The Access Group

Access NCCIS

NCCIS is an end-to-end service that encompasses all requirements for the collection and analysis of the CCIS data provided by local authorities and service providers. The system also includes secure storage facilities and reporting tools to support the effective case management of children’s services for young people NEET.

Features

• Compliant with NCCIS requirements
• Statutory Reporting
• Error and Quality Management
• Community Web Portal
• Telephone and on-line support regardless of vendor
• Data Processing and Analysis

Benefits

• Dedicated applications
• Comprehensive reporting suite
• Support regardless of vendor
• Independently accredited
• ISO 27001 Accredited Information Security Processes
• ISO 9001 Accredited Quality Standards
• Cyber Essentials Certified Hosting

£8,216.25 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

130216006223499

Contact

Access UK
01206322575
tendernotifications@theaccessgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance: We will advise customers 5 working days in advance of a 'normal' change. Software upgrades are carried out at the customer's request following release of new software.
• System requirements:
  • Internet Access
  • Compatible Web Browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Access has developed a range of support plans. Our online Knowledge base and Community service plans are available to all our clients. We have made significant investment in our client support tools. The Success portal provides around the clock access to log incidents, browse articles and videos to find solutions. Our Support teams are available M-F 8-6. On these plans P1 cases are responded to in 30 minutes. Please refer to Access for further details.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Access operates a standard service level for the NCCIS solution which is designed to provide appropriate and reliable response and resolution times to all of our customers at a cost effective price. Responses are guaranteed within 1 working hour for all priorities with the exception of priority 1 issues which have a 30 minute response.; ; The Support desk is staffed between 9.00am and 5.00pm UK time, Monday to Friday, excluding Bank Holidays. Technical and operational incidents can be logged via the phone during opening times. Incidents may be logged and updated via email or by the Customer Portal 24 hours a day seven days a week. All incidents logged via the above methods will be responded to by a support consultant within the timescales stated during the working day.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Onsite/remote training will be scheduled as part of the project plan and agreed by both parties. Delivery of the training will be modular and will follow the logical relationships between the system and the data. Following any changes to the solution, all relevant training material will be updated as appropriate and additional training will be made available as required. We will ensure that users learn through doing. Our consultancy and training services cover: - Overall application overview - System administration and setup consultancy - Document management - Application sub-modules, specialist service area modules - Reporting And include: - Full user guides for each attendee, supplied in electronic format - Train-the-trainer approach - Use of on-line Support and Customer Portal - Use of on-going support via the Support desk
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: All data held in the solution belongs to the customer. Data can be extracted via table views from the application into CSV, via Reports or via chargeable services to extract data which is otherwise unavailable to extract via the front end application.
• End-of-contract process: Data is provided to the customer in the agreed format as described in the response above. The data is deleted securely when the customer has agreed all data has been provided and drives holding the data are securely cleansed. Access can provide an Exit Management Plan to highlight the steps involved in decommissioning the application. Support can be provided to extract data for you on a time and materials basis.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The NCCIS portal is mobile device compatible.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: The service is resourced for the finite amount of users who are able to use the service. The service also has a buffer / queue system to control the performance related to submission processing. All other functionality is low demand (e.g. uploading / downloading of static files) which is guaranteed by an infrastructure level packet management system, which reserves the required bandwidth for the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are provided in the form of call lists which users can filter on calls outstanding either by call reference, created date range, call status, name of reporter, assignee and summary. Customers can log in to the online support portal to view this information as and when required at no additional cost. Service measurements are used internally to monitor performance accordingly. Reporting of SLA performance and KPIs can also be provided.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Access is required to export any data required by the customer.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • TXT
  • SQL
  • XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML standard of uploading of statutory data to national system
  • Doc - For the purpose of sharing between organisations
  • Docx - For the purpose of sharing between organisations
  • PDF - For the purpose of sharing between organisations
  • Zip - For the purpose of sharing between organisations

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The NCCIS Web Portal is guaranteed for 99.5% availability. Calls to the Helpdesk are available between Monday to Friday 9:00 to 17:00, excluding Bank Holidays. All calls logged with Helpdesk are responded to under the SLA
• Approach to resilience: The solution has been designed to cater for a range of disasters. All customer databases are mirrored on secondary servers. This means if the production database fails, users can be switched onto the mirror system whilst any repair or recovery work is carried out. More detailed information available on request.
• Outage reporting: Access utilises industry standard monitoring solutions which immediately alert our teams to a service outage. Contact with customers is made via telephone or email to agreed contacts. Users can also subscribe to email alerts giving updates on scheduled maintenance and outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We operate role profile based Access Control - based on least privilege access. This applies to all our services.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISOQAR
• ISO/IEC 27001 accreditation date: 01/09/2014
• What the ISO/IEC 27001 doesn’t cover: Nothing is excluded from the Standard
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Every minute we run over 100 checks against our hosted systems. These checks cover a wide range of areas including but not limited to, data validation checks, CPU usage, Temp file sizes, exceptions, report errors and runtimes.; The integration of our monitoring with our Support Team means our Support Consultants have live access to each of these checks and will be alerted immediately to any result that falls outside of expected values. This direct link allows us to react immediately to any faults or issues, helping to ensure the system runs smoothly and the end user experience isn’t affected.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Access UK Limited is a Software author and provide associated services, including Hosting, Payroll Bureau and Payment services. We recognise that although we do not undertake manufacturing, our day to day operations will have impact on the environment at global, national, and local level. We are committed to the care of the environment and the prevention of pollution. •Access ensures that all our operations are carried out in with the minimum adverse effect on the environment but implementing many available resources and approved processes •We protect the environment by striving to prevent and minimise our contribution to pollution of land, air, and water •We keep wastage to a minimum and maximise the efficient use of materials and resources, and manage disposal of all waste in a responsible manner •We use energy, water, and natural resources wisely and prevent pollution by minimising waste, recycling whenever possible and properly disposing of waste that cannot be recycled. •Our management processes are developed to ensure that environmental factors are considered during planning and implementation •We raise employee awareness and encourage best practices for sustainability at work

  Equal opportunity

  We want everyone to feel at home at Access, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual; after all, if we were all the same it would be a pretty dull place. We love the fact that we’re all different. Having more diverse perspectives at work improves how we run our business, helps us support our customers, and when you think about it, it's just more fun. For us, this all starts with helping everyone feel part of the family and being at their best every day, making Access a place where everyone can love what they do and do what they love. We all have regular check-ins with our leaders, take part in monthly employee surveys, have lots of chances to share our views and ask for help, and with our own learning system, 'Access Shine', we really can make things even better each and every day. At Access we'll always hire the best candidate but we're continually looking for creative ways to increase the mix of diverse candidates into our recruitment process. On the basis that you ‘have to see it, to be it’, one thing we're doing is sharing more stories to celebrate the wonderful diverse range of talent we have at Access. It is important for us that our employees understand and reflect the customers and communities we support, and we want everyone to feel at home here, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual.

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £8,216.25 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.