iAM Compliant

iAM Compliant

Every school has a legal duty of care to their staff, pupils, parents and visitors. Our simple online compliance tool can not only help schools keep on top of all their day-to-day statutory requirements - it will also guide them through all the legislation they need to abide by.

Features

• Affordable and intuitive compliance solution for schools
• School safety management system
• CPD training access
• World-class animated training library
• Real-time task reminder
• Maintenance task request functionality
• Incident and accident log
• Risk assessment, policy and procedure storage functionality
• Dynamic Risk Assessment tool allows easy creation of risk assessments
• Electronic auditing functionality

Benefits

• Saves time and money on your school’s compliance management
• Improved business intelligence about your compliance
• Know which DfE-compliant policies your school needs to follow
• Improve your premises safety before an accident happens
• eLearning covering health and safety, safeguarding, mental health and more
• Never miss an important compliance deadline again
• Monitor documents for staff to sign electronically, meaning reduced paperwork

£599 to £1,999 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at support@iamcompliant.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

192099334972539

Contact

Luke Pargeter
0330 38 39 315
support@iamcompliant.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Our service has no service constraints that buyers should be aware of. If we become aware of any, such as planned maintenance, we will inform customers as quickly as possible to minimise disruption and inconvenience.
• System requirements: A modern web browser (e.g. Edge, Safari, Chrome or Firefox)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond to tickets raised during our working hours (weekdays 09:00-17:00) typically within 30 minutes. Tickets submitted outside of those times receive replies on the next working day. Users cannot manage the status or priority of their support tickets – we determine priority based on business impact.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Technical and user support is included within the price of the contract. All users should expect to receive the same level of support – iAM Compliant do not alter the quality of our customer service from client to client.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: IAM Compliant provide an onboarding session for new customers where a member of our team will walk them through the capability of the app and tools. We are creating a series of onboarding videos which will support this process and allow greater levels of automation. There is an extensive Knowledge Base and supporting information contained across the app indicated by a “?” wherever users need to know more.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: At the end of their contract, users can access a data export which is provided on a per location basis. This can be done by admin users within the settings for each location contained in their account.
• End-of-contract process: When a contract comes to an end, the school is offered a renewal contract. If they decide to continue, then access is maintained. If they decide to cancel, at the point of contract end, access will be revoked. There is a trial version of iAM Compliant, iAM Essentials (which only includes 20 courses and the core items of functionality) or the full iAM Compliant which includes access all areas and all training content. We’re in regular dialogue with customers ensuring smooth transition from one contract period to another.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The content has been developed using responsive design, ensuring it can adapt to the dimensions of the screen it is displayed on. No installation is required for iAM Compliant. We do have a community forum called the iAM Staff Room which facilitates the sharing of best practice amongst customers, which can be installed as an application on mobile and tablet devices but is not required.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: IAM Compliant allows you to create, upload and track your live school policies and risk assessments against the Department of Education’s statutory requirements. Our document management feature also enables you to monitor documents for staff to sign electronically, meaning a huge reduction in paperwork, which in the past was susceptible to loss or being incomplete. The service interface is a web-based portal featuring online libraries of documents, visual calendars to enable scheduling and reminders, and a full suite of eLearning courses with interactive features. Our training library features animations and interactive components.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: All online content meets WCAG 2.1 AA standard.
• API: Yes
• What users can and can't do using the API: We allow users to generate API tokens so they can access reporting data in other applications. We provide documentation for users in order to assist with this service. We do not currently offer any API services beyond this.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Admin users can choose to deactivate any features of the application that they do not wish to use for their school.

Scaling

• Independence of resources: All user traffic is spread over the same server cluster. Server capacity can be scaled up on demand to meet increased usage.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide reporting metrics for each area of the application; planned maintenance task completions, document readership, incident reports, help desk ticket resolutions, form responses, and course completions.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Certain sensitive data fields are encrypted in code. Data is otherwise not currently encrypted at rest.
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We provide several different data export options, including via API tokens which will allow users to automate their data exports and a CSV download option.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Where you have a User Subscription, we shall use commercially reasonable endeavours to make the Services available 24 hours a day, seven days a week, except for:; Planned maintenance carried out during the maintenance window of 10.00 pm to 2.00 am UK time; and; Unscheduled maintenance performed outside our normal business hours.; ; We don't have any SLAs in place with customers where we would be obligated to provide refunds as far as we are aware.; ; Our nominal/SLA up time is 100%, minus the sum of downtime of Heroku (+ sum of downtime of Amazon where that affects heroku), and minus (to a lesser extent) other services we rely on to stay up (e.g. cloudinary which would cause a partial outage); ; If big service providers like Heroku, Amazon, or Cloudinary go down then their engineers will be working as fast as possible to get them back up and running because a huge chunk of the Internet will be affected. We do not work out of hours to resolve issues, in hours only.
• Approach to resilience: This is available upon request.
• Outage reporting: Any identified outages will result in a status page alerting users. The page is set to automatically refresh and return the status to ‘normal’ once the service has fully resumed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: There are 4 different user types:; Account Owner;; Location Manager;; Facilities Staff;; Reporter.; ; Account Owners can control the level of access users have to specific features through their Account Settings admin area. For example, they might want to make a role for someone to be able to manage the incident book, but not give them any access to the premises area; or might want someone to be able to view different areas but without being able to make any changes, like an auditor. Individual features can be added and removed at any point in Account Settings to create Custom Roles.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials: IASME-CE-036447.

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We follow best practice but are not accredited to ISO:27001.
• Information security policies and processes: Policies and procedures utilised by iAM Compliant include our Data Processing Agreement, Terms and Conditions, Privacy Policy, Cookie Policy and Information Security Incident Management Policy. All have been created and kept in line with the Data Protection Act 2018 and GDPR, with our CIO taking responsibility for updating and monitoring policies on an ongoing basis. The terms of these policies are disseminated to staff during our induction process and included as part of our Employee Handbook for reference. The importance of adhering to our information security standards is maintained throughout refresher training, delivered yearly by our CIO.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All updates and changes to the iAM Compliant system are version controlled and go through an internal review and testing process. All changes must pass our test suite prior to deployment. The application code is monitored for security vulnerabilities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A system of automated alerts informs our development team of potential security vulnerabilities in library dependencies. These are assessed manually, and patches applied as soon as practically possible (usually within 1-5 business days).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Server errors are automatically alerted to our technical team. Potential compromises are assessed within business hours and prioritised as part of our ongoing development and maintenance work.
• Incident management type: Supplier-defined controls
• Incident management approach: IAM Compliant’s incident management process follows the protocol set out in our Information Security Incident Management Policy. Events and weaknesses need to be reported at the earliest possible stage as they need to be assessed by the Chief Operations Officer. The COO [or other named role] enables the business to identify when a series of events or weaknesses have escalated to become an incident. Incident reports will then be created and updated as necessary with timescales, before action is taken by the Incident Team and passed for review.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Here at iAM Compliant, we are committed in encouraging equality, diversity and inclusion across the workplace and aim to demonstrate excellence in these areas. We provide equality, fairness and respect to every member of staff regardless of their role and aim for our workforce to be a representative of all members of society. iAM Compliant recognises and accepts its statutory obligations under the Equality Act 2010 and the Human Rights Act 1998. Our Equal Opportunities Policy in respect of these aims to achieve equality by removing potential discrimination and gives staff confidence that employment decisions relating to recruitment, dismissal, redundancy, absence etc. will be fair decisions without discrimination by reason of a protected characteristic. ; ; No member of staff or client will be discriminated against on the basis of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. All staff must treat each other and the clients we liaise with in a respectful manner. Direct discrimination, indirect discrimination, victimisation, bullying and harassment are all prohibited. ; ; Our staff must ensure that their conduct conforms to the expected standards of our policy. We take complaints about misconduct of equal opportunities and diversity extremely seriously, and such acts are dealt with as misconduct by the organisation. With extremely serious cases, this includes dismissal without notice. This is enforced throughout employment, including recruitment. Our diversity and recruitment policies are updated and edited to ensure that they are up to date and relevant in accordance with legislation. Furthermore, to reduce the disability employment gap, we provide support for disabled workers such as a work mentors and fully support them with time off for appointments, flexibility in work plans etc. to ensure that they thrive.
• Wellbeing:

  Wellbeing

  All iAM Compliant customers all have free access to our full training library. All of our content is 100% original and created in-house by our expert learning and development team. Our high-quality animated courses are condensed into engaging, manageable chunks so staff can receive the training they need, whenever is convenient. Our Collections are IOSH approved and CPD certified which gives clients piece of mind knowing they are getting high quality content. Some of our most popular courses include Health and Safety, Policy and Compliance, Safeguarding, Mental Health, Behavioural Change (Soft Skills) and Cyber Security. This complimentary suite of eLearning courses is designed to help employers achieve a workplace where employees can thrive.

Pricing

• Price: £599 to £1,999 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Your 30-day free trial account will include all the features of the iAM Essentials package.
• Link to free trial: https://app.iamcompliant.com/signup

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at support@iamcompliant.com. Tell them what format you need. It will help if you say what assistive technology you use.