Mosaic Social Care Case Management System
Mosaic is designed for adult’s, children’s case management and associated finance services. It simplifies the recording and monitoring of pathways, saves time, reduces paperwork and minimises risk.
Mosaic incorporates information on an individual, their immediate family and finances, providing you with a single view of a person and their environment.
Features
- Mosaic Children's Social Care Case Management
- Mosaic Adults Social Care Case Management
- Mosaic Children's and Adults Social Care Case Management
- Mosaic Children's Social Care MASH Form
- Mosaic Adults Social Care MASH Form
- Mosaic Children's & Adults Social Care MASH Form
- Mosaic Children's Social Care Signs of Safety (SoS) Form
- Mosaic Children's Social Care Outcome Stars Form
- Total Mobile
- MeLearning
Benefits
- Get holistic view of every aspect of a client’s life
- Have more time to focus on individuals and improving outcomes
- Make better decisions with accurate information at point of care
- Collaborate more easily with families and other agencies
- Get the insight to prioritise workloads
- Team Workload view promotes transparent ways of working
- Respond to court requirements easily
- Ensure best practice and meet statutory requirements
- Achieve a good or outstanding Ofsted rating more easily
- Improve data quality and accuracy
Pricing
£15 to £320 a user a year
Service documents
Request an accessible format
Framework
G-Cloud 11
Service ID
9 8 5 0 2 9 6 1 2 3 7 1 3 0 6
Contact
Access UK Ltd
Stacey Graham
Telephone: 0844 811 5081
Email: servelec.lg.bids@theaccessgroup.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- All end user and citizen facing components of the solution are fully browser based and need nothing installed on the client device other than the browser itself.
- System requirements
-
- End-user facing elements of the solution are accessed via web-browser
- Supported by, Windows, macOS, iOS and Android
- No additional software or plug-ins are required on client devices
- There are no additional licencing implications
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Hours of Service:
Monday to Friday 08.30 to 18.00 (Excl. English bank hols)
Response Times:
P1 - Production System Unavailable = within 30 minutes
P2 - Major System Unavailability = within 1 hour
P3 - Significant Issue = within 2 hours
P4 - Moderate Issue = within 4 hours
P5 - Minor Issue = within 8 hours - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Servelec operates a standard service level which is designed to provide appropriate and reliable response and resolution times to all of our customers at a cost effective price. Responses are guaranteed within 1 working hour for all priorities with the exception of priority 1 issues which have a 30 minute response. Resolution times are contained within the SLA, those being P1 = 1 working day, P2 = 5 working days, P3 = 20 working days and P4 being the next reasonable release. Further details of response and resolution times, as well as escalation procedures are provided in the accompanying license and support agreement. The Support desk is staffed between 8.30am and 6pm UK time, Monday to Friday, excluding Bank Holidays. Technical and operational incidents can be logged via the phone during opening times. Incidents may be logged and updated via email or by the Customer Self Service Portal 24 hours a day seven days a week. All incidents logged via the above methods will be responded to by a support consultant within the timescales stated during the working day. The customer will have access to the Servelec technical services and application support teams.
- Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
Servelec works closely with customers throughout the implementation process. A project plan and PID documentation will be provided.
The following on-site system training is also provided:
• Mosaic Familiarisation
• Workshop Preparation
• Finance Familiarisation
• System Administration
• Workflow and Template Manager
• Template Manager - Day 2
• User Acceptance
• Train the Trainer
• Mosaic Portal
• Mosaic BI
• Go-Live Guidance.
Training courses are designed to be interactive for up to 12 delegates.
Servelec also provide access to MosDocs, our online library of Mosaic user guides which contains our guides relating to system administration and configuration, workflow configuration, form design and building and system properties. MosDocs also contains up to date information on any new functionality which has been created within a new version. As new versions of our software are released, our guidance is updated and new guidance produced to highlight and explain any new functionality.
Another option to consider in addition to the training offered by Servelec, is the use of MeLearning, an e-learning module that supports Mosaic training. This is used by a number of customers, either to support system implementations or business as usual training. Costs can be provided on request. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Servelec provide a data schema for each version of Mosaic and this is available to customers to allow the extraction of data into a required format. If the customer prefers; it could commission Servelec to extract the data into .csv files. Costs for this service can be provided on request.
- End-of-contract process
- Servelec’s approach to decommissioning is to work with the Authority to meet its objectives and ensure any move to a new supplier is smooth and simple. Data is provided to the customer in the agreed format. Any technical involvement in script writing from Servelec is normally chargeable however advice and support can be provided until the contract end date. The data is deleted securely when the customer has agreed all data has been provided and drives holding the data are securely cleansed. Servelec can provide an Exit Management Plan to highlight the steps involved in decommissioning the Mosaic application.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari 9+
- Application to install
- Yes
- Compatible operating systems
-
- Android
- Windows
- Windows Phone
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- When used on Windows 10, iOS and Android smartphones and tablets, Mosaic forms are drawn in a way that is responsive to the device size. Native finger-friendly device functions such as date pickers are used by default. Mosaic Mobile also uses other device functions such as voice and handwriting recognition. All practitioner workflow and financial assessments etc. can be completed offline on mobile, whereas the desktop version does not do this. It does however provide complete access to functionality that is never needed offline such as system admin.
- Service interface
- No
- API
- Yes
- What users can and can't do using the API
-
Mosaic provides and out of the box set of generic APIs that can be used to provide third party systems bi-directional access to Mosaic. Servelec is part of the TechUK Interoperability charter that ensures these existing APIs are free from development costs and can be used by all our customers.
Mosaic has a number of SOAP and REST APIs. They offer the ability to create and search for people, retrieve demographic, budget information, care timetables, organisations and workers, send and receive alerts as well as providing an integration point for workflow and e-forms. Users set up the service by making calls to the APIs that allow creations. They make changes by calling APIs that identify the record to be updated then submit their changes via the APIs that permit updates.
There are no particular limitations on how users can set up and use the APIs other than calls made must obviously pass appropriate authentication and the business rules that the APIs enforce. - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
All the Mosaic workflows and forms are fully configurable to meet any specific local requirements to ensure that the system reflects local best practice. If any changes to Mosaic’s standard configuration are needed, Servelec’s consultants will work closely with you during the implementation of the system to define and input these changes.
Mosaic has been designed to maximise the flexibility for our customers to manage, edit, add to or amend code tables with little to no intervention from Servelec. We provide all customers with the ability to locally configure reference data (code) tables where the worker has the appropriate system permissions without our involvement.
With every new installation of Mosaic, there is a full suite of forms in the Standard Configuration (SC) designed to meet the requirements of business processes. These forms are all available and accessed via the Template Manager Tool and are all fully configurable by system administrators.
Mosaic’s Template Manager Tool allows sites to edit, amend and delete SC forms or to create their own forms for use within the system. The template manager tool contains a version control system so previous versions of forms are stored and amended if required.
Scaling
- Independence of resources
- Proactive monitoring of the platform is provided using NAGIOS. Where a server or other component is deemed to be nearing the threshold requiring additional resource the issue is rectified.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Service metrics are provided in the form of call lists which users can filter on calls outstanding either by call reference, created date range, call status, name of reporter, assignee and summary. Customers can log in to the online support portal to view this information as and when required at no additional cost. Service measurements are used internally to monitor performance accordingly. Reporting of SLA performance and KPIs can also be provided.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Servelec provides access to the Mosaic database allowing data to be extracted and interrogated via industry standard third party reporting and business intelligence tools. Supporting documents (Entity Relationship Diagrams and Data Dictionary are provided to support).
All reports run via the Mosaic Report Repository can be exported to Microsoft Excel and saved in the desired format. Where a specific format is required for a return submission, Servelec provide this in addition to tables to allow data validation prior to submission. - Data export formats
- CSV
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- Word
- Excel
- JPEG
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Mosaic availability will be 99.8% within hours of operation as per our standard SLA.
- Approach to resilience
- Available on request.
- Outage reporting
- Servelec utilises industry standard monitoring solutions which immediately alert our teams to a service outage. Contact with customers is made via telephone or email to agree contacts.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Mosaic uses a role based authorisation scheme (RBAC) and users are granted specific roles that have fine-grained permissions to ensure that only authorised people can see or edit specific areas of the system. The Council's system administrator has full control over what functions and data in the system users can access. A standard out-of-the box set of roles is provided to enable the solution to be implemented quickly. These can be fully configured by the Council using the inbuilt tools supplied with the system. The roles cover all the different job types normally found in Social Care departments.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 22/10/2016
- What the ISO/IEC 27001 doesn’t cover
- All areas of the business are covered
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
-
- ISO9001: 2015
- ISO20000-1: 2011
- ISO22301: 2012
- PSN Connection Compliance
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Servelec has an Information Security System documenting all policies and procedures to support the organisation’s security principles and compliance to the relevant standards. All employees are trained on Servelec’s policies, standards and procedures at induction as well as any ongoing awareness training. All policies and procedures are available on the staff intranet to all staff. Servelec has a documented Customer Data Protection Procedure and Customer Data and Systems Policy to provide staff with the means for handling customer data. These are supported by our Data Protection Act Policy, Information Security Policy, Information Sensitivity Procedure, Access Control Policy, Mobile Working Policy and Cryptography Policy. All managers are directly responsible for implementing these policies and procedures within their business areas, and for adherence by their staff. The Executive Directors give overall strategic direction by approving and mandating the information security principles but delegate operational responsibilities for physical and information security to the Security Committee chaired by the CEO. The Group Quality and Compliance Manager is responsible for reporting to the Executive Directors on the status of the IT Governance, and for ensuring policies and procedures are in place to support the organisation’s security principles and compliance to the relevant standards.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- All requests are logged via our support desk and issued with a unique reference number. This tracks the issue through to completion within the assigned team. Should the issue require software development effort, this is also tracked within the same system. Our ISO 9001 accredited development process defines that each work item has security considered as part of the development effort, which is logged within the work item. Servers and infrastructure are hardened in line with industry standard best practice. The environment and applications are tested for vulnerabilities, with any issues treated as faults and resolved appropriately.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
We provide quarterly internal scans and annual scans by external parties against the infrastructure which feeds into our PSN and Cyber Essentials certifications.
Our internal hosting policies define that the solution and hosted environment are tested for vulnerabilities regularly with a view to nullify threats, vulnerabilities and exploitation techniques. Penetration tests are conducted by an independent organisation to verify security.
Results of the tests are resolved by making a development change or making configuration changes to the hosted platform. In either case, the fixes are made based on priority according to the nature of the software and hosting methods. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- Potential compromises are identified by an enterprise IPS/IDS system. In the event of a breach or security incident which relates to the customer or the infrastructure, the customer would be informed typically via phone call or via email. We log security incidents on an ITIL compliant system. Remediation/action takes places immediately but all the security incidents are raised in information security meetings for mitigation. Servelec has a documented security incident plan which is embedded within the information Security Management System in accordance with ISO27001 accreditation. The plan defines what constitutes a security incident and outlines the incident response phases.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- Servelec has an Incident Management Process that is documented, approved and monitored. It specifies the policies and procedures for monitoring, detecting, analysing and reporting of information security events and incidents, and for the reporting of information security weaknesses. All personnel are responsible for reporting information security incidents to the Security Forum as quickly as possible. The Incident Report Form is used for recording the details of the incidents.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Pricing
- Price
- £15 to £320 a user a year
- Discount for educational organisations
- No
- Free trial available
- No