Welfare Call (LAC) Limited

Attendance Monitoring & Attainment Collection Service

Fully managed data collection and analysis service via our cloud-based solutions covering attendance, attainment monitoring, ePEPs and analytics dashboards to assist Local Authorities in safeguarding & improving outcomes for vulnerable cohorts; including Children Looked After (CLA/LAC/CiC), Children in Need (CiN) and those on Child Protection, EHCP/SEN plans and Youth Justice.

Features

  • Cloud-based platform allowing secure, accessible & appropriate access 24/7
  • Daily attendance data collected via live calling and/or automated extraction
  • Assessment data collected e.g. Termly Teacher Assessments, SATs, GCSE’s, A-Levels
  • Interactive Management Information dashboards updated with real-time data
  • Inbuilt reporting suite and dashboards provides analysis of Data
  • Pre-defined, custom and bespoke report builder available
  • Automated notifications/alerts to key stakeholders of child absences
  • Interoperable with multiple platforms and 3rd party databases
  • Integrated secure messaging and data transfer
  • One to one customer support

Benefits

  • Reduction in Looked After Child absences
  • Reduced administration through outsourcing of data management
  • Improved information sharing between Virtual Schools including Other Local Authorities
  • Improved reporting allowing statistical analysis.
  • Providing integrated Ofsted ratings, details of school merges, academies
  • Improved safeguarding through alerts of child absences.
  • Import data into Education MIS solution through data transfer facility
  • Improved safeguarding of LAC
  • Improved information sharing with all agencies involved in LAC care
  • Improved educational outcomes for LAC

Pricing

£1.65 to £2.09 a unit a week

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@welfarecall.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

1 0 7 1 4 4 8 5 5 2 1 2 8 3 6

Contact

Welfare Call (LAC) Limited Andrew Henderson
Telephone: 01226 716333
Email: bidmanagement@welfarecall.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
None.
System requirements
  • Internet access
  • Connection through a current supported internet browser
  • Individual corporate email address

User support

Email or online ticketing support
Email or online ticketing
Support response times
Sales enquiries: 2 working days

Support enquiries:

Priority 1: The entire system is completely inaccessible - response within two to four business hours.

Priority 2: Operation of the system is severely degraded, or major components are not operational and work cannot reasonably continue - response within four business hours.

Priority 3: Certain non-essential features of the system are impaired while most major components remain functional. - response within 12 business hours.

Priority 4: Change requests or issues that are cosmetic and/or have little or no impact on the normal operation of the Services - response within 24 business hours.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide the same level of support to all our customers. Our Service Desk team of product experts provide first line support. As a hosted provision our technical team take full responsibility for the configuration, maintenance, updates and support of the cloud service.
Welfare Call will ensure the service is up and running through our implementation programme. Every Client has a technical account manager who will be available to discuss any elements of the service.Reviews take place at least every 6 months to ensure the service/software is fulfilling the requirements of the client. We provide several different support methods including; support helpdesk, online training, user documentation, training videos, webinars, phone support etc. During the implementation programme onsite support is provided.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
New users benefit from: Onsite training, online training, user documentation, training videos and webinars. User workbooks are included in the start up process as well as access to a helpdesk and support from one of our product specialist teams.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Clients are able to access and download their data throughout the contract. Alternatively data can be provided to the client at the end of the contract by encrypted data transfer on request or as part of the planned Exit Plan.
End-of-contract process
Contract exit options form part of the contract definition and are discussed with the client both at the start and end of the contract to ensure that all statutory obligations, valid at the time, can be accounted for. Depending on the level of additional work required there may be additional charges made to cover the effort of meeting the client's requirements.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Extranet: A cloud-based customer portal allows the user to manage their account details, change security questions, review their access logs and use the built in secure messaging service to request support, provide data updates or access the help materials.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The interface is tested with assistive technology for visual impairments (reversed colours, high contrast, grey-scale etc) as well as screen readers. The development team have a suite of tools to identify accessibility issues as code is produced.
API
No
Customisation available
Yes
Description of customisation
Pre-approved users can customise their dashboard to display frequently used reports and statistics.
Users can select reports to auto-run for a specified time range and be stored or emailed.
Reports can be filtered to view relevant data.
Automated alerts can be tailored to trigger when specific events occur.

Scaling

Independence of resources
We automatically monitor performance of our dedicated servers multiple times every hour including measuring typical page load times and comparing against a known baseline. The service performance/capacity can be increased as required. The service benefits from a denial of service mitigation process to minimise the effects of one user's actions on other users.

Analytics

Service usage metrics
Yes
Metrics types
Examples of service metrics provided included but not limited to: uptime, user login audit trail and data access audit.
Bespoke reports of service metrics are available on request.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Within the Secure Portal a number of reports and document generation options are available. Historical documents stored in the system can also be exported in their original format. Report data can be customised, filtered and controlled on screen before exporting in a number of formats including .csv and xlsx. Statistical data generated from the reports can also be exported in .csv and charts generated from the statistical data can be exported in various common image formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • Png
  • Pdf
  • Jpg
  • Xlsx
  • Docx
Data import formats
  • CSV
  • Other
Other data import formats
Other formats are managed by our admin team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Secure, encrypted email is used every time confidential or personally identifiable information is exchanged.
Users of out of date or unsupported browsers are blocked from accessing the system to prevent potentially insecure transfer of data.
Data will only be sent to recognised, registered email addresses.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our data centres boast a rapid 3-minute response time from the 3rd line engineers and guarantees 100% uptime on network connectivity. This allows us to achieve very high rates of availability. Contracts are agreed taking into account client agent access times which typically extend well beyond the working day. Service affecting maintenance is scheduled for the early hours of the morning to minimise disruption from planned work. Service affecting issues in core business hours are prioritised and addressed immediately.
Approach to resilience
The service is run on a virtual platform to be independent of the underlying hardware. The service is configured for high availability with N+1 redundancy at all levels: dual redundant internet connections, dual load balanced firewall with DDOS mitigation service, dual power feeds with dual UPS and dual backup generators, mirrored storage arrays and dual compute provision.
This whole service is replicated in a separate data centre with live data updates keeping the services synchronised.
Backups are taken hourly and daily backups are stored offsite. The service is configured to keep a full audit log of core data allowing changes to be tracked and undone without reverting to the backup. Individual client data can be restored without affecting all clients.
The data centre has 24/7 security guards, biometric access controls and individually locked data halls.
Outage reporting
Performance and service availability are measured in the data centre, from our own internal monitoring solution and from independent 3rd parties. If performance drops below key trigger levels or if the service is not available emails are automatically sent to key senior staff and an event is logged. A dashboard is displayed in all technical offices showing trends and alerts. A dashboard is also available for clients to view current and historical availability.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
We use a multi factor authentication process. Clients can make this mandatory for all agents with access to their data. Options include one time partial password, partial secret phrase, and one time code using Google Authenticator
Access restrictions in management interfaces and support channels
Within the site there are four levels of access restrictions:
1. User Types, limiting the basic users interface.
2. Authority limiting to what services are available
3. Individual Permissions overriding a specific user to elements.
4. Authority settings limiting the authorities options
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
Administration activities by supplier staff via the portal are secured by username, password and 2 factor authentication.
System administration is controlled by username and password and Public Key Authentication over a secure link that is over an encrypted VPN

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
Yes
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials
Information security policies and processes
Information security policies and processes are regularly reviewed and updated to deal with emerging threats, changing legislation and to account for the development of new and existing services. New policies and changes to existing policies are made in line with ISO 27001 which we are currently working towards. Development is in line with, but not limited to, the following legislation: The Data Protection Act (2018)/GDPR, The Computer Misuse Act (1990), Freedom of Information Act 2000, Business Continuity Management and ISO 27001 standard. If you have specific questions relating to aspects of our policies please contact us with details of your request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Following ITIL guidelines a ticket is logged for every change request to record all actions and decisions taken. A timestamped repository of code changes is maintained associated with each developer. Code is automatically checked before submission and changes are reviewed by a senior developer. Development is carried out in a separate environment and undergoes testing prior to being made live. A secure code framework is used into which new functions are built ensuring new features and functionality automatically benefit from pre-tested security. NCSC and other guidelines are are referenced to ensure configuration changes follow best practice standards.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Code is developed within a secure framework. 3rd party CREST approved annual penetration test is carried out with monthly updates. Annual Cyber Essentials assessment is completed.
A subscription to the National Vulnerabilities Database creates actionable tickets for developers to check potential risks.
Automated software update checkers alert technicians to security updates. NIDS and HIDS solutions are used to identify issues.
Continual development and deployment practices allow a quick response to any issue found. Infrastructure patches/updates are applied within 14 days. Security issues can be actioned in less than an hour.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified through our network and host Intrusion Detection services, Anti-Virus software and alerts configured in the firewalls.
If compromises are identified proactive action is taken to remedy the issue immediately to allow normal service to resume as soon as possible.
A risk assessment is carried out and policies & procedures updated accordingly to prevent re-occurrence.
Incident management type
Supplier-defined controls
Incident management approach
Processes for common events are defined in our standard operating procedures. For other events there are set guidelines to follow to allow the incident to be managed.
Users report incidents either via phone, email or secure messaging. Automatic monitoring services send alerts by email, raising a ticket and displaying an alert on the monitoring screens in our technical offices.
Incident reports are provided by secure email to a nominated contact agreed with the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

Please contact us directly for further information.
Covid-19 recovery

Covid-19 recovery

During the Covid-19 outbreak we communicated directly with our customers daily and issued regular business continuity updates by email and also provided a status update via our website.

We continued to monitor service users via an adapted model to ensure business continuity.

Further details can be provided upon request.
Tackling economic inequality

Tackling economic inequality

Please contact us directly for further information.
Equal opportunity

Equal opportunity

Our vision is for the company to be a successful, caring and welcoming place for staff and service users to receive care and advice. We feel we achieve this by creating a supportive and inclusive environment where our staff can reach their full potential and care is provided in partnership with service users, without prejudice and discrimination. We are committed to a culture where respect and understanding is fostered and the diversity of people's backgrounds and circumstances will be positively valued. Our aim is to achieve equality of care experience by removing any potential discrimination in the way that our staff and service users are cared and treated by us, including: • people with disabilities • people of different sexual orientations • transgendered and transsexual people • people of different races • people on the grounds of their sex • people of faith and of no faith • people in relation to their age • people in relation to their social class or medical condition • people who work part-time • people who are married or in a civil partnership • women who are pregnant, have recently given birth or are breastfeeding To ensure this, we maintain a wide range of policies covering all aspects Equality, these include: • Equality and Diversity Policy • Ethical Recruitment Policy • Safeguarding Policy We also provide literature and information in a variety of languages, if required and our services are accessible to staff and service users with disabilities. Please contact us for further details
Wellbeing

Wellbeing

Please contact us directly for further information.

Pricing

Price
£1.65 to £2.09 a unit a week
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@welfarecall.com. Tell them what format you need. It will help if you say what assistive technology you use.