LMT Ltd

Lumos Cloud Attendance

Lumos Cloud Attendance provides actionable insight on attendance and room utilisation to Education and Local Government. Student Services, Timetabling and Estates teams can analyse student/staff engagement, while high-level overviews enable SLT members to drive down costs and improve student/staff satisfaction

Features

• Attendance Tracking
• Room Booking
• Resource Booking
• Attendance Reporting
• Room Utilisation Reporting
• API

Benefits

• Available anywhere via laptop, mobile or tablet.
• Live instant reporting to aid quick and accurate decision making
• Timetabling Integration
• Works with blended learning solutions
• Attendance capture agnostic
• Can feed data in to analytics solutions

£1,500 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glyn@lmtuk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

189862667096288

Contact

Glyn Barry Mosses
+447803077960
glyn@lmtuk.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Modern Browser required to access the system
  • Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Cases will be assigned a Priority and responded to within the following timescales. ; ; Priority Business Impact Target (1st ) Response; 1. All or critical functionality unavailable, causing significant operational impact or system unusable - 1 hour; 2. Critical functionality unavailable, but interim workaround is available and accepted by Customer based on reasonable business criteria - 4 Hours; 3. A problem not preventing operations but with the potential to do so if unresolved - 8 Hours; 4. A minor problem either cosmetic or otherwise, and not preventing the operation of the system. Low impact/cosmetic - 24 Hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Tested by 3rd Party
• Onsite support: Yes, at extra cost
• Support levels: 1st Line Support. ; 1st Line is the initial support level. This level should gather as much information as possible from the end User. Support specialists in this group typically handle straightforward and simple problems. Personnel at this level have a basic to general understanding of the product or service and may not always contain the competency required for solving complex issues. ; ; 2nd Line Support. ; 2nd line support is a more in-depth support level than 1st Line. The personnel are more experienced and knowledgeable on a particular product or service. Support specialists in this realm of knowledge are responsible for assisting Tier I personnel in solving basic technical problems and for investigating elevated issues by confirming the validity of the problem and seeking for known solutions related to these more complex issues. If personnel from this group cannot determine a solution, they are responsible for raising this issue to the ; ; 3rd Line support group. ; 3rd Line Support. This is the highest level of support responsible for handling the most difficult or advanced problems.; ; Support is included in the solution price
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A project management team and implementation service is available to guide customers through onboarding, this is backed up with training and documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted by users via our API. Alternatively our professional services team can help by extracting data.
• End-of-contract process: If the contract expires or is terminated for any reason,; we will make the Customer Data available to you in standard readable and secure encrypted form via email, CD-ROM, DVD, USB memory stick, USB hard drive (any applicable hardware for these purposes are to be supplied by you). We reserve the right to make a charge for such service (at our then current rates).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is accessed via browser so all functionality is available on both desktop and mobile.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: API can be used to import and export data
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: We use multiple techniques to achieve this, leveraging the services available to us in AWS along side application specific approaches. For most services we use auto-scaling based on load and throughput to scale the service in line with the load on the system. From a database perspective we use a mix of scaling services and individual database instances to minimise the risk of a single customer impacting other customer. We also regularly review performance issues that may be raised from the application performance monitoring and will implement application changes/optimisations to remove such bottlenecks in the application.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide, on request, metrics relating to application performance and availability tracked over time, and customer specific. If required metrics on support cases (time to fix, backlog, etc.).
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be extracted by users via our API. Alternatively our professional services team can help by extracting data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Minimum 99.5% (Based on Monday to Friday - 8 - 6pm, excluding public holidays)
• Approach to resilience: We use a mixture of Active-Active and Active-Passive configurations, spread across multiple data centres to ensure high availability of the services it provides. All services have automated fail over processes to ensure minimal to zero downtime in the event of any failure. This is tested regularly using both system testing and chaos testing (see https://principlesofchaos.org/ for more information on chaos testing)
• Outage reporting: Our Managed Hosting service will proactively monitor the environment and provides us with timely warnings of issues arising to allow pro-active intervention. Monitoring is focussed on the health of the services and security.; The solution also captures capacity information over a period of time to allow for effective management.; ; We will:-; ; 1. configure and maintain a Monitoring Service to monitor and alert against detection thresholds;; 2. resolve failures and errors in the Monitoring Service in accordance with the Incident Management Service Levels; 3. ensure that critical and major monitoring alerts are reviewed and, where appropriate, an Incident logged by our Service Desk; 4. assign Incidents arising from monitoring to our Service Desk for diagnosis and resolution; 5. capture server and network infrastructure data to enable the provision of capacity trend analysis; ; Alerts will be remediated within contracted Service Levels and customers notified through standard channels

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: This is limited set of security checked users. Authentication is over secure network connection. Management consoles use Multi Factor Authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Amazon Web Services
• ISO/IEC 27001 accreditation date: 11/11/2016
• What the ISO/IEC 27001 doesn’t cover: Nothing
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 11/11/2016
• CSA STAR certification level: Level 2: CSA STAR Attestation
• What the CSA STAR doesn’t cover: https://aws.amazon.com/compliance/csa/
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: See https://aws.amazon.com/compliance/

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We are certified to ISO 27001:2103 and our Information Security Management System implements all mandatory controls and address all 114 Anex A controls of this international standard for information security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We follow a multi-approval change process. All changes are proposed, reviewed, tested and then finally approved for delivery. The stage gates ensure quality is maintained and risks are either removed or mitigated.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: From an environment perspective we leverage AWS service such as a Web Application Firewall which includes rules for OWASP top 10, Amazon Sentry and Guard Duty - these services pro-actively monitor the traffic and look for vulnerabilities taking direct blocking action and alerting as is appropriate. We also commission penetration and vulnerability testing from an independent 3rd party
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use multiple monitoring channels to get a full picture of the environment application, these include but are not limited to AWS CloudWatch for log management and metrics gathering, ElasticSearch with Kibana for Log and Metric Aggregation and AppDynamics for Application Performance Monitoring. All of these have alerting when key metrics are broken or availability may be impacted.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are categorised on an escalating scale of severity from maintenance/planned outages > performance impairment > P1 issues > unplanned outages. With a combination of automated monitoring, thresholds/ alerts and manual monitoring our web operations team assesses and triages performance. This includes mitigating environment scaling. In each category there are appropriate criteria for triggering communications with customers. Where resolution isn't immediate or within planned timings there is also regular update notification until the issue is closed.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  GREENER IN THE AWS CLOUD; In addition to addressing environmental risks, we also incorporate sustainability considerations into our data center design. AWS has a long-term commitment to use 100% renewable energy. When companies move to the AWS Cloud from on-premises infrastructure, they typically reduce carbon emissions by 88% because our data centers can offer environmental economies of scale. Organizations generally use 77% fewer servers, 84% less power, and tap into a 28% cleaner mix of solar and wind power in the AWS Cloud versus their own data centers. To find out more about our sustainability initiatives and to track our progress, visit aws.amazon.com/about-aws/sustainability.
• Covid-19 recovery:

  Covid-19 recovery

  Lumos Cloud Attendance allows the management of blended learning, registering attendance for students who attend on premise events and also students who attend remotely via online services. ; This allows Universities to keep track of students attendance if they need to socially distance or isolate due to Covid 19
• Tackling economic inequality:

  Tackling economic inequality

  Not Answered
• Equal opportunity:

  Equal opportunity

  Not Answered
• Wellbeing:

  Wellbeing

  Lumos Cloud Attendance can be configured to send alerts when students miss a pre configured number of events. Early intervention and pastoral care can improve student wellbeing and student retention.

Pricing

• Price: £1,500 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at glyn@lmtuk.com. Tell them what format you need. It will help if you say what assistive technology you use.