The Access Group

Access Care Planning

Access Care Planning is the UK's leading cloud-based digital care-planning, monitoring, case-management, eMAR, workflow solution. Delivered by browser and mobile app (online/offline), it removes paper, improves quality and compliance. Part of the Access Care Suite (used by 5,800+ registered providers), it's easy-to-use and helps you deliver outstanding care.


  • Comprehensive electronic records
  • Fully customisable electronic records and forms
  • Accessed through a synchronised web portal and mobile application
  • Customisable 'rules' trigger automated workflow including emails, task creation etc.
  • Mobile application is fully offline capable
  • Alerts for missed activities/jobs/tasks
  • Inbuilt reports module - create bespoke (and exportable) reports
  • Mobile NFC/QR functionality - confirm staff time and attendance
  • Activity and task management
  • Live monitoring dashboard, showing field staff's arrival and activity completion


  • Improve operational efficiency and save money.
  • Improve service responsiveness
  • Reduce: Duplication, communications lags, errors, safety and security breaches
  • Single version of truth - no multiple/contradictory versions of records
  • Application for all IOS and Android tablets or smartphones
  • Web portal accessible on any web browser
  • Automated alerts for critical missed activities
  • Customisations can be made easily by your organisation
  • Create reports on any aspect of your organisation and services
  • Easy to use for all levels of technical ability


£3.00 to £24.00 a person a month

Service documents


G-Cloud 12

Service ID

9 5 8 4 3 2 0 7 0 6 3 0 8 8 3


The Access Group Natalie Giles-Grant
Telephone: 01206322575

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Service add-on type
Yes, but can also be used as a standalone service
Other services extension
Access Workspace, Access People Planner, Access Care Compliance
Cloud deployment model
Public cloud
Service constraints
System requirements
  • Internet Access via supported browsers (html5 enabled)
  • Mobile application for Android and iOS devices only

User support

Email or online ticketing support
Email or online ticketing
Support response times
Access has developed a range of support plans. Our online Knowledge base and Community service plans are available to all our clients. We have made significant investment in our client support tools. The Success portal provides around the clock access to log incidents, browse articles and videos to find solutions. Our Support teams are available M-F 9-5 ( or 8-6 on Standard/Premium) On these plans P1 cases are responded to in 1 hour. Please refer to Access for further details
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Priority Description Response time Target resolution time

Priority 1 The entire Access Product service is "down" and inaccessible. Complete failure of Access Product Telephone Based Electronic Monitoring Service (where applicable). This does not include local Customer issues for example, but not limited to Customer infrastructure or internet connectivity issues. Priority 1 incidents shall be reported by telephone only when outside Normal Business Hours. Within two hours during Extended Business Hours. Within four hours during Extended Business Hours. Continuous effort after initial response and with Customer co-operation.

Priority 2 Operation of Access Product is severely degraded, or major components of Access Product are not operational and work cannot reasonably continue. Within 4 hours during Normal Business Hours. Within two Business Days after initial response.

Priority 3 Certain non-essential features of Access Product are impaired while most major components of Access Product remain functional. Within 12 hours during Normal Business Hours. Within seven Business Days after initial response.

Priority 4 Errors that are non disabling or cosmetic and clearly have little or no impact on the normal operation of Access Product. Within 24 hours during Normal Business Hours. Next release of Access Product.
Support available to third parties

Onboarding and offboarding

Getting started
Access Care Planning provides a number of different types of deployment plans, including on-site training and configuration, Web based training programs, on-line video and electronic documentation.
Service documentation
Documentation formats
End-of-contract data extraction
Users can run reports using the custom export facility in the software. Also clients are passed their data upon request, subject to standard T's & C's.
End-of-contract process
At the end of the contract the client is given 30 days to migrate any data before it is erased from all servers.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
Application to install
Compatible operating systems
  • Android
  • IOS
Designed for use on mobile devices
Differences between the mobile and desktop service
All records can be accessed and updated on the web console or the mobile application (the latter even if offline)

The mobile app element can be used to mark as complete/incomplete tasks specific to a job, for example a site visit or community care visit. It can also be used to start and complete visits with NFC/QR code verification.

Creating/viewing reports is not available on the mobile app
Service interface
What users can and can't do using the API
Access Care Planning provides an API over a number of key entities, including Employee, service user, location data etc. The API end points provide CRUD functions.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
API sandbox or test environment
Customisation available
Description of customisation
Digital record sections, digtial forms, workflow rules, user roles and permissions, reports, can all be customised

Customisation can be carried out with no technical expertise (beyond the level of using packages such as Microsoft Word/Powerpoint) using a drag and drop form builder, changing role permissions and types using check boxes and inbuilt wizards for creating bespoke automation rules and reports.

Customisation is controlled based on user type (for example tenant admin or manager) and carried out through the secure web portal.


Independence of resources
Access Care Planning's hosted servers are monitored and load balanced ensuring that the service can expand sufficiently if required. In addition to this we use automated monitoring tools to alert us when demands on resource meet or exceed certain thresholds (CPU, RAM, I/O, disk usage etc). The infrastructure is sized to deliver comfortable capacity for even our peak service periods.


Service usage metrics
Metrics types
Customers can review service usage in real time dashboards from within the software. These show numbers of users, number of claims submitted, etc.
Reporting types
  • Real-time dashboards
  • Regular reports


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
The end user can export data from Access Mobizio in .CSV and .XLS formats.

Electronic forms and documents can also be exported by the end user as PDF documents when required.
Data export formats
  • CSV
  • Other
Other data export formats
  • XLSX`
  • PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • XLSX
  • XLS
  • Delimited text
  • PDF
  • .doc

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance. Our monthly availability has not dropped below 99.8% in any 4 week period in the last 12 months.
Approach to resilience
The Access Hosting solution has been designed to enterprise level with the highest possible specification for resilience and replication. Split across 2 of the UK’s premium data centres, the solution delivers replication and recovery options that are unrivalled in the mid-market arena. The solution operates in a near continuous state across both datacentres minimising data loss in the event of a total data centre blackout. This is achieved using Zerto Virtual Replication and VMWare vSphere being delivered as a service to the Access user. The solution has been designed so that there is no hardware single point of failure. Dual Firewalls are used to connect to dual switches, SANs and Physical Hosts. Internet connectivity is protected using the Border Gateway Protocol (BGP) ensuring connectivity in the event an outage of an upstream Internet Service Provider occurs. The Physical hosts run VMWare ESX and operate within a VMWare vSphere cluster. One cluster node is located in Telehouse with the second in Equinix. The use of these technologies ensures that storage and virtual machines are resident in both datacentres giving maximum flexibility in the case of a disaster.
Outage reporting
Users can subscribe to email alerts giving updates on scheduled maintenance and outages. An online portal is also available to clients

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
We operate role profile based Access Control - based on least privilege access. This applies to all our services
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Nothing is excluded from the Standard
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
All controls included within Annex A of the ISO27001:2013 standard.
Statement Of Applicability (SOA) available on request.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window.
AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months.
Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability. Any vulnerabilities found and fixes provided by third party suppliers are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response is within 1 hour in the SLA period 8am-8pm Monday – Friday.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We operate a robust incident management process in line with ISO27001:2013
Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site
Incident reports will be provided following forensics and closure

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£3.00 to £24.00 a person a month
Discount for educational organisations
Free trial available

Service documents