ROL Solutions Ltd

CaseTracker - case management, councillor enquiries and coroner enquiries

Case Tracker has been created in partnership with local government for the public sector to enable the effective management of a range of case types including Complaints, Compliments, Comments, Adult or Children's Social Care, Councillor/Members/MP Enquiries, Coroners Enquires and more.


  • Case types include Corporate/Adults/Children's Complaints, Councillor/Members/MP, Coroners
  • Workflow enabling automated and manual case allocation across multiple staff
  • A multi-channel customer access solution
  • Flexible design allowing local customisation (timing, processes)
  • Provides single view of a case across all required stages
  • SSO User Authentication
  • Inclusive document management system enabling effective case resolution
  • Secure message centre for two-way communication
  • Handles cases across multiple services to coordinate a single response
  • Collates details on root cause, themes, outcomes or lessons learnt


  • Establishes a consistent method of capturing and handling cases
  • Provides a single view of a case across all stages
  • Helps meet statutory requirements within a robust and auditable process
  • Handles cases across multiple services to coordinate a single response
  • Creates a repository of information to support the council resolution
  • Enables analysis of root cause, themes, outcome; assisting service transformation
  • Provides analysis to assist the organisation to develop best practice
  • Improve customer experience by identifying service failures
  • Removes waste and frees up resources
  • Reduces handling and resolution time


£13,500 to £66,000 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 1 7 5 5 1 5 9 0 0 8 1 5 4 9


ROL Solutions Ltd Nic Streatfeild
Telephone: 07973730005

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
No, the service is available 24 hrs a day, 7 days per week.
System requirements
Latest browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 24 hours, Monday to Friday
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Support levels
Standard level of support is 9am to 5pm Monday to Friday and is included in annual support fees.
Support available to third parties

Onboarding and offboarding

Getting started
Once your order is confirmed, we will schedule a kick-off meeting as soon as possible. Following this meeting you can expect to be completely up and running within 6 - 8 weeks, subject to resource availability.
We will provide an experienced project manager who will work with a nominated contact from your end.

Our project manager will help you to:
- Confirm the components needed to meet to your requirements
- Agree the Service Lists, Root causes, Themes, Outcomes etc.
- Agree any additional flexible options
- Set up customer input templates
- Set up staging and workflows to match local processes
- Agree and execute a project plan.

We offer full training sessions to our new clients including onsite train the trainer sessions.
Service documentation
End-of-contract data extraction
At the end of the contract the user can download via the in-built extract function all data as required. This can be downloaded as a CSV file. Should the user require any assistance with this functionality, then this would be provided by CaseTracker at no additional charge.
End-of-contract process
At the end of your contract, the data collection and reporting systems can be turned off at no cost should you choose not to renew.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Our web-based systems are built following responsive design principles to ensure that pages render in a way that is suitable for the device. While different device types may display the systems differently, the functionally they provide will be equivalent.
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The citizen-facing interface enables citizens to raise new case via an online form.

The organisation interface enables users to manage cases through multiple stages for multiple case types.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The citizen interface has been tested using a combination of automatic tools and manual expert verification. We work closely with leading accessibility consultants to ensure that all citizens have the same level of access to the system.
What users can and can't do using the API
The API enables the secure submission & extraction of data into the Case Tracker system.

You can:
Access all customer and case data;
Access an OData interface for external MI systems;
Submit data from 3rd party feeds or capture tools.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
The following features are customisable by users:
Case types and workflows
- Enables case type specific workflows each with defined timescales, case notifications for admin/case owners, retention schedules.
- Our flexible forms come with a standard configuration which can be enhanced with additional fields, bespoke text and organisational specific branding.
Communication templates
- Internal communication templates can be predefined, with notifications including the relevant fields per case type.
- For external communications, templates can be branded as per the organisation, include relevant fields per case type, allow for pre-defined text and with outgoing e-mail addresses masked to appear as if coming from the organisation directly.
Flexible case categorisation
- This includes services, themes, learning outcomes, root causes, LGO responses, District/Borough/ward and many more.


Independence of resources
All traffic to our systems is load-balanced by multiple servers across multiple geographically disparate data centres within the EEA / UK (defined by agreement at onboarding). Our back-end services make use of serverless technologies which allow us to scale according to demand. System utilisation resources are constantly monitored and adjusted to the needs.


Service usage metrics
Metrics types
Service metrics can be provided on a regular basis through agent dashboards. Realtime data is available through the API and OData interfaces.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
All subscriber data can be exported via multiple methods:
CSV extract;
Data export formats
  • CSV
  • Other
Other data export formats
  • JSON
  • OData schema
  • PDF
  • ZIP
Data import formats
  • CSV
  • ODF
  • Other
Other data import formats
  • PDF
  • Word
  • JPEG
  • PNG
  • Video

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Reasonable endeavours will be made to ensure the CaseTracker Service Platform is available for access by the Subscribing Client to meet an annual average uptime target of at least 99.9%.
Approach to resilience
All services are replicated over multiple-geographically disbursed locations with all traffic load balanced between. Faulty systems within our platform are automatically removed and replaced to ensure full resilience.
Outage reporting
Service outage reports are communicated by our service desk via email and telephone as appropriate.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
There are named contacts for all subscribers who can contact and arrange service changes.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 27001 applies to all aspects of the company's service provision.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
The company is accredited under ISO27001. The company's Managing Director directly oversees the ISMS through regular operations meetings with direct reports.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The Change Control process is designed to capture and manage the various requests for changes, upgrades and development of the Service Platform.

Subscriber requests for changes and updates will be reviewed by the company using an issue management system.

Any agreed changes then go through a process of configuration and testing prior to being deployed to the live environment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
All CaseTracker servers are monitored using the Amazon AWS Inspector service, which reviews all servers against potential security issues and vulnerabilities, as set out in 'Common Vulnerabilities and Exposures' and 'Security Best Practices' defined by the AWS Inspector Core Rules Sets. All found issues and vulnerabilities are reviewed on a weekly basis by the senior technical team and dealt with according to the relative risk.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
All external traffic to our platforms are automatically monitored and protected by our cloud provider, Amazon AWS, who comply with various standards relevant to the security of its services including ISAE 3402.

Any traffic getting through to our systems is then protected using elastic load balancers and web application firewalls which actively protect against DDoS attacks and the OWASP Top Ten Security Risks.

Our engineering team also monitors for usage anomalies with automated alerts triggered in the case of abnormal trends / brute force. Any potential issues are investigated immediately with further analysis of the relevant server and service logs.
Incident management type
Supplier-defined controls
Incident management approach
Our processes are inline with the NCSC 10 Steps to Cyber Security / Incident Management to ensure that all incidents are raised, managed, resolved and reviewed in a timely manner. The key steps are: Identify, Protect, Detect, Response & Recover. Customer-originating incidents should be reported to the service desk. The incident will then be managed according to the above. Whether customer- or internally-generated, the service desk will share an incident report with nominated contacts at affected customers, detailing the level and scope of the attack, the mitigation and recovery.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Covid-19 recovery

Covid-19 recovery

Tackling economic inequality

Tackling economic inequality

Equal opportunity

Equal opportunity



CaseTracker facilitates improved community integration by providing a platform for public sector organisations and elected representatives to engage with citizens and communities and manage citizen enquiries and complaints.


£13,500 to £66,000 an instance a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.