NEC SOFTWARE SOLUTIONS UK LIMITED

Jadu Creative by NEC

A low-code, web-based platform for digital service delivery. Incorporating collaborative case management, payments, forms, customer MyAccount and website with integration to NEC services. Build end-to-end digital transactions for service requests, applications, and payments. Secure, responsive, accessible websites on all devices. Includes rich toolset of APIs and extension points for developers.

Features

• Bundled with NEC Software Solutions integrations to Citizen Access portals
• Granular access controls, with audit trail and user login reports
• Forms are integration-ready with CRM, payment gateways, databases, etc
• Advanced form features: branching rules, data retention, PDF generation
• Web timeline view of customer cases, Real-time messaging and updates
• Non-technical workflow, rules and notifications configuration
• Create repositories for structured data and allow customer generated additions
• Visitor login and personalised landing pages based on stated preferences
• Customisable components for embedding third party content into homepages

Benefits

• Secure, extensible and affordable Content, Form and Case Management Platform
• Accessible forms & websites which meet WCAG 2.1 AA standards
• Highly secure hosting and GDPR-compliant platform
• Customer accounts providing transaction history and personalised web experience
• Build end-to-end digital services and drive savings through channel shift
• Quickly locate relevant content through powerful navigation and discovery tools
• No programming required - non-technical forms and service workflow design
• Developer API for easy system modification and extensions
• Platform built on open-source technologies
• Enable business users to configure complex systems integrations and payments

£300 an instance

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@necsws.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

141958748960198

Contact

NEC Frameworks Team
07852 936231
frameworks@necsws.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements: A modern web browser is required to access the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Jadu provide a level of support which is built into the monthly subscription cost. This provides an online help desk and ticketing system available 24/7 with telephone support during business hours (8am-6pm, Monday to Friday, except English Bank Holidays). ; ; On-call engineers will respond to critical availability issues outside of standard business hours. The support SLA is included in the terms of service document. ; ; The help desk is staffed with dedicated support engineers, with sysadmins, software engineers and other technical experts becoming involved to resolve support issues as necessary.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Online support web chat is provided using the Jadu Connect platform. The Jadu Connect user interface is regularly tested with NVDA and JAWs.
• Onsite support: Yes, at extra cost
• Support levels: Jadu provides a standard level of support, which is built into the monthly subscription cost. This provides an online help desk and ticketing system available 24/7 with telephone support during business hours (8am-6pm, Monday to Friday, except English Bank Holidays). ; ; On-call engineers will respond to critical availability issues outside of standard business hours. ; ; Jadu’s support SLA is included in the terms of service document. The help desk is staffed with dedicated support engineers, with sysadmins, software engineers and other technical experts becoming involved to resolve support issues as necessary. ; ; An Enhanced level of support (an additional £650 per month) increases the number of support accounts an organisation can have as well as out of hours deployments and a number of inclusive professional service days for small works. A named Customer Support Advisor is assigned to every customer, irrespective of whether standard or enhanced support has been chosen.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Jadu provides certified training for administrators, consisting of both Jadu Connect Foundation Training (Online), and Jadu Connect Practitioner Training (Webinar). ; ; Jadu can optionally lead with the build of the first digital service at a cost. ; ; Additionally there is an online implementation guide and online user manuals for administrators and customer service agents. ; ; Customer service agents are also able to access a dedicated online Jadu Connect Advisor Training course.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Tools are provided to export data from within the application. ; ; Form structures can be exported as .tar files, user submitted data can be exported in CSV and XML format. ; ; Any other form data not accessible via the export tools provided in the application can be exported via database export. Users can extract all case data via csv export or webhooks.
• End-of-contract process: A service plan can be cancelled at any time.; ; When you do this, your platform becomes unavailable, and all public-facing forms are taken offline – no further usage or subscription charges will apply. ; ; You will have access to your platform for export purposes only, for a further 30 days, following which all content and data will be deleted permanently.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The platform uses responsive web design to allow the same interfaces to adapt and be displayed on devices of different dimensions. This means that both desktop and mobile users can access the same features in the same place, giving a consistent experience across all a user's devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Jadu’s modern interfaces are developed using the Pulsar user interface framework. The platform uses responsive web design to allow the same interfaces to adapt and be displayed on devices of different dimensions. This means that both desktop and mobile users can access the same features in the same place, giving a consistent experience across all a user's devices.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Jadu’s modern interfaces developed using the Pulsar user interface framework are tested using desktop screen reader software, and our text editor supports a variety of screen readers including JAWS, VoiceOver, NonVisual Desktop Access (NVDA) and ChromeVox. Additional testing has been undertaken to confirm that animated backgrounds in the software do not trigger seizure in individuals with Photosensitive epilepsy.
• API: Yes
• What users can and can't do using the API: The Jadu Connect Service API provides users with the ability to create and update service requests (cases), progress cases through the workflow and register and retrieve contact details. ; ; Jadu Central supplies both a PHP and RESTful XML API. The PHP API is fully functional, allowing both read and write of application data. The RESTful XML API allows users with an authorised API key to access publicly available content already published to the website.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: A broad range of settings can be adjusted from within the application user interfaces. ; ; Additional custom functionality can be developed to extend the core feature set. Extensibility of the platform is a core feature of the Jadu Central.; ; For the digital concierge component of the platform branding options allow customers to upload their own logos and set a system-wide colour scheme. For the form and website component, skinning is possible through web template design.

Scaling

• Independence of resources: Monitoring tools are used to measure usage of the application and where necessary additional resources can be added.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly and daily reports for number of cases by case type for a user defined date range. Users can export all case data to CSV to build reports not currently available in the reporting dashboard. Webhooks can also be configured to push real-time updates to a central datastore / reporting service endpoint for consumption.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Jadu

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Sensitive data is encrypted within the database and filesystem. 'Sensitive data' includes: - Any data submitted by a member of the public, including their personal details - The personal details of internal users of the system - IP addresses - API access credentials
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Through the service application interface.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: Case workflows and forms can be imported in JSON format.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Traffic between various network tiers is restricted with the use of both physical and local software firewalls. ; ; Additionally where applicable TLS encryption (Version 1.2 or above) is utilised. ; ; Data exchange within various internal networks may use a combination of IPSec VPNs, SSH, TLS or Encrypted RDP protocols.

Availability and resilience

• Guaranteed availability: We guarantee 99.9% availability excluding planned maintenance. Our SLA is contained within our terms of service.
• Approach to resilience: This information is available on request.
• Outage reporting: Customers are notified by our support team in the event of an outage and we maintain a public status dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Users must create an account with their email address and a password with min 8 characters, at least 1 upper and lower case and one symbol.
• Access restrictions in management interfaces and support channels: The application user interface provides granular access control for Jadu Central users. The user’s experience of the publishing environment can be controlled at multiple levels. User permission management and workflow management are carried out via the application user interface. Individual users can be temporarily disabled when necessary.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 07/06/2021; valid until June 2024. Certificate IS 598449.
• What the ISO/IEC 27001 doesn’t cover: The NEC Information Security Management System (ISMS) is registered to ISO 27001:2013 and therefore audited by BSI at least annually. All NEC staff are required to comply with the ISMS.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001:2015
• Information security policies and processes: We follow a security policy approved and externally audited as part of our ISO27001 accreditation. A copy of the policy is available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration changes must be submitted to a review process. An audit trail of configuration changes is retained. Configuration changes are applied by an automated, tested process, never manually to eliminate human error.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our sysadmin team members are subscribed to various vulnerability publishing lists e.g. cve.mitre.org. Any published and relevant vulnerabilities affecting the application stack are carefully reviewed. If a vulnerability is discovered that affects any of the stack components and a vendor patch is available Jadu will attempt to contact the customer to establish a suitable time for updating the affected software. If customer data or reputation is at risk and the customer is unreachable within a reasonable time window we will apply the patch in an emergency immediately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Jadu uses internal and external monitoring systems to monitor server health in real time.
• Incident management type: Supplier-defined controls
• Incident management approach: An incident will be reported via portal or telephone or identified by our service desk team. The service desk team will analyse the incident and gather as much information as possible from log files, investigations etc and will at the same time make senior management aware of the incident and escalate appropriately in accordance with our defined escalation procedures Following an incident, a report will be compiled and shared with the customer and any further actions clearly identified. All incidents are reviewed by Jadu’s security council quarterly and this process is subject to external audit via our ISO27001 accreditation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  NEC has committed to being Net Zero by 2030. We project our carbon emissions will reduce by 50% from our baseline by 2026. ; We have implemented a multitude of initiatives to support this:; • Appointing an Environmental Manager and Environmental Champions.; • Successfully obtaining certification for and implementing ISO14001:2015 Environmental Management System (EMS). ; • Developing a Carbon Reduction Plan, which is published on our website and an Environmental Strategy.; • Maintaining an Environmental Aspect and Impact Register (down to site level) through which to capture elements of our operating practices which could negatively impact the environment.; • Working with government accredited consultants to understand environmental impact and using outputs to inform future improvement activities.; • Collaborative activities to influence customers, supply chain partners and employees.; Specific initiatives applicable to our contract delivery approach include:; • Energy used on the contract will be from green energy sources.; Business travel will reduce where possible through utilisation of technology such as:; • Video conferencing.; • Sharing documents.; • Conference call facilities.; • Working from home/flexible working arrangements.; • Approval controls in place for commercial flights.; • Use of environmentally friendly data centres.; Our Environmental Policy objectives, relevant to the contract include:; • Meeting all relevant legal requirements and monitoring our compliance.; • Minimising our environmental impacts for the life cycle (including disposal) of work equipment and other physical assets under our control.; • Demonstrating efficient use of energy, water, and other natural resources.; • Maximising opportunities to minimise our waste by reusing or recycling waste, where practical.; • Ensuring our supply chain is aware of our environmental policy and our commitment to ensuring its effective implementation.; • Increasing environmental awareness and commitment amongst colleagues through training and briefings.; Continuing to identify opportunities to improve our environmental performance through clear objectives, plans and targets.
• Covid-19 recovery:

  Covid-19 recovery

  Since the emergence of Covid-19 as a global health crisis, we have supported our customers and the local communities they serve to adapt to the challenges posed by the pandemic. As a supplier of software and services to the public sector, this has included rapid development and deployment of software solutions to enable the efficient and effective delivery of new government schemes and changes in legislation, such as provision of Test and Trace Support Payments and new hospitality sector licensing requirements. ; Initiatives we have implemented to support the policy outcomes include:; • Increasing our pre-pandemic workforce numbers through recruitment of an additional 250 UK based roles, many of whom were unemployed following redundancy from other sectors such as hospitality.; • Re-training and redeploying temporarily displaced colleagues rather than imposing redundancies or taking advantage of the furlough scheme.; • Commitment to investing over £400,000 in training and apprenticeships.; • Working collaboratively with customers to introduce new ways of working.; • Delivering community based social value through donations in kind to voluntary sector organisations impacted by the pandemic. ; As part of our response to the pandemic we invested in and introduced several initiatives and workplace adaptations to protect employee health and safety, including:; • Introducing wider use of remote and flexible working, including making additional allowances for those caring for young children.; • Enhancing office safety, including installing sanitising stations, hygiene screens and digital thermometers.; • Increasing the frequency of colleague communications, with a focus on provision of mental health support and reducing the risks of isolation/loneliness.; • Providing all employees with free access to additional specialist resources, including 24x7 counselling and mental health services.
• Tackling economic inequality:

  Tackling economic inequality

  We recognise the expertise, innovation and value that can be gained from having a diverse supply chain and providing all suppliers with a fair and equal opportunity to become suppliers to us and our customers. We operate openly and transparently to enable this collaboration with third-party suppliers including large enterprises, sub-contractors, SMEs, VCSEs, mutuals and social enterprise organisations. ; Additionally, we are committed to nurturing new and existing talent and creating a sustainable learning and development culture, equipping our staff with the appropriate skills, knowledge and processes so the company continues to deliver innovative, industry leading solutions.; Processes and practices we have adopted to tackle economic inequality include:; • Using outcome-based specifications and co-design methods to encourage suppliers, communities, users and third sector organisations to collaborate and propose solutions based upon end user requirements, rather than being prescriptive.; • Advertising supply chain opportunities openly and always operating transparently. ; • Including modules covering anti-bribery and corruption, whistleblowing, equality and diversity in our all-colleague compulsory Annual Compliance Training.; • Having policies and operating practices that support effective supply chain relationships through fair selection and responsible management. For example, only flowing down appropriate contract terms. ; • Paying at least 95% of all invoices within agreed terms and agreeing to reduced payment terms for SMEs and subcontractors.; • Never deducting sums from payments as a charge for remaining on our supplier list. ; • Investing in new jobs and training opportunities through an active Apprenticeship scheme.; • Creating opportunities for career progression and investing in reward and recognition initiatives that support employee retention. ; • Following the foundational principles of the Good Work Plan in respect of employee satisfaction, fair pay, well-being and safety, career progression, voice, and autonomy.; • Having appropriate controls in place to mitigate cyber security risks.
• Equal opportunity:

  Equal opportunity

  We want to be an employer of choice for people of all backgrounds, regardless of sexuality, disability, nationality, race, gender or religion. We are committed to ensuring workers either directly employed or employed within our supply chains are treated fairly, humanely, and equitably.; To encourage a diverse and varied workforce our approach to equal opportunity includes:; • Ensuring job adverts reach a diverse audience, including utilising job sites which encourage interest from disadvantaged and Black, Asian and Minority Ethnic (BAME) groups.; • Inclusive and accessible recruitment practices, supporting candidates with disabilities through provision of supportive technology and/or changes to working practices.; • Collecting, analysing and senior reporting of equality and diversity data obtained during recruitment activities.; • Making appointments on the grounds of selecting the most suitable candidate for the post.; • Gender-neutral role definitions.; • Ensuring policies and employee communications promote respect and equality for all.; Other activities supporting equal opportunity within the workforce include:; • Tackling gender pay gap, through annual audits. Women now comprise over a third of our leadership team, including our Chief Executive. ; • Compliance with Modern Slavery Act 2015 and 9 core principles of Ethical Trading Initiative Base Code.; • Ensuring effective controls are in place to mitigate and manage risks of exploitation within the supply chain, including supplier questionnaires and evidence requirements.; • Provision of appropriate channels for colleagues to have an effective voice, such as our Employee Steering Group.; • Investment in workforce development and training, including an active Apprenticeship and Graduate Recruitment programme.; • No use of zero hours contracts or fire and rehire practices.; • Being a Real Living Wage Employer.; • Flexible working practices.; • Transparent and structured promotion, pay and reward processes.; • Senior level sponsorship at board level supporting and promoting equal opportunity beyond basic statutory requirements.
• Wellbeing:

  Wellbeing

  Physical Fitness and Mental Stability is one of our sustainable development goals.; Our approach to supporting good health and wellbeing which will be applicable to the contract workforce includes:; • Providing employees with free and confidential access to specialist resources 24x7, including counselling and mental health services through our Employee Assistance Programme. ; • Providing private healthcare cover for employees. Cover includes Doctor at Hand service to provide employees with fast and convenient access to advice, assistance and medical treatment, GP appointments anytime and anywhere.; • Maintaining compliance with the six standards of the Mental Health at Work commitment and a dedicated module to promote health and wellbeing as part of our all-colleague compulsory compliance training.; • Accommodating workplace adjustments, such as supportive technology for those with a disability or health condition.; • Encouraging good physical health by providing discounted corporate gym membership over 3,300 participating gyms through our employee GymFlex scheme.; We incorporate national health and wellbeing campaigns within our communications calendar, raising employee awareness and signpost to useful support pathways. Our 2022/23 calendar include raising awareness of the following nationally recognised campaigns:; • Stress Awareness Day.; • Mental Health Awareness week.; • World Menopause Day.; • National Eye Health week.; • World Diabetes Day.; • Stress Awareness Month.; • Suicide Prevention Day.; • Men's Health week.; Within one of our acquired businesses, we have Mental Health First Aiders who have trained to spot signs of mental ill health and provide early support for colleagues who may be developing a mental health issue. ; Supporting employee health and wellbeing is underpinned by clear action plans for improvement and several Human Resources policies, such as our:; • Health and Safety Policy; • Alcohol, Drugs & Solvent Abuse Policy; • Menopause Policy; • Absence Policy ; • Flexible Working Policy; • Gender Reassignment Policy.

Pricing

• Price: £300 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@necsws.com. Tell them what format you need. It will help if you say what assistive technology you use.