CogniSoft Limited

YETI MIS for Employability, Apprenticeships & AEB

YETI Infinity is designed for Apprenticeship, Learning & Skills and Employability providers; powerful management information tools for leaders & administrators and a feature-rich experience for tutors, learners & employers. The system delivers evidence of impact and effective management of funding claims for multiple contracts ESFA, UKSPF, DWP & Devolved Funding

Features

• Caseload management supporting Multiple Contract Delivery
• Financial Claims Capability for ESFA, UKSPF, DWP
• Financial Reconciliation of Funding Provider Data
• Financial/ Operational Planning Functionality to Support Multiple Programme Delivery
• Single system for end-to-end delivery across all programmes
• Organisations section to support CRM and vacancy management
• Remote Online Onboarding for Learners and Clients
• User dashboards to help manage workload/ caseload/ KPIs
• Flexible management information through custom reporting
• Mass communications via email and SMS

Benefits

• Effectively track client groups through to Outcome/Claim
• Record activities and interventions in flexible, user-friendly ways
• Measure and evidence the impact of your work
• Manage funding provider contracts with up-to-the-minute finance reporting
• Save time in data processing with online registration
• Tailored configuration to support local processes
• Focus staff on performance targets through dashboards
• Manages multiple employability and skills contracts in a single system
• Monitor the quality of provision with powerful reporting
• Improve data quality and reduce time spent in MI reporting

£225 to £975 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cognisoft.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

197752862174589

Contact

Nichola Castle
0161 777 2900
sales@cognisoft.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: All maintenance is planned out of hours and the service operates at 99.9%+ uptime.; ; YETI is compatible with all modern browsers and features responsive design, so compatible with all hardware - from PCs to tablets and smartphones.
• System requirements:
  • Supported Device - PC/ Laptop
  • Supported Device - Mac
  • Supported Device - Tablet
  • Supported Device - Smartphone (Android/ Windows/ Apple iOS)
  • Supported Browser - Modern browser such as Chrome, Edge

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Mon-Thurs 09:00 to 17:30; Fri 09:00 to 12:30 and 14:00 to 16:00; No weekend cover; ; CogniSoft undertakes to meet the following service levels for 95% of all calls received:; ; Priority 1 Respond Update Resolve; Immediate 2 Hourly 8 Hours; ; Priority 2 Respond Update Resolve; 2 Hours Daily 24 Hours; ; Priority 3 Respond Update Resolve ; 1 Week Weekly 20 Days
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer one standard SLA or service level of all customers and this is included in the cost of the cloud service/ licence.; ; The cloud service is monitored by network engineers 24/7 to ensure customers get the best performance from the system and do not experience any outages.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We spend time with the customer at the start of the project to understand customer's processes and programmes; using this documented set of requirements the system is configured by our Implementation Consultant the system to the customer's requirements .; ; Once the system is configured, there is a packaged training plan to suit the project needs, which will have been agreed during the sales process with the customer, covering all end user functions, system administration and custom report writing.; ; Training can be delivered either on-site, online or at the CogniSoft offices.; ; Training documentation is provided as part of the implementation and we have a full online Help Centre for ongoing system questions as well as a support desk to answer queries post go live
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
  • Other
• Other documentation formats: Online Help Centre
• End-of-contract data extraction: We provide an extract in a non-proprietary format at the end of the contract. This is written into the hosting contract which is attached to our listing.
• End-of-contract process: At the end of the contract customer data is prepared for return and has to be completed within 30 days of the contract end.; If the data is ILR data then an extract of the sILR XML is available without additional cost.; ; For non ILR data there may be a cost for preparing an export depending on the format and scope of the extract. ; ; There is a cap in the costs of a data extract in the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All application pages feature responsive design so will automatically render a mobile version when viewed on a mobile device. The application is optimised for mobile devices to give a better user experience; all functionality is available to mobile users and desktop users alike.
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: YETI has an open API comprised of a series of web services. We have several standard integrations based on RESTful services. This API enables any suitably skilled developer to create an automated feed of data from YETI to the destination data source using the online documentation.; ; Likewise, should customers wish to update the system with data from other associated systems, this integration can be built around the API.; ; Development of the integration can be in-house, or by commissioning CogniSoft to develop the integration. Costs for the API Licence are covered within the pricing document. Any development would be at our development day rate and quoted based on a specification. ; ; The API contains 40 methods/ functions covering core application functions across the main areas of the system; create learners/ contacts/ vacancies, update all attributes of these records, add intervention records etc.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: CogniSoft configure the system to customer requirements as part of the implementation. Thereafter, customers are trained to configure themselves through the admin section, subject to sufficient admin rights.; ; In summary, the following sections cover what can be customised:; Dashboard Configuration, System Settings, Section and Column Visibility, Column Names, Reference Table Entries, Dropdown List and Lookups, Flags, Business Rules, Page Visibility, History Visibility, Search Results, Qualification Visibility.; ; YETI is configured throughout via a series of sections and fields in the application which are tailorable to show/ hide fields, rename them, define response options. This gives the flexibility for a recording framework to be defined that meets the needs of a wide range of services.; ; Two illustrations are:; ; SILR page - all fields have show/ hide settings, the layout can be reordered, and labels renamed. Several configurations of the same page can be created and applied according to user roles.; ; History forms - Recording structure is completely configurable, all fields are re-nameable and have show/ hide settings based on the type of record that is being entered.; ; YETI also has the ability to make each field mandatory/ optional and has configurable business rules so that your own validation rules can be applied.

Scaling

• Independence of resources: Our application infrastructure design separates application, business logic and database resources to enable scaling where necessary. We use network and application level monitoring that is designed to prevent denial of service at varying levels. These countermeasures are designed to prevent users' actions, as well as malicious attackers, from impacting service for all users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We have standard XML exports for the contracts YETI support where these are required (sILR, LLWR).; ; Users can also export data during normal operational use, using either the API, our Excel based bulk data utility or via SSRS reports which can be output to CSV, Excel, Word and XML.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • Excel
  • Word
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We guarantee 99.6% uptime per month but achieve 99.96%+ uptime in the majority of months, We have achieved 100% uptime since June 2024. We do not offer financial rebates/ penalties for any availability related issues.
• Approach to resilience: Information available on request
• Outage reporting: Email alerts sent from our help desk to all customers in the event of any significant downtime. Follow up emails are sent at designated time increments to keep customers informed.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to service interfaces is limited to a subset of trained CogniSoft staff via a dedicated encrypted VPN connection. All management interface connections are made in line with our ISO27001 policies.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS
• ISO/IEC 27001 accreditation date: 09/05/2022
• What the ISO/IEC 27001 doesn’t cover: The hosting partner is not covered under our ISO certification, we ensure that they have their own certification and check annually that they have maintained it.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Cyber Essentials PLUS
• Information security policies and processes: CogniSoft have been ISO27001 certified since 2011 and have a robust Information Security Management System which is embedded into the Organisation. We will be migrating to the 2022 standard in March/April of 2025; ; Our ISMS has a fully audited set of policies documenting our procedures for security within our ISMS scope.; ; Our Board oversees the Implementation of the ISMS and our Information Security Officer is responsible for the day to day running of the ISMS.; ; It is the responsibility of each of the department heads to ensure that their team comply with policies and it is the responsibility of each employee to ensure that they understand and follow policies; ; We ensure that each member of staff are trained on the security policies during their onboarding, refresher training is provided once per year and attendance is mandatory.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes are documented, certified and audited as part of our ISO27001 undertaking. ; We use a change management tracking system to log all requests to change any component of the service. Our system enables us to track the request through to completion with an auditable log of each approval and action in the process.; All requested changes are assessed by the change advisory board (CAB) which is chaired by the information security officer. The CAB and must assess all impacts of the requested change, including potential security impacts, before the change can be approved.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: All servers holding customer data run anti-virus/anti-malware software with the latest definitions updated automatically when released by the vendor.; The patching policy for our production servers ensure they receive security updates in a timely manner. Patches are applied within 14 days of 'Patch Tuesday', providing balance between need for quick updates/need to ensure that the patches don't negatively impact the system.; Any security patches required in the application are included in the next available software release (2 weekly releases), unless the risk is rated Critical when we can patch/issue an emergency update to the application outside this schedule.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Active monitoring of the system, including user activity is built into the application providing Admin users the ability to review and react to unusual user behaviour and suspicious activity. ; CogniSoft monitors the underlying platform (CPU, RAM, Disk & Network Activity) in real-time. Alarms are set against specific values, such as 80% utilisation, as well as against unusual behaviour, such as more or less traffic than expected.
• Incident management type: Supplier-defined controls
• Incident management approach: CogniSoft has a documented incident response policy, which details how our staff log a suspected incident and the process that follows.; Our Technical Director has the overall responsibility for monitoring incidents.; We hold technical and administrative contacts for customers. In the event of any relevant incidents, the technical contact will be notified.; Events are reported via our helpdesk. A ticket is raised marked as ‘infosec’ and dealt with according to our processes. ; The support system notifies the customer via email of any updates . They can also log into our support portal to view tickets raised/actions against them.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Our service is a hosted software service and delivery of training and implementation activities can be delivered online if the customer requires. ; ; As the software is Web based, it can be used from any location, therefore customers who have Work From Home policies can be secure in the knowledge that their users can securely access the system from their preferred working location (saving travel etc); As we are a software house we do not produce any industrial waste.; ; We operate a hybrid working arrangement meaning our employees work from home 2 days per week, thereby reducing travel.; ; We selected offices within a 5 minute walk from the nearest Tram stop and 1 minute walk from a bus stop in Greater Manchester making it easy for employees to take public transport and the office has a secure bike shed for those who wish to cycle to work; ; We promote a paperless environment where possible, suggesting that employees print as little as possible.

  Covid-19 recovery

  Our software is used by Organisations who specialise in getting people back into work, including programmes by DWP designed to tackle the employment issues caused by the COVID-19 lockdowns. Our software is used by Primes and Sub Contractors delivering Restart which was a programme designed to support people back into work post COVID and Furlough leading to unemployment. ; ; For our own staff, we offer private health cover including mental health service for our employees to help with the post COVID recovery issues affecting their mental health

  Equal opportunity

  When recruiting, we prefer to recruit from within where possible and move people through the business. ; ; This has been demonstrated many times during our history, some of our development team started in the support team. ; ; All but one of our department heads have started in roles in the team they now manage and have been provided support and training in order to grow in their roles.

  Wellbeing

  In order to support our employees wellbeing, we have provided private health insurance for each employee who wants it.; We have a social committee who organise events throughout the year to promote social interaction between employees. These events include meals out as well as evenings such as bowling for both physical and mental health. We are in the process of setting up wellbeing sessions at work to provide information on activities such as yoga, meditation, mental health well being and physical well being.; We have 2 Mental Health First Aiders within the organisation.; We support local charities that provide for the local community. Our current nominated charity is Stockdales.; Stockdales is a local charity with a wealth of experience in making a difference to children, young people and adults with learning disabilities. They help people of all abilities to live life to the full through their Residential, Community and Home Care Support services, Dream Days project and Clubs.; Whilst our supported charity changes every couple of years, we always select local charities making a difference to specific issues either affecting the community or issues close to our employee's hearts

Pricing

• Price: £225 to £975 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@cognisoft.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.