Defines which roles may perform each action within the Ockham Rescue platform. This document forms part of the organisation's access control policy and is available to CQC inspectors on request.
CQC Regulation 17 — Good Governance
This access control matrix supports compliance with the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014. Role assignments are reviewed at every staff record update and audited quarterly. All permission changes are logged with a timestamp and the authorising manager.
Roles marked purple are organisational hats (Management, Director, Governance Lead, Compliance Off.) — worn in addition to a primary clinical grade. Teal/green = registered clinical practitioners. Red = fire & rescue operational hats. Yellow/amber = operational support. Hats are additive — a Paramedic with a Management hat holds both clinical and management access.
Log in to the platform
View operational dashboard
View own shifts
View available / open shifts
Manage platform settings (own)
Manage organisation-wide settings
View statistics & KPIs
All clinical actions are subject to the individual's scope of practice, HCPC registration status, and current PGD authorisation. CQC Key Line of Enquiry: Safe, Effective, Well-led.
Complete a Patient Report Form (PRF)
Within scope of own clinical grade only.
Submit a PRF for clinical review
Review and sign off PRFs
Reviewers must hold HCPC/GMC registration and active clinical lead authority. Governance Lead hat provides PRF review access.
Access PGD Library
Administer medicines under PGD
Subject to individual PGD authorisation.
Access controlled-drug vault records
Logged access; dual-check process applies.
Record adverse / clinical incident
Access CAD / dispatch data
These permissions directly support CQC Fundamental Standards (Health and Social Care Act 2008, Regulation 17 — Good Governance). Access is restricted to appropriately qualified personnel.
View policies, SOPs & guidelines
Manage / update policies and SOPs
Changes are version-controlled and timestamped for audit.
Generate CQC compliance reports
View training compliance matrix
Manage mandatory training records
Record & review audit findings
Review DBS check status (own)
Manage DBS checks (all staff)
Manage HCPC / professional registration records
Expiry monitoring is automated; alerts sent 90, 60, 30 days before lapse.
Access Martyn's Law compliance documentation
View own employee record
View all employee records
Edit employee records & roles
Add new employees to the system
Suspend / deactivate an employee
View staff applications
Approve / reject staff applications
Manage employee documents
View own payslip
Run payroll
Full audit trail recorded on each payroll run.
View all payroll records
View event calendar
Create / edit events
Create & approve Event Medical Plans (EMP)
EMP approval requires a clinician of Doctor or Consultant grade, or a Governance Lead.
View approved EMPs
View client / customer details
Manage customers & contracts
Generate & send quotes
View invoices
Approve customer portal access
Approve customer enquiries
Generate end-of-event clinical reports
View available shifts
Apply to work a shift
Create / manage shift rotas
Approve shift applications
Submit end-of-shift report
View vehicle assignments
Report a vehicle defect
Complete daily vehicle inspection
Manage vehicles & fleet records
Manage equipment & assets
These are additional operational hats worn by dual-trained staff. Access is additive to the individual's primary clinical role. Fire shifts are only visible and available to staff holding the relevant hat.
View and apply for Fire Service shifts
Only staff with fire_crew or fire_oic hat can see and apply for fire-type shifts.
Author and sign off Fire Operations Plan
Fire OIC hat required. Follows JESIP METHANE protocol.
Joint Fire & Medical command authority
On joint events Fire OIC has command of all fire operations; Medical Lead retains clinical authority.
Access CQC compliance module
Complete make-ready checks & vehicle prep
Make Ready crew can access the fleet make-ready checklist module.
Document Control
Document type: Access Control Policy · Owner: Operations Manager · Review cycle: Quarterly
All role changes are recorded in the staff audit log with the authorising manager, date, and reason.
This page reflects the live permission configuration. Last updated automatically on each platform release.