LIGHTNING SOCIAL VENTURES LTD

Financial support portal facilitating scheme administration, grant applications and user engagement

Lightning Reach Accept is a financial support portal which enables people to find and apply for a wide range of personalised support in one place. Organisations can set up applications to their support schemes, using best-in-class technology to streamline administration, gather data and engage a wide range of users.

Features

• Complete grant and support administration management platform
• User-Friendly Interface
• Document Upload and Storage
• Automated ID Verification
• Open Banking Integration
• Customisable modules and application forms
• Reporting and Analytics Dashboard
• Access to other support and grant applications
• Multi-device accessibility (including mobile-friendly design)
• Security and Compliance Measures and multi-factor authentication

Benefits

• Simplifies the grant management process to efficiently handle applications
• Saves time for applicants/staff reducing processing times and increasing efficiency
• Gather accurate information, reducing errors and improve decision-making
• Enhance security and compliance, while minimising risk of fraud
• Increased accessibility allowing diverse range of users to access/manage applications
• Save on administrative costs and allocate resources more effectively
• Improve applicant experience to increase satisfaction and engagement
• Faster and more effective decision-making
• Real-time reporting and automated dashboards for your support
• Greater positive impact by reaching a wider range of beneficiaries

£8,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dave@lightningreach.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

161450187666079

Contact

Dave Farquharson
+447361583244
dave@lightningreach.org

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The service does not guarantee success in applications and requires accurate input from the user. The platform currently has no functionality to allow fulfilment on the portal (e.g. to buy vouchers and send directly to recipients)
• System requirements:
  • A modern browser like Edge, Chrome, Safari or Firefox
  • An adequately fast internet connection.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The average response time for user support is less than 2 hours.
• User can manage status and priority of support tickets: No
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: The support helpdesk is available to support customers and their clients with any difficulties using the Lightning Reach portal. For certain tiers, a dedicated account manager will be assigned to provide personal support.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The onboarding process includes personal support in setting up your organisation on the Lightning Reach portal. This includes dedicated online training for all members of staff that will be using the portal.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Extracting data is a bespoke service, which will be available on request
• End-of-contract process: The offboarding process is bespoke, based on the customer's needs. If necessary, the customer can arrange continued access to end-user data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service has been designed to work on a wide range of devices, primarily mobile phones. There are no differences in using the service.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The Lightning Reach portal uses trusted and secure technology to make it easy to find and apply for financial support. We’re collaborating with a range of partners across the UK so you can apply for personalised support from multiple providers, whenever you need it.
• Accessibility standards: None or don’t know
• Description of accessibility: The portal is very simple, with large, easy to read buttons and graphics enabling users to access the wide variety of services Lightning Reach offers.
• Accessibility testing: None.
• API: Yes
• What users can and can't do using the API: Users can enable automated data transfer through Lightning Reach to their own CRM system.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Additional custom services and features can be offered at agreed prices up request through their Account Manager.

Scaling

• Independence of resources: Services are running on GCP Cloud Run, with autoscaling enabled. Different parts of the system are decoupled via PubSub messaging. Persistence layer runs on a High Availability cluster.

Analytics

• Service usage metrics: Yes
• Metrics types: Service utilisation, API error rates, response times, user engagement, drop-off rates.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Extracting data is a bespoke service, which will be available on request
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLA for portal availability is 99.9%. Refunds can be agreed on case by case.
• Approach to resilience: Our service is built on Google Cloud Platform, utilising multiple availability zones for resilience and leveraging serverless technologies for efficient scaling. High availability configuration is used for databases, to ensure automatic failover and minimal service disruption.
• Outage reporting: Customers will be alerted as soon as practically possible of any notable outages or significant incidents. Notifications will be via email through the account manager or support team.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We use two-factor authentication (2FA) wherever possible to enhance access security. Additionally, we maintain separate accounts for administrators distinct from their daily work accounts, ensuring a clear separation of roles and responsibilities. Permissions to cloud resources are managed using identity and access management principles, strictly adhering to the least privilege principle.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance structure involves the CTO, Head of Operations, and Data Protection Officer (DPO), all reporting directly to the CEO. This structure ensures that information security is integrated into our top-level management and decision-making processes.
• Information security policies and processes: Our information security policies and processes are guided by principles from ISO/IEC 27001. We maintain a comprehensive cybersecurity security policy, which is reviewed annually. Our Data Protection Policy complies with GDPR, the UK Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.; ; Our security governance structure involves the CTO, Head of Operations, and Data Protection Officer (DPO), all reporting directly to the CEO. This structure ensures that information security is integrated into our top-level management and decision-making processes.; ; To ensure adherence to our policies, we engage in active monitoring and conduct annual security audits, to evaluate the effectiveness of our security measures and identify areas for improvement.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our configuration and change management process ensures strict environment segregation with dedicated development, testing and production environments. Components of our services are tracked throughout their lifecycle via automated CI/CD pipelines. Changes undergo peer reviews to assess potential security impacts and maintain separation of duties.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process involves continuous monitoring and assessment of potential threats through automated scanning and peer reviews. We complement these with annual penetration tests conducted by third-party vendors. Once a vulnerability requiring remediation has been identified, it is logged and prioritized according to severity.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes involve comprehensive logs and audit trails to identify potential security issues. We use alerts based on log severity and system metrics to detect unusual activity quickly. Potential compromised is promptly triaged and response prioritized according to severity.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents can be reported through our support channels or identified automatically by alerts. Upon detection, we follow a standardised process to evaluate the severity, determine necessary communications, and implement mitigation strategies. Playbooks are available for common events to ensure efficient incident resolution. Incident reports are available upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  Lightning Reach is a financial support portal enabling the financially vulnerable to more easily access the help available. The support offered across various platforms is confusing and fragmented, meaning people can easily miss out on what they are entitled to. In the middle of a cost-of-living crisis, this can be disastrous, so Lightning Reach brings together the multiple applications across numerous organisations to assist struggling households to access benefits, social tariffs, grants and discretionary payments,

  Equal opportunity

  Lightning Reach has a diverse leadership team, and our inclusive-first approach in transforming how people in financial hardship access the support they need won us the TechNation Diversity and Inclusion award from over 255 applications.

  Wellbeing

  All employees at Lightning Reach are offered flexible and remote working, to allow them to be in control of their own time. We also give a £500 learning and development budget to help staff access new training and wellbeing opportunities.

Pricing

• Price: £8,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at dave@lightningreach.org. Tell them what format you need. It will help if you say what assistive technology you use.