Hoop'd
Hoop'd is a modular, cloud-based software framework delivering tailored user-led design solutions for services. Our modules support service user engagement, triage, accreditation and eligibility and provide intelligence to officers in the management of users, data and the improvement of service outcomes.
Features
- Geospatial mapping and tailored user information interfaces
- Accessible directory, resources, services and events management and promotion
- Global API system and bespoke API creation
- Data Visualisation and tailored interfaces
- Account creation, user, officer and partner management
- Tailored case management environments
- Accessible referral pathways and end-to-end user monitoring
- User triage, eligibility and accreditation processes and data capture
- User monitoring and tracking of outcomes (eg skills health)
- Intelligent recommendation and prioritisation algorithms for supported decision making
Benefits
- Target and tailor the provision of services
- Map and monitor participation success to improve service delivery
- Analyse access and support needs to create more tailored engagement
- Co-create projects with partners, tailor engagement opportunities
- Provide accurate, up-to-date information, services and resources
- Identify and reach those excluded and vulnerable
- Training and accreditation allowing for multi-stage resources and assessments
- Custom social prescribing environments and creation of referral networks
- Establish and promote local partnerships
- Improve local community health and skills outcomes
Pricing
£6,450 to £125,000 a unit a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
1 0 8 9 7 0 3 7 6 9 3 1 2 8 4
Contact
Mortar
George Unsworth
Telephone: 020 8374 2322
Email: enquiries@mortar.works
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- Hoop'd extends existing enterprise software such as CRMs, ERP and BI platforms, and accounting and collections tools in accounts receivable. Hoop'd offers an environment for tailored API, webservice and microservice delivery to improve enterprise efficiency and effectiveness.
- Cloud deployment model
-
- Public cloud
- Private cloud
- Hybrid cloud
- Service constraints
- No constraints.
- System requirements
-
- For on-site hosting: Kubernetes Container Runtime Initiative (CRI) standards
- A computer or mobile device
- Latest version of the supported browsers
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Questions sent within supported office hours, which is defined as 09:00 – 17:00, Monday – Friday, excluding UK Bank Holidays, will be responded within 24 hours, starting from the next working day.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
We provide Basic, Standard and a Custom level of support depending upon the extent of the tailored implementation of Hoop'd being provided.
At our Basic level of support we provide an account manager. Standard level support includes account, product and technical managers. Custom support includes technical engineers as necessary.
Our Basic Level Support starts from £265 per month (ex VAT). - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- We provide a tailored Service Acceptance plan which includes Product and Service Documentation and User Guides, and online training. Online group workshops and training is also available, as is onsite training, as required.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
If the functionality for the user is not present for them to extract their data from the service at the end point of the contract then we extract and provide the data to the user on request in a comma-delimited format.
Any assets that belonged to the user and that were provided by the user for use in their bespoke implementation are returned along with the provision of all the user’s data associated with the contract. - End-of-contract process
-
In the price of the contract is included the transfer of all assets that belonged to the user and that were provided by the user for use in their bespoke implementation; these are returned along with the provision of all the user's data associated with the contract and its delivery. Any data that has been handed over prior to the end-of-contract or that has been generated on the system during the use of the service is subject to either disposal or can be handed over on request.
Any technical, management (consultancy) or development work at the end of the contract associated with the service, and/or the use or transfer of data, is subject to additional cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The same web interface is accessible and usable on mobile, tablet and desktop. Some functionality might be simplified for ease of use on mobile interfaces but will be functionally equivalent.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- Our solutions operate through the provision of bespoke user interfaces that are tailored to meet the needs of the specific service users.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
Automated and manual accessibility testing is integrated in our development process, and we test our interfaces with assistive technologies regularly. After the implementation of the service we conduct an accessibility audit.
We have done extensive service design and testing work with users ensuring our interfaces respond appropriately to screen readers (JAWS, NVDA, or VoiceOver); speech recognition software; screen magnification (ZoomText) software; text-to-Speech software; alternative devices and the use of closed captioning and subtitles for audio and video content. - API
- Yes
- What users can and can't do using the API
- Clients can add, remove, access and update all data that is normally supplied by the client; access processed information; define and update endpoints for processed information.
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- API sandbox or test environment
- No
- Customisation available
- Yes
- Description of customisation
-
We take our users through a service design phase in which customisation is planned. As much or as little customisation can be developed depending on the service requirements.
Our modular framework means users can select which modules they require, and we can customise many of the parameters associated with how these modules appear and interact.
Our framework allows for branding modifications, colour and logo customisations, and all our interfaces are editable allowing the user to develop customised content for display to their service users.
Scaling
- Independence of resources
- Each client is provided with their own dedicated private cloud instance, configured and managed according to their needs. Our infrastructure is built on Digital Ocean cloud services and is designed to scale using their tools. Before going live we do battery of load testing which ensures the system can handle peak load capacity with a healthy margin for contingency. We then continuously monitor our services and respond to increase in demand within our SLAs.
Analytics
- Service usage metrics
- Yes
- Metrics types
- Users' access information is being logged along with the metrics associated with the decisions, actions, and outputs generated by users and their interaction with the service. In addition to these performance metrics, Google Analytics reporting and dashboards are used to track real-time usage.
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- None
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Mortar provides APIs, batch uploads and manual downloads for data exporting in various formats.
- Data export formats
-
- CSV
- Other
- Other data export formats
- JSON
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- JSON
- API
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- The service is available 24/7. The service shall provide at least 99% availability during supported office hours, which is defined as 09:00 – 17:00, Monday – Friday, excluding UK Bank Holidays and excluding scheduled maintenance. Planned upgrades and maintenance will be performed outside of office hours as much as possible, excluding emergencies.
- Approach to resilience
-
Mortar service and all of it's infrastructure is built on top of Digital Ocean cloud services, which provide built-in scalability and failover for the services it relies on with no single point of failure. Each client's instance will live within Digital Ocean's UK region located in London. Depending on client requirements and needs, another site can be set up in Ireland or the rest of the EU for higher availability and resilience.
Databases are automatically backed up and backup are written to disk immediately and archived regularly. If available, backups are automatically copied to the second region. Data recovery and disaster recovery scenarios are tested at least once a year. - Outage reporting
- Mortar uses private dashboards for internal use and sends automated emails as soon as outages are detected. A more detailed report is written about how long the outage might last after diagnosis, and another incident report is provided after service is restored.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Different levels of user accounts will have separate access restrictions which can be customised. Support channels will be managed externally.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- We conduct internal security reviews that inform our approach to security governance and the arrangements that we undertake to enforce our security governance policies. Our arrangements provide safeguards for personal identifiable data, financial information, commercially sensitive data, all employee information, and information shared with us by others, complaints, feedback, and all other information that we handle. Our security group meets monthly to manage and maintain security across our services, co-ordinating and overseeing technical assurance and testing of our infrastructure, including annual penetration testing by specialist third party providers.
- Information security policies and processes
- Our reporting structure is enforced by our information governance team, together with independent reviews by internally and externally on a periodic basis. Our information governance team ensures the following policies are followed: maintenance of confidentiality: protecting our resources from unauthorized personnel; ensuring availability of resources (to authorised personnel only); maintenance of the integrity of our resources. We implement a business continuity management system (BCMS) aligned to the international standard of best practice, and we routinely undertake a business impact analysis in all areas of the organisation. This establishes our business continuity plans which are assessed regularly to ensure the continuity of prioritised activities in the event of a significant incident. An audit trail of system access and staff data use is maintained and reviewed on a regular basis. Data security and protection training is mandatory and all staff are required to complete annual data security awareness training.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Requests for change (RFC) are evaluated on an impact and value assessment framework. Assessment produces a proposed update to the time plan and a cost breakdown which should be agreed by both sides. RFCs and their impacts will be stored as part of project documentation.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Mortar is monitored by Digital Ocean's Vulnerability Scanner for ongoing vulnerability monitoring. A security assessment is being done before the service goes live. Tests are repeated once a year.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- We use tools such as LogRhythm and CrowdStrike on different parts of our infrastructure for threat intelligence, cyberattack response and monitoring services. As part of our security reviews, we analyse logs and information from various tools gathered to detect security problems. Response to incidents is immediate.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Incidents are handled according to our monitoring software or user reports through our support channel, where we produce a security incident report. This is reviewed by our security team and is handled according to our incident management process.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- Yes
- Connected networks
-
- Public Services Network (PSN)
- NHS Network (N3)
- Health and Social Care Network (HSCN)
Social Value
- Social Value
-
Social Value
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Covid-19 recovery
Hoop'd helps create employment, re-training and other return to work opportunities for those left unemployed by COVID-19 especially through our Digital Inclusion Triage Tool and Digital Skills Platform.
Tools such as our Dementia Friendly Venues Charter, and our Community Navigation Platform support the physical and mental health of people affected by COVID-19, and reduce the demand on health and care services.Tackling economic inequality
Hoop'd helps create employment, re-training and other return to work opportunities for those left unemployed by COVID-19 especially through our Digital Inclusion Triage Tool and Digital Skills Platform.Equal opportunity
Hoop'd helps create employment, re-training and other work opportunities through our Digital Inclusion Triage Tool and Digital Skills Platform.
Tools such as our Dementia Friendly Venues Charter, and our Community Navigation Platform support access to opportunities and help address health inequalities.Wellbeing
Tools such as our Dementia Friendly Venues Charter, and our Community Navigation Platform support access to opportunities and help address health inequalities.
Pricing
- Price
- £6,450 to £125,000 a unit a year
- Discount for educational organisations
- Yes
- Free trial available
- No