Skip to main content

Help us improve the Digital Marketplace - send your feedback

Mortar

Hoop'd

Hoop'd is a modular, cloud-based software framework delivering tailored user-led design solutions for services. Our modules support service user engagement, triage, accreditation and eligibility and provide intelligence to officers in the management of users, data and the improvement of service outcomes.

Features

  • Geospatial mapping and tailored user information interfaces
  • Accessible directory, resources, services and events management and promotion
  • Global API system and bespoke API creation
  • Data Visualisation and tailored interfaces
  • Account creation, user, officer and partner management
  • Tailored case management environments
  • Accessible referral pathways and end-to-end user monitoring
  • User triage, eligibility and accreditation processes and data capture
  • User monitoring and tracking of outcomes (eg skills health)
  • Intelligent recommendation and prioritisation algorithms for supported decision making

Benefits

  • Target and tailor the provision of services
  • Map and monitor participation success to improve service delivery
  • Analyse access and support needs to create more tailored engagement
  • Co-create projects with partners, tailor engagement opportunities
  • Provide accurate, up-to-date information, services and resources
  • Identify and reach those excluded and vulnerable
  • Training and accreditation allowing for multi-stage resources and assessments
  • Custom social prescribing environments and creation of referral networks
  • Establish and promote local partnerships
  • Improve local community health and skills outcomes

Pricing

£6,450 to £125,000 a unit a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@mortar.works. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

1 0 8 9 7 0 3 7 6 9 3 1 2 8 4

Contact

Mortar George Unsworth
Telephone: 020 8374 2322
Email: enquiries@mortar.works

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Hoop'd extends existing enterprise software such as CRMs, ERP and BI platforms, and accounting and collections tools in accounts receivable. Hoop'd offers an environment for tailored API, webservice and microservice delivery to improve enterprise efficiency and effectiveness.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
No constraints.
System requirements
  • For on-site hosting: Kubernetes Container Runtime Initiative (CRI) standards
  • A computer or mobile device
  • Latest version of the supported browsers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Questions sent within supported office hours, which is defined as 09:00 – 17:00, Monday – Friday, excluding UK Bank Holidays, will be responded within 24 hours, starting from the next working day.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We provide Basic, Standard and a Custom level of support depending upon the extent of the tailored implementation of Hoop'd being provided.

At our Basic level of support we provide an account manager. Standard level support includes account, product and technical managers. Custom support includes technical engineers as necessary.

Our Basic Level Support starts from £265 per month (ex VAT).
Support available to third parties
No

Onboarding and offboarding

Getting started
We provide a tailored Service Acceptance plan which includes Product and Service Documentation and User Guides, and online training. Online group workshops and training is also available, as is onsite training, as required.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
If the functionality for the user is not present for them to extract their data from the service at the end point of the contract then we extract and provide the data to the user on request in a comma-delimited format.

Any assets that belonged to the user and that were provided by the user for use in their bespoke implementation are returned along with the provision of all the user’s data associated with the contract.
End-of-contract process
In the price of the contract is included the transfer of all assets that belonged to the user and that were provided by the user for use in their bespoke implementation; these are returned along with the provision of all the user's data associated with the contract and its delivery. Any data that has been handed over prior to the end-of-contract or that has been generated on the system during the use of the service is subject to either disposal or can be handed over on request.

Any technical, management (consultancy) or development work at the end of the contract associated with the service, and/or the use or transfer of data, is subject to additional cost.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The same web interface is accessible and usable on mobile, tablet and desktop. Some functionality might be simplified for ease of use on mobile interfaces but will be functionally equivalent.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Our solutions operate through the provision of bespoke user interfaces that are tailored to meet the needs of the specific service users.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
Automated and manual accessibility testing is integrated in our development process, and we test our interfaces with assistive technologies regularly. After the implementation of the service we conduct an accessibility audit.

We have done extensive service design and testing work with users ensuring our interfaces respond appropriately to screen readers (JAWS, NVDA, or VoiceOver); speech recognition software; screen magnification (ZoomText) software; text-to-Speech software; alternative devices and the use of closed captioning and subtitles for audio and video content.
API
Yes
What users can and can't do using the API
Clients can add, remove, access and update all data that is normally supplied by the client; access processed information; define and update endpoints for processed information.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
We take our users through a service design phase in which customisation is planned. As much or as little customisation can be developed depending on the service requirements.

Our modular framework means users can select which modules they require, and we can customise many of the parameters associated with how these modules appear and interact.

Our framework allows for branding modifications, colour and logo customisations, and all our interfaces are editable allowing the user to develop customised content for display to their service users.

Scaling

Independence of resources
Each client is provided with their own dedicated private cloud instance, configured and managed according to their needs. Our infrastructure is built on Digital Ocean cloud services and is designed to scale using their tools. Before going live we do battery of load testing which ensures the system can handle peak load capacity with a healthy margin for contingency. We then continuously monitor our services and respond to increase in demand within our SLAs.

Analytics

Service usage metrics
Yes
Metrics types
Users' access information is being logged along with the metrics associated with the decisions, actions, and outputs generated by users and their interaction with the service. In addition to these performance metrics, Google Analytics reporting and dashboards are used to track real-time usage.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Mortar provides APIs, batch uploads and manual downloads for data exporting in various formats.
Data export formats
  • CSV
  • Other
Other data export formats
JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • JSON
  • API

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The service is available 24/7. The service shall provide at least 99% availability during supported office hours, which is defined as 09:00 – 17:00, Monday – Friday, excluding UK Bank Holidays and excluding scheduled maintenance. Planned upgrades and maintenance will be performed outside of office hours as much as possible, excluding emergencies.
Approach to resilience
Mortar service and all of it's infrastructure is built on top of Digital Ocean cloud services, which provide built-in scalability and failover for the services it relies on with no single point of failure. Each client's instance will live within Digital Ocean's UK region located in London. Depending on client requirements and needs, another site can be set up in Ireland or the rest of the EU for higher availability and resilience.

Databases are automatically backed up and backup are written to disk immediately and archived regularly. If available, backups are automatically copied to the second region. Data recovery and disaster recovery scenarios are tested at least once a year.
Outage reporting
Mortar uses private dashboards for internal use and sends automated emails as soon as outages are detected. A more detailed report is written about how long the outage might last after diagnosis, and another incident report is provided after service is restored.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Different levels of user accounts will have separate access restrictions which can be customised. Support channels will be managed externally.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We conduct internal security reviews that inform our approach to security governance and the arrangements that we undertake to enforce our security governance policies. Our arrangements provide safeguards for personal identifiable data, financial information, commercially sensitive data, all employee information, and information shared with us by others, complaints, feedback, and all other information that we handle. Our security group meets monthly to manage and maintain security across our services, co-ordinating and overseeing technical assurance and testing of our infrastructure, including annual penetration testing by specialist third party providers.
Information security policies and processes
Our reporting structure is enforced by our information governance team, together with independent reviews by internally and externally on a periodic basis. Our information governance team ensures the following policies are followed: maintenance of confidentiality: protecting our resources from unauthorized personnel; ensuring availability of resources (to authorised personnel only); maintenance of the integrity of our resources. We implement a business continuity management system (BCMS) aligned to the international standard of best practice, and we routinely undertake a business impact analysis in all areas of the organisation. This establishes our business continuity plans which are assessed regularly to ensure the continuity of prioritised activities in the event of a significant incident. An audit trail of system access and staff data use is maintained and reviewed on a regular basis. Data security and protection training is mandatory and all staff are required to complete annual data security awareness training.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Requests for change (RFC) are evaluated on an impact and value assessment framework. Assessment produces a proposed update to the time plan and a cost breakdown which should be agreed by both sides. RFCs and their impacts will be stored as part of project documentation.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Mortar is monitored by Digital Ocean's Vulnerability Scanner for ongoing vulnerability monitoring. A security assessment is being done before the service goes live. Tests are repeated once a year.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use tools such as LogRhythm and CrowdStrike on different parts of our infrastructure for threat intelligence, cyberattack response and monitoring services. As part of our security reviews, we analyse logs and information from various tools gathered to detect security problems. Response to incidents is immediate.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are handled according to our monitoring software or user reports through our support channel, where we produce a security incident report. This is reviewed by our security team and is handled according to our incident management process.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
Yes
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Social Value

Social Value

  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Covid-19 recovery

Hoop'd helps create employment, re-training and other return to work opportunities for those left unemployed by COVID-19 especially through our Digital Inclusion Triage Tool and Digital Skills Platform.

Tools such as our Dementia Friendly Venues Charter, and our Community Navigation Platform support the physical and mental health of people affected by COVID-19, and reduce the demand on health and care services.

Tackling economic inequality

Hoop'd helps create employment, re-training and other return to work opportunities for those left unemployed by COVID-19 especially through our Digital Inclusion Triage Tool and Digital Skills Platform.

Equal opportunity

Hoop'd helps create employment, re-training and other work opportunities through our Digital Inclusion Triage Tool and Digital Skills Platform.

Tools such as our Dementia Friendly Venues Charter, and our Community Navigation Platform support access to opportunities and help address health inequalities.

Wellbeing

Tools such as our Dementia Friendly Venues Charter, and our Community Navigation Platform support access to opportunities and help address health inequalities.

Pricing

Price
£6,450 to £125,000 a unit a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@mortar.works. Tell them what format you need. It will help if you say what assistive technology you use.