Enodatio Consulting Ltd

Cross Charges - Managing Out-Of-Area Sexual Health Charges

Streamline your out-of-area cross charging process for sexual health activity / GUM services.
Providers can identify each responsible local authority, issue charges with compliant backing data and track invoices.
Local authorities / councils can automatically check backing-data to validate cross-charges against customisable rules and process valid invoices from providers.

Features

  • Simple and easy to use system for managing cross-charges
  • Providers upload all activity data in standardised formats
  • Providers automatically identify which Local Authorities to invoice
  • Providers submit invoices with GDPR compliant backing-data to LAs
  • Providers track processing of invoices through to payment
  • Local Authorities define customisable rules for validating out-of-area activity
  • Local Authorities automatically identify charges provided with validated backing data
  • Local Authorities track processing of valid or disputed invoices
  • Various reports available to track / audit activity levels

Benefits

  • Spend less time managing the cross charging process
  • Providers spend less time calculating charges / issuing invoices
  • Providers spend less time chasing for payment
  • Local Authorities spend less time validating whether charges are payable
  • Local Authorities spend less time in disputes over backing data
  • Easy to manage, even when key staff are on leave

Pricing

£2000 to £4500 per licence per year

  • Free trial available

Service documents

G-Cloud 11

781382712327708

Enodatio Consulting Ltd

Jon Gilbert

08447422133

sales@enodatio.com

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Planned maintenance will be announced to users and scheduled to avoid peak times (e.g. month-end).
System requirements
  • Web-browser interface
  • Providers to upload charges in standardised Excel format

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 8hr business day response, Monday - Friday 9am -5pm excluding Bank Holidays.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Cross Charges is a Software-as-a-Service product with Service Desk, Hosting, Infrastructure Support all included within the cost. Standard Service Desk support is the same for all customers: Service Desk hours 9am to 5pm weekdays (except bank holidays), accessed via email or phone, responses within 8 hours (typically within 1 hour), severity one incidents addressed within a further 8 hours. The Service Desk is staffed with trained and experienced staff who able to resolve the majority of incidents on the first call.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The standard onboarding process is free and consists of the initial set-up and user training. We set up the administrators who can then manage the rest of the staff. Each customer will have an account manager who takes care of the onboarding process to enable the correct configuration set-up and user familiarisation with the software. Users have access to user guides. Integrated user help is built into the software and online training is provided.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users can access their cross charges data in CSV/ODF/Excel format at the end of the contract.
End-of-contract process Users can access their cross charges data in CSV/ODF/Excel format at the end of the contract, without additional charge.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install No
Designed for use on mobile devices No
API No
Customisation available Yes
Description of customisation Users can configure validation rules (e.g. local authorities can set when they will pay charges) via the web interface. This configuration can be restricted by user roles.

Scaling

Scaling
Independence of resources Performance across all customer systems is monitored with real-time dashboard displaying utilisation of processor, memory and disk, and extra capacity can be added if required.

Analytics

Analytics
Service usage metrics No

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach The system allows users to generate spreadsheets in a standardised format via a web interface, to export their cross charges information.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats Excel (.xlsx)
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats Excel (.xlsx)

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability Cross Charges SLA is 99.9% availability during core hours (9am to 5pm weekdays except bank holidays) and 99% outside core hours with the exception of scheduled maintenance. Maintenance windows for application enhancements, system patching and security updates are notified to the user and scheduled outside peak times (i.e. outside core hours and avoiding month-end where possible)

If availability falls below 99.9% in core hours in a month - users are refunded 10% of licence fee for that period.
Approach to resilience Cross Charges' datacentre setup is resilient through redundant hardware, ensuring continuity of service to our guaranteed SLA. In the unlikely event of a full site disaster, our offsite backups ensure disaster recovery processes can be quickly and efficiently enacted. More information is available to our customers on request.
Outage reporting Customers are alerted by email if any significant outage has occured or is occuring.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Support channels can only be used by recognised and registered personnel. Management interfaces and access to them are fully controlled by the customer who can assign roles and responsibilities as required.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Data centre has ISO/IEC 27001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards Other
Other security governance standards Our data centre's security governance is certified to ISO/IEC 27001.
Information security policies and processes All staff and subcontractors comply with an integrated business management system, which contractually obliges them to follow this, with disciplinary actions linked in with all policies and procedures we operate. All staff have direct line managers who report to a Director.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All proposed Change Requests (CRs) to Cross Charges are reviewed and must be approved in advance at senior level. They are assessed in relation to product development pathways, infrastructure management and information security prior to any approval. The CR specifies all configurations items that will be impacted by the change and, once the change has been completed, tested and implemented the product manager verifies that these changes have been logged centrally.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our operations team are tasked with ensuring all security threats are assessed for likelihood and impact. Security patches are applied during scheduled maintenance. Severe risks may result in a low-impact unscheduled maintenance window while critical risks may result in immediate suspension of service for application of security patches. All patches/hot-fixes recommended by the equipment/software vendors are installed, even if those services are temporarily or permanently disabled.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Compromises are determined through system monitoring. If a compromise is detected the operations team are informed and will assess the severity and liaise with any clients affected. Incidents are dealt with immediately where clients are always informed within the hour with our basic analysis of the situation.
Incident management type Supplier-defined controls
Incident management approach We operate full business management to meet compliance and follow an incident management procedure. All parties should report incidents to the company via their normal channel and incident reports will be provided in response.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £2000 to £4500 per licence per year
Discount for educational organisations No
Free trial available Yes
Description of free trial Three-month trial versions of the service are available for new clients.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑