ROL Solutions Ltd

CaseTracker - case management, councillor enquiries and coroner enquiries

Case Tracker has been created in partnership with local government for the public sector to enable the effective management of a range of case types including Complaints, Compliments, Comments, Adult or Children's Social Care, Councillor/Members/MP Enquiries, Coroners Enquires and more.

Features

• Case types include Corporate/Adults/Children's Complaints, Councillor/Members/MP, Coroners
• Workflow enabling automated and manual case allocation across multiple staff
• A multi-channel customer access solution
• Flexible design allowing local customisation (timing, processes)
• Provides single view of a case across all required stages
• SSO User Authentication
• Inclusive document management system enabling effective case resolution
• Secure message centre for two-way communication
• Handles cases across multiple services to coordinate a single response
• Collates details on root cause, themes, outcomes or lessons learnt

Benefits

• Establishes a consistent method of capturing and handling cases
• Provides a single view of a case across all stages
• Helps meet statutory requirements within a robust and auditable process
• Handles cases across multiple services to coordinate a single response
• Creates a repository of information to support the council resolution
• Enables analysis of root cause, themes, outcome; assisting service transformation
• Provides analysis to assist the organisation to develop best practice
• Improve customer experience by identifying service failures
• Removes waste and frees up resources
• Reduces handling and resolution time

£13,500 to £66,000 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nic.streatfeild@rol.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

117551590081549

Contact

Nic Streatfeild
07973730005
nic.streatfeild@rol.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No, the service is available 24 hrs a day, 7 days per week.
• System requirements: Latest browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 24 hours, Monday to Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Standard level of support is 9am to 5pm Monday to Friday and is included in annual support fees.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once your order is confirmed, we will schedule a kick-off meeting as soon as possible. Following this meeting you can expect to be completely up and running within 6 - 8 weeks, subject to resource availability. ; We will provide an experienced project manager who will work with a nominated contact from your end. ; ; Our project manager will help you to:; - Confirm the components needed to meet to your requirements; - Agree the Service Lists, Root causes, Themes, Outcomes etc.; - Agree any additional flexible options; - Set up customer input templates; - Set up staging and workflows to match local processes; - Agree and execute a project plan.; ; We offer full training sessions to our new clients including onsite train the trainer sessions.
• Service documentation: No
• End-of-contract data extraction: At the end of the contract the user can download via the in-built extract function all data as required. This can be downloaded as a CSV file. Should the user require any assistance with this functionality, then this would be provided by CaseTracker at no additional charge.
• End-of-contract process: At the end of your contract, the data collection and reporting systems can be turned off at no cost should you choose not to renew.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our web-based systems are built following responsive design principles to ensure that pages render in a way that is suitable for the device. While different device types may display the systems differently, the functionally they provide will be equivalent.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The citizen-facing interface enables citizens to raise new case via an online form.; ; The organisation interface enables users to manage cases through multiple stages for multiple case types.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The citizen interface has been tested using a combination of automatic tools and manual expert verification. We work closely with leading accessibility consultants to ensure that all citizens have the same level of access to the system.
• API: Yes
• What users can and can't do using the API: The API enables the secure submission & extraction of data into the Case Tracker system.; ; You can: ; Access all customer and case data;; Access an OData interface for external MI systems;; Submit data from 3rd party feeds or capture tools.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The following features are customisable by users:; Case types and workflows; - Enables case type specific workflows each with defined timescales, case notifications for admin/case owners, retention schedules.; Front-end; - Our flexible forms come with a standard configuration which can be enhanced with additional fields, bespoke text and organisational specific branding.; Communication templates; - Internal communication templates can be predefined, with notifications including the relevant fields per case type.; - For external communications, templates can be branded as per the organisation, include relevant fields per case type, allow for pre-defined text and with outgoing e-mail addresses masked to appear as if coming from the organisation directly.; Flexible case categorisation; - This includes services, themes, learning outcomes, root causes, LGO responses, District/Borough/ward and many more.

Scaling

• Independence of resources: All traffic to our systems is load-balanced by multiple servers across multiple geographically disparate data centres within the EEA / UK (defined by agreement at onboarding). Our back-end services make use of serverless technologies which allow us to scale according to demand. System utilisation resources are constantly monitored and adjusted to the needs.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics can be provided on a regular basis through agent dashboards. Realtime data is available through the API and OData interfaces.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All subscriber data can be exported via multiple methods: ; API;; OData;; CSV extract
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • JSON
  • OData schema
  • PDF
  • ZIP
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • Word
  • JPEG
  • PNG
  • Video

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Reasonable endeavours will be made to ensure the CaseTracker Service Platform is available for access by the Subscribing Client to meet an annual average uptime target of at least 99.9%.
• Approach to resilience: All services are replicated over multiple-geographically disbursed locations with all traffic load balanced between. Faulty systems within our platform are automatically removed and replaced to ensure full resilience.
• Outage reporting: Service outage reports are communicated by our service desk via email and telephone as appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: There are named contacts for all subscribers who can contact and arrange service changes.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS UK LTD
• ISO/IEC 27001 accreditation date: 17/10/2016
• What the ISO/IEC 27001 doesn’t cover: ISO 27001 applies to all aspects of the company's service provision.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The company is accredited under ISO27001. The company's Managing Director directly oversees the ISMS through regular operations meetings with direct reports.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Change Control process is designed to capture and manage the various requests for changes, upgrades and development of the Service Platform.; ; Subscriber requests for changes and updates will be reviewed by the company using an issue management system.; ; Any agreed changes then go through a process of configuration and testing prior to being deployed to the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All CaseTracker servers are monitored using the Amazon AWS Inspector service, which reviews all servers against potential security issues and vulnerabilities, as set out in 'Common Vulnerabilities and Exposures' and 'Security Best Practices' defined by the AWS Inspector Core Rules Sets. All found issues and vulnerabilities are reviewed on a weekly basis by the senior technical team and dealt with according to the relative risk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All external traffic to our platforms are automatically monitored and protected by our cloud provider, Amazon AWS, who comply with various standards relevant to the security of its services including ISAE 3402. ; ; Any traffic getting through to our systems is then protected using elastic load balancers and web application firewalls which actively protect against DDoS attacks and the OWASP Top Ten Security Risks.; ; Our engineering team also monitors for usage anomalies with automated alerts triggered in the case of abnormal trends / brute force. Any potential issues are investigated immediately with further analysis of the relevant server and service logs.
• Incident management type: Supplier-defined controls
• Incident management approach: Our processes are inline with the NCSC 10 Steps to Cyber Security / Incident Management to ensure that all incidents are raised, managed, resolved and reviewed in a timely manner. The key steps are: Identify, Protect, Detect, Response & Recover. Customer-originating incidents should be reported to the service desk. The incident will then be managed according to the above. Whether customer- or internally-generated, the service desk will share an incident report with nominated contacts at affected customers, detailing the level and scope of the attack, the mitigation and recovery.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  n/a
• Covid-19 recovery:

  Covid-19 recovery

  n/a
• Tackling economic inequality:

  Tackling economic inequality

  n/a
• Equal opportunity:

  Equal opportunity

  n/a
• Wellbeing:

  Wellbeing

  CaseTracker facilitates improved community integration by providing a platform for public sector organisations and elected representatives to engage with citizens and communities and manage citizen enquiries and complaints.

Pricing

• Price: £13,500 to £66,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at nic.streatfeild@rol.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.