Assistive Partner Limited

Healthcare Courier Software

Assistive Partner Healthcare Courier Software is used to deliver & track packages and collect/deliver and track pathology supplies.

The software is implemented to manage processes without paper and to use GS1 barcodes, GPS tracking and digital signatures to track and record the service delivery and performance.


  • Point of delivery by scanning barcodes
  • Inventory track & trace using barcode data
  • Collection rounds management, with automated rescheduling
  • Samples collection & re-delivery end-to-end paperless management
  • Warehouse & purchasing management
  • Delivery & field service logistics using paperless smartphone app
  • Facilitate GS1 & PEPPOL compliance
  • Asset management & mobile workforce
  • Business process compliance management


  • Provide delivery records and recipient signature or photographic evidence
  • Enhance accuracy and traceability
  • Enhance efficiency, improve compliance and reduce cost
  • Reduce administration and improve tracking accuracy
  • Increase visibility and efficiency, providing mobile workforce tools
  • Reduce paper and offer realtime visibility and performance tracking
  • Introduce paperless processes that reduce errors and decrease administration
  • Allows track, trace and service recording on-the-move
  • Forces compliance and reduces associated risk


£500 to £3000 per instance per month

Service documents

G-Cloud 10


Assistive Partner Limited

David Elliott

0844 335 6791

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints To use Healthcare Courier as a mobile workforce solution in the warehouse (scanning and moving stock) and in the field (scanning stock deliveries and recording service delivery) requires apps on either the ruggedized PDA or smartphones.
All other processes are carried out using the software online.
System requirements UNIQUS just requires internet access.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Monday to Friday 08.30 to 17.00 we create a response within 1 hour.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support costs are included in our software subscription charges.

Initial liaison is via a technical product manager, engineers are subsequently involved if required.

Priority 1 – Critical Issues that render the whole system as unusable. For example: Application errors that affect the majority of users. Or inability to login into system. Resolution time: 1 Day maximum

Priority 2 – High Significant loss of functionality, but does not render the whole system unusable. For example not being able to create content (i.e. clients), or application errors triggered in one part of the system. Resolution time: 2 Days maximum

Priority 3 - Medium Some loss of functionality, such as a filter or drop down list not working, or a report not running. Resolution time: 7 Days maximum.

Priority 4 – Low Queries / Questions that have no impact on current system use, such as operational queries or cosmetic corrections (typos etc.). Resolution time: 14 Days maximum.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Assistive Partner has a comprehensive implementation plan and that is managed by a qualified, experienced project manager.

Implementation includes: site discovery visits; plan creation & sign-off; on-site training and online user documentation, including video tutorials.

Our customers get a login to our Wiki-style Knowledge Base, which has a searchable library of user guides and online release notes for each new upgrade.
Service documentation Yes
Documentation formats
  • ODF
  • PDF
  • Other
Other documentation formats Video tutorial streaming
End-of-contract data extraction We recognise that whilst the software IP is always our property, the data within the database belongs exclusively to the customer.

This can be exported and passed to the customer as SQL, CSV or XML data files and passed securely using secure ftp folders.

We have the facility to archive and retain data at the request of the customer and have done that for some local authorities for a defined period, post-contract.
End-of-contract process The export of stock and client data is included in the price of the contract.

If the customer requires specific formatting of this data, there will be charges at our standard day rate.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service To use the software as a mobile workforce solution in the warehouse (scanning and moving stock) and in the field (scanning stock and recording service delivery) requires apps on either the ruggedized PDA or smartphones.
Accessibility standards WCAG 2.0 A
Accessibility testing We have worked with the London Borough of Brent to ensure a partially-sighted user could use Dragon voice-activated AT to use our UNIQUS software successfully.
What users can and can't do using the API This is used to transfer data to and from say, a hospital catalogue or a healthcare organisation's finance solution e.g. Oracle, Agresso, SAP etc.
To make changes requires a written specification change request and our technical team's testing.
No other change process is acceptable.
API documentation Yes
API documentation formats ODF
API sandbox or test environment Yes
Customisation available Yes
Description of customisation The software has been developed with a significant amount of configuration options.
In particular, the system user's login profile can determine which pages, menu options and other access is available to them.

Many system workflows have restricted permissions e.g. value of purchasing authority; which, if exceeded alerts an authoriser or line manager who is required to intervene and authorise the activity.

There are many dynamic tools which allow authorised users to create users and user groups, forms, standard message templates and inventory move rules.

Customisation is restricted to system users with high-level administrator rights.


Independence of resources As our business grows, we continue to invest in expanding and upgrading our infrastructure.
We carefully monitor server performance and always ensure there is adequate capacity.
Our modelling of how much load various quantities of concurrent users will cause is carried out periodically to ensure we have adequate headroom to ensure optimum performance.


Service usage metrics Yes
Metrics types All use of our software is captured within a database.
There are numerous reports and dashboard tools for system users to measure system use.
We often work with customers to develop new embedded reports.
Some customers have VPN access to read-only SQL database tables in order to configure bespoke reports as required.
Reporting types
  • API access
  • Real-time dashboards
  • Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Less than once a year
Penetration testing approach In-house
Protecting data at rest Physical access control, complying with CSA CCM v3.0
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Whilst reports to capture a significant amount of detail can be run by users with appropriate levels of authority, it is better if our database team is clearly empowered and briefed to create export files.
These are passed securely to customers using secure ftp folders and can be configured in a format to suit the customer.
We ask whether the customer wants us to remove all trace of data from our servers or whether they wish us to retain data for a defined period.
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • SQL
  • XML
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats MS Access

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability During the last eleven consecutive years, Assistive Partner has been able to deliver 0% downtime due to software issues to all customers, including over 25,000 clinical professionals who use our systems to prescribe vital healthcare equipment on behalf of NHS and Social Services.
Our customers have experienced just under three hours of server access issues during the eleven year period due to two separate hardware failures. We learned from such events and improved redundancy. Overall eleven year access has been higher than 99.9996% uptime and there has been 100% uptime during the last three years.
All of our customers have a SLA guarantee of 99.8% always-on.
We have a reimbursement of a percentage of subscriptions (the levels vary by customer) for any month we fail to deliver this level of service.
Approach to resilience Assistive Partner’s offices are in Redditch, Worcestershire. Servers which host the licensed software are owned by our company and sited in a Tier 4 secure, managed network data centre in Redditch. The rack space at our primary data centre is supplied by Datatech UK Ltd who have had a problem-free contractual relationship with Assistive Partner for many years during which there has been almost zero down-time. Datatech UK Ltd manage nightly backup processes for Assistive Partner, to a secondary data centre in London. All data is mirrored between co-located servers in real-time. In addition the Company retain automated daily database backups on their server at Redditch. Since spring 2016, a new Disaster Recovery (DR) installation has been available on Assistive Partner servers at a separate secondary midlands data centre run by Six Degrees Ltd . The data on these DR servers is provided by ongoing transaction log shipping and is current to within a maximum of one hour of the primary data.
Both Tier4 data warehouse sites we use have a certificated ISO9001 QA systems and have achieved certification to ISO 27001 . Data is stored behind up to date firewalls on secure database servers with intrusion detection.
Outage reporting Yes, we have (as part of our Business Continuity Policy) a procedure for both telephone calls to named individuals and emails to designated parties as an instant alert to our customers.
We keep them informed using a public-facing website dashboard, with ten minute updates on any situation and how rectification is being dealt with.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Each login identifies the user and their associated permissions profile. The system automatically restricts their access in terms of page views, menu options and financial or catalogue item levels.
The user is setup and managed by an authorised and trained system administrator at customer level.
Many system workflows have restricted permissions e.g. value of purchasing authority; which, if exceeded alerts an authoriser or line manager who is required to intervene and authorise the activity.
Dynamic tools allow creating users and user groups, forms, standard message templates and inventory move rules. Changes are restricted to system users with high-level administrator rights.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyds Register LRQA
ISO/IEC 27001 accreditation date 27/06/2015
What the ISO/IEC 27001 doesn’t cover The certification covers all data centre and connectivity services.
The database is not specifically included.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach We manage through two key documented policy documents. Both provide for quarterly reviews and the responsible person is the managing director.
The Data Policy provides that each employee (and contractor if appropriate) signs an undertaking to follow specific procedures and rules. Our company also deploys thorough screening and frequent training and associated feedback in the context of security.
The Business Continuity Policy has clear procedures regarding the assets we use to store data and details how we ensure there is adequate protection regarding restricted physical access, preventing damage, adequate redundancy and secure backups in case of system failure.
Information security policies and processes Our comprehensive Data Policy and Procedures state that Assistive Partner has a responsibility to ensure that the Licensed Software Users’ data stored on its hosted media is always secure, whether at rest or in transit.
Assistive Partner has appointed the Managing Director as the responsible Data Controller. This responsibility includes the periodic and thorough examination of procedures to ensure they are fit for purpose and the clear, unambiguous dissemination of responsibility to each of the Company’s employees.
Adherence to this Policy involves all staff, who are individually and collectively responsible for the security of data whilst at rest on our media and any movements of such data which may become necessary to meet the requirements of our Licensed Software Users. This policy is provided and explained to each employee by the Managing Director at the time of their induction.
Assistive Partner has registered with the Information Commissioner’s Office (ICO) and has been assigned a register entry certificate number of Z9878227. This certificate is renewed annually at the end of April. The company's Data Policy applies to all of the Company’s employees.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Assistive Partner operates a robust change management procedure. Each software application has a comprehensive testing protocol at point of launch.
The protocol includes security testing, with emphasis on password protected login etc.
Whenever there is a change to our software (which is usually a combination of new features and improvements to existing functionality), the software is allocated a new release number.
Each new release has comprehensive release notes published within our online Knowledge Base website, which also contains controlled access to our online helpdesk ticketing system.
New releases are tested to a strict regime. Each customer has a UAT site.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach We assess threats to our service via:
Continuous monitoring of traffic.
Unified threat management software.
We deploy patches, as available on a bi-weekly basis to Windows OS and our Sophos anti-virus software. We do this in realtime without service interruption.
We deploy patches to UNIQUS software as required in a similar fashion.
We depend upon Microsoft, Sophos and Cyberoam for threat alerts.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Potential compromises would be alerted to us as unusual audit log activity, which has automated alerts and we have periodic reviews manually as well.
Should we get an alert, our procedures are pre-determined and our technical management become actively engaged in investigating, determining actual threat level and source and solving.
Our response would be immediate, but so far we have not had any such incidents.
Incident management type Supplier-defined controls
Incident management approach Our Business Continuity Policy and our Data Policy are regularly reviewed and updated. Each has a risk analysis and pre-defined processes for identified potential risks.
External users report incidents using online ticketing desk or internal users report to their line management.
To date, we have not had to include any serious incidents. For continuous improvement reasons, each month, we analyse any issues which have required action. This would include serious incidents if they occur.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks Yes
Connected networks New NHS Network (N3)


Price £500 to £3000 per instance per month
Discount for educational organisations No
Free trial available No


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑