.1 +
Windows 10 phones, tablets and desktops/laptops.
NB. There may be some firewall configuration needed for full application functionality
System requirements
  • Internet connection
  • Chrome, Firefox, Safari, Edge or IE11
  • Separate licence per user
  • Suitable hardware if mobile app required

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Immediate (Severity 1): Response within 1 hour during Service Hours. e.g. Service Failure / Unavailability affecting many users across 1 or multiple sites.
<br>
Urgent (Severity 2): Response within 4 hours during Service Hours. e.g. Service Failure / Unavailability affecting few users at 1 or more sites.

Normal (Severity 3): Response within 1 Working Day. e.g. Non-urgent Service defect with workaround affecting 1 or more users. These defects will be logged and be deployed in a future software release subject to the terms.

Educational Support: Response within 1 hour during Service Hours with a target fix time of 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels Immediate (Severity 1): Where a call priority is Immediate, Malinko will respond to the call within 1 hour during Service Hours. e.g. Service Failure / Unavailability of the Service affecting many users across 1 or multiple sites.

Urgent (Severity 2): Where a call priority is Urgent, Malinko will respond to the call within 4 hours during Service Hours. e.g. Service Failure / Unavailability of the Service affecting few users at 1 or more sites.

Normal (Severity 3): Where a call priority is Normal, Malinko will respond to the call within 1 Working Day. e.g. Non-urgent Service defect for which a workaround can be provided affecting 1 or more users.

Non-urgent software issue: Non-urgent Service defects (those defects inherent within the Service but for which a workaround is available) that are affecting 1 or more users will be logged and be deployed in a future software release subject to the terms.

Educational Support: Where a call is purely an educational request, Malinko will respond to the call within 1 hour during Service Hours with a target fix time of 4 hours.

All response times are within the Service Hours and Working Days of Malinko Helpdesk.

Additional support levels available upon request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started There is a full project managed configuration, implementation and training plan. We provide on-site training with a train the trainer approach.

We provide full user documentation and assist with creating your Standard Operating Procedure.

Post implementation we have an online support ticketing system with associated online training support system and support articles.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • DOC
  • DOCX
End-of-contract data extraction Reports can be set up on the system for self service data export. Data is provided in csv format. For more specialised reports, the client can contact support.

Additionally, within thirty (30) days of termination, the Customer may request that Malinko shall provide an extract of the Customer Data to the Customer.
End-of-contract process Within thirty (30) days of termination, the Customer may request that Malinko shall provide an extract of the Customer Data to the Customer (in such file format as Malinko shall determine). Malinko hereby reserves the right to charge a fee to the Customer for providing the said extract in accordance with its then current applicable charges for such service. If the Customer fails to request the return of Customer Data within the thirty (30) day timeframe, then, to the extent permitted by Applicable Law, Malinko reserves the right to delete all Customer Data in its possession.

In the event of termination (for whatever reason), Malinko shall (for a period not exceeding 60 (sixty) Working Days after the date of termination or expiry) provide the Customer with reasonable co-operation to enable the Customer to make arrangements for the transition of the supply of the Service to an alternative provider. Malinko shall be entitled to charge the Customer at its prevailing day rate (as notified to the Customer from time to time) in respect of such assistance and co-operation.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service There is an optional mobile phone app, which is used for checking in/out of jobs and collecting information when out in the field - this does not have the full functionality of the main scheduling system and only allows collection of information on visits that have been allocated. This can be installed on iPhones, iPads, Android phones and tablets and Windows phones, tablets and desktops/laptops.
Service interface No
API Yes
What users can and can't do using the API Access to client information
Access to visit information (including services, notes)
Access to questions for a visit
Check in and out of a visit
Check status of a visit
Submit visit question results
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Full configuration support including account configuration, rules configuration, services configuration, custom fields for clients and users.

There are two levels of configuration: Account level - configured by Malinko internal staff.
Account manager level - client side staff with appropriate permissions can set up elements such as new service types.

Scaling

Scaling
Independence of resources We use an on-demand cloud computing infrastructure to provide additional capacity, both planned (ie during working hours vs out of hours), as well as automatically provisioning new servers based on load.

Analytics

Analytics
Service usage metrics Yes
Metrics types Malinko maintain audit trails of created, destroyed, edited or viewed records with time, date and IP address (for web app) or mobile device location (for mobile app).
Reporting types
  • API access
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Reports can be set up on the system for self service data export. For more specialised reports, the client can contact support.
Data export formats
  • CSV
  • ODF
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Uptime/availability for services is 99.9% during Service Hours.

Systems are subject to a planned maintenance strategy. Planned maintenance where possible will be accommodated outside of Service Hours without impacting the availability to Users to the System.
All planned maintenance will be subject to change control procedures and will be communicated to the Purchaser within a reasonable notice period.

Upon request we are able to refund on a prorata basis for any unplanned downtime which falls outside the 99.9% uptime availability.
Approach to resilience The application is split over physically separate availability zones, as well as a clustered database running over multiple physically separate availability zones.
Outage reporting Planned maintenance is communicated via in-app notifications and email communications to nominated contact within client. Support desk can give status updates.

For unplanned outages, there is a recorded process to communicate this with nominated contacts within client (whether in office hours or outside hours).

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels We have Access Control Specifications, with the principle that only those who are required have a particular level of access actually do so. Dependent upon the system and action taken, sometimes it will require authorisation from two staff. Access to some information is only allowed via super admin log on. All staff are required to have a DBS check and and some staff require BS7858 vetting.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date 17/02/2017
What the ISO/IEC 27001 doesn’t cover All activities are covered by the certification.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications NHS DSP Toolkit

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards NHS DSP Toolkit
Information security policies and processes We have ISO27001 and DSP Toolkit. We have the following policies in place which have a direct bearing on information security:
Acceptable use of internet and email policy, Access Control Policy, Anti-piracy Policy, Clear Desk and Clear Screen Policy, Cryptographic Controls Policy, Data Protection Policy, Data Retention Policy, Equipment disposal policy, Information Exchange Policy, Information Governance Policy, Information Sensitivity Policy, IT Policy, Laptop Policy, Leaving Policy, Media Destruction Policy, Network Security Policy, Network Systems Monitoring Policy, Remote Working Policy, Secure Development Policy, Security Policy, Security Incident Reporting Policy, Social Media Policy, USB memory sticks Policy, Virus Protection Policy, Whistleblowing Policy.

We have a number of associated processes and procedures designed to adhere to these policies. We have an ongoing process of internal auditing to ensure adherence to these policies and monthly ISMS management meetings.

There is a dedicated software system with recorded process for handling: Security incident, Non-conformity, Change Request.

Staff security awareness training takes place throughout the year with briefing sessions for any substantive policy changes.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach We have a change management process as part of ISO27001. All tickets are logged and tracked via our issue and project tracking software (JIRA) and the potential security impact is assessed as part of the process of signing off a ticket. All changes to the software are tracked in our version control system (Git).
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Server operating systems run Long Term Support versions which are regularly patched.

All application software changes resulting in failed tests or security vulnerabilities are blocked by continuous integration servers.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Role based access control, with audit trail of staff changes to records.

As part of the Information Security Management System we screen staff and we have ongoing training including security awareness. In the case of an incident or near miss we have an incident management procedure and recording process and the Information Security Management System Manager would always been informed.

Dependent upon the nature of the incident we may also inform the ICO and we may report it via the DSP Toolkit reporting tool.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach For incidents requiring business continuity actions, these are defined within the Business Continuity (Disaster Recovery) Plan.
IS events identified are recorded following the procedures relating to the identification, control and recording of incidents handled using existing escalation procedures when required. These events are assessed by the ISMS Committee ISMS Manager to determine if they are to be defined as information security incidents and when relevant, details are referred to Senior Management.
All comments and actions arising from any incident are recorded within the
recorded incident form and appropriate action is instigated - these can be provided upon request.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £6 per user per month
Discount for educational organisations No
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑