Symplicity

Symplicity CSM

CSM empowers careers services staff to achieve maximum efficiency and control in managing all career services-related tasks, increasing student and employer engagement. With CSM, staff have full control over the careers service operations through jobs, internships, student advising, events and career fairs as well as mentoring and surveys.

Features

• User reporting for real-time analytics / data trends
• On Campus and Virtual Careers Fair management
• Appointment management – both in person and online
• Students can access jobs, industry placements, internships, volunteering opportunities
• Mentoring and professional networking
• Student CV builder
• Mock interview management
• Employer invoicing and payments
• Events, workshops and information session management
• Kiosk and attendance capturing

Benefits

• Increase student engagement and employability
• Increase Employer engagement
• Increase engagement with Graduates/Alumni
• Students have access to key careers services
• Easy to follow career plans for students
• User reporting for real-time analytics / data trends
• Fully scalable to meet changing needs
• Ensure data security and segregation whilst being GDPR compliant
• Leverage our experience and learnings from 100s of global deployments
• Manage T-Levels Industry Placements in Further Education

£16,600 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at SymplicityEurope@symplicity.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

201300849092155

Contact

Frank Griffiths
07384668122
SymplicityEurope@symplicity.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: CSM is fully cloud-based with no local hardware requirements.
• System requirements: An internet browser from the list of supported browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Issues are broken down into two categories: ; • Priority 1: These issues include but are not limited to system outages OR impacts all systems in the same way OR is affecting workflow/processes for all clients. Response time for Priority 1 issues is within 2 hours. ; • Priority 2: These issues consist of non-critical software bugs/glitches that might be either global or local and that does NOT affect daily work in system or productivity to complete major tasks. Response time for Priority 2 issues is within 8 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Utilising 3rd party chat system Zendesk
• Onsite support: Yes, at extra cost
• Support levels: The Symplicity Help Centre consists of:; ; Dedicated Implementation Manager (IM): ; ; An IM is assigned to the customer at the very beginning of implementation and will guide them through 4 key phases: ; 1. Discovery and Planning; 2. Building and Learning in Production ; 3. Training and Testing to Go Live; 4. Go Live and Beyond ; ; Dedicated Client Manager (CM):; ; Once full handover from the IM is complete, the CM will be a dedicated system expert who provides oversight of your account. In conjunction with Symplicity Support, the CM works with customers to resolve issues, ensure quality of service, provide additional training support, and maintain positive relationships with internal teams.; ; Symplicity Support: ; ; The Symplicity Help Centre (SHC) is web-based and accessible 24/7. Customers will find set-up guides, cheat sheets, and video tutorials that will answer many of their questions about system functionality. ; ; Customers can initiate help-tickets through the SHC for functional issues, bugs, other problems. All issue tickets can be viewed to add updates, re-open, or resolve them. ; ; All support is included in the cost of the annual licensing fee.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: During implementation there are 4 key phases, with phase 1 and 2 focussing on information gathering, strategic review, building the system, watching online training modules and reading documentation available through the Help Centre. ; ; Phase 3 will involve several working sessions focused on driving user effectiveness and enablement towards go-live. The regular Training and Testing Sessions conducted by your Implementation Manager will build on the knowledge gained so far and will focus on university specific processes, configuration and requirements.; ; Regular working sessions will be scheduled based on the availability of university resources. The working sessions for Phase 3 will involve walking through the end to end workflows and business processes which have been configured specifically for the Institution. These working sessions will be conducted remotely via video link or onsite as agreed. Remote sessions offer the advantage of supporting remote staff, recording of the session, and future reference for potential new staff. ; ; During these working sessions, Symplicity will update and refine the configuration based on feedback during these sessions. ; ; At completion of Phase 3, customers are prepared and ready for go-live.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: The robust reporting tool allows you to query all data within the system. Staff can then extract the data from the system into Excel spreadsheet format. As a professional service, your institution may request a data dump, in the form of a .sql (MySQL DB) file, at any time during the contract. Another alternative is to extract data using the CSM APIs. Please see https://www.symplicity.com/developer/CSM for more information.
• End-of-contract process: Customers can extract their data using the in-built reporting tool. Alternatively, they can request a complete copy of their database in an SQL format, this would entail an extra charge that would be bound to scoping by the Symplicity professional services team.; Once the customer has retrieved any data from the software the instance will be deleted and the data will also be deleted (unless subject to any legal requirement to maintain data, securely archived, for any period of time).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: CSM is web-based and is mobile responsive in its design therefore can be accessed and used on mobile devices. ; ; All standard functionality is available to use on the desktop is available on mobile devices. The interface is fully mobile responsive meaning that it will be resized to fit the device that is being used. ; ; On smaller devices such as smart phones, the left-hand menu items will become ‘hidden’ to make room for the main area of the screen, however it can be accessed by using a button to make it appear.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There are 4 user interfaces – Student, Administrator, Employer and Administrator
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The Symplicity design team continually works to increase satisfaction with the user experience of our solutions. Our UX designers do end-user testing to make sure our products are user-friendly, and easy to use. We test our applications with assistive technology tools such as JAWS, ChromeVox, and others. Where required, we may invite Symplicity customers to test our software using assistive technology to ensure we are compliant.
• API: Yes
• What users can and can't do using the API: CSM comes with a range of REST APIs as a supported integration layer designed to connect the platform to other software solutions used on campus.; ; The following API services are available with CSM:; ; • Employers; • Contacts; • Students; • Faculty; • Staff; • Files; • Jobs; • Pro Net Mentoring; • Counselling/Student Advising; • Career outcomes; • OCR (On campus recruitment); • Events; • Career Fairs; • Reports; ; Trained super users will have the tools required to set up APIs without interaction from Symplicity, we provide detailed technical information at the following link: http://www.symplicity.com/developer/csm; ; Where our customers do not have the technical skills to set up the API services, we offer consultancy services to do this work on their behalf. This would be scoped with the customer and an additional cost would apply.; ; The only limitation is where other systems may not be open to extracting data.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Symplicity CSM offers a modern responsive web interface with support for system-level configurations and user personalisation.; ; All configurations within the system are available to users with admin privileges. The configurations range from branding, enabling/disabling modules and functionality areas, setting simple and pattern-based data fields values defaults, altering process behaviour for workflow control, all the way to integration configuration and granular permissions.; ; CSM also allows for easy addition of custom attributes and definition of custom picklists and picklist values, all from the web admin control panel.; ; Examples of what can be customised in CSM:; ; • Branding with University colours and logo; • Email/Letter templates; • Internal teams’ permissions and access to data; • Form layouts; • Field layout; • Picklist items; ; Only users that have been given the necessary permission may customise the system as described, allowing super users to maintain control.

Scaling

• Independence of resources: Symplicity utilises Amazon Web Services (AWS) for our hosting and storage needs to ensure there is adequate capability to handle our entire user base. Each of our customers are logically separated and have their own database instances, this allows them to scale their operations as required and will ensures there will be no disruption from other institutions.

Analytics

• Service usage metrics: Yes
• Metrics types: The Reporting Engine will report on any data to include default and custom field information, which includes usage information such as logins, user actions, or any other system changes. Managers can print reports or save them as an excel spreadsheet. Reports can be regenerated multiple times and can also be scheduled to automatically run. Additionally, the solution provides an event log to track all user actions.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSM supports data extraction is a number of ways: ; Reporting - Each time a report is generated it stores a copy with users having the option to export the data to excel for further/offline analysis.; Dashboard filter results – whether searching for students or case information, the results can be exported to Excel; Case information – all information relating to a case or investigation can be exported to pdf.; REST API’s – trained users may use APIs to extract data
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Txt
  • Pdf
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • Txt
  • Xls
  • Html

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: SLAs are negotiated at time of contract.
• Approach to resilience: Symplicity utilises AWS for our hosting and storage needs. The Symplicity Virtual Private Clouds within the AWS infrastructure is designed for resilience and follow the AWS well-architected framework recommendations.
• Outage reporting: Symplicity has a public dashboard, which can be seen by visiting: https://www.symptatus.com. Additionally, in the event there were to be a serious outage, Symplicity would send email alerts to primary contacts of the account.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The information that is stored and managed in CSM is highly sensitive. With this in mind, Access has very granular user permissions and student information access controls to ensure that information is only accessed by those who need to.; ; User groups can be created with specific permissions attached, with individual users being attached to a group. Permissions apply to every aspect of CSM and typically allow a user to create, view, edit, delete, archive information.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Symplicity provides local authentication, LDAP and CAS as part of the standard offering for all our solutions. Most clients choose to integrate with their preferred SSO of choice during implementation. Symplicity frequently implements Active Directory/ADFS, Shibboleth, Custom SAML, and other SSO methods.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: AFNOR
• ISO/IEC 27001 accreditation date: 28/12/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Self-Attestation of Compliance (AOC) with Qualys Scans Required
• PCI DSS accreditation date: 08/03/2022
• What the PCI DSS doesn’t cover: N/A
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Symplicity is committed to information security compliance. We take part in a number of programs:; • ISO 27001 audit/cert; • ISO 9001 audit/cert; • SSAE 18 SOC-2 Type II audit/report; • Approved Research & Education Networks Information Sharing & Analysis Centre (ren-isac) vendor, Higher Education Community Vendor Toolkit (HECVAT); • Cloud Security Alliance self-registry program; • Privacy Shield Framework; • Currently in planning stages for federal security certs; • Follow OWASP Guidelines for Engineering at Symplicity; • Follow many NIST guidelines in our process, as well as with our infrastructure set up as AWS Follow NIST Guidelines; ; Our Information Security Team meet regularly and are responsible for implementing our Symplicity Information Security Policy, consisting of:; • Symplicity System Administrators; • Director of Engineering; • VP of Technology; • Solutions Engineers; • Legal Team; • Chief Operating Officer ; ; Director of Engineering and System Administrators are responsible for attaining security and standards certifications and audits. Director of engineering reports to VP of Technology, who oversees all security administration and ensures employee compliance to all policies and procedures.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Proposed changes are input into an Issue Tracking System, where they are tracked through their lifetime. The Product Team prioritises and develops detailed requirements. The Technical team designs solutions and presents options and costs. Once approved, the change is inserted into the Product Roadmap.; ; During implementation, independent code review and QA testing is performed on every change promoted through separate development, test, production environments. Once approved, changes are made available to customers. The stages of Solution Design, Code Review, Automated and Manual Testing, and Change Control safeguard quality and security of all changes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Symplicity utilises the Qualys Cloud Platform to perform vulnerability management, benefiting from Qualys' large, up-to-date database of vulnerabilities (CVE’s). Symplicity can perform security assessments or penetration tests against our AWS infrastructure without prior approval from AWS.; Physical Penetration Testing is not applicable because AWS handles physical security. Symplicity does not perform Social Engineering Tests as part of our penetration testing strategy. ; ; Reported vulnerabilities will be verified and addressed as follows: ; • Critical – Responded to Immediately, remediated within 15 days ; • High – Within 30 days ; • Medium & Accepted Low – Within 90 days
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: AWS provides Symplicity with several tools that aid us in the identification of potential compromises. Additionally, Symplicity uses the Qualys Cloud Platform for protective monitoring. Symplicity responds immediately to incidents according to the Symplicity Security Incident Response Plan.
• Incident management type: Supplier-defined controls
• Incident management approach: Symplicity has a Security Incident Response Plan that is used for all incidents. Users report incidents by calling the Symplicity Help Desk, calling their Client Manager, or by submitting an issue through the online Symplicity Help Centre. If applicable, Symplicity provides reports via email or public release.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Symplicity has implemented our software remotely to thousands of institutions. Additionally, the majority of our staff work remotely. Through remote meetings within the company and with outside clients, we provide minimal impact on greenhouse gas emissions. Our goal is to produce the deliverables of our contract through remote means, eliminating the need to travel, use paper, or other resources. Through our vast experience with remote implementation and support, we influence our staff and customers to be more efficient and leave less of a carbon footprint.
• Covid-19 recovery:

  Covid-19 recovery

  Our company has always kept the wellbeing of our employees a top priority throughout the Covid-19 pandemic. Throughout the pandemic, we worked with employees to create flexible, work-from-home schedules that would accommodate their specific situation for childcare, healthcare, etc. Our Human Resources department has remained in constant communication with employees to provide information on resources and to set up any needed accommodations. Managers scheduled and continue to hold 1-on-1 meetings with employees to discuss any issues that may be affecting the employee. Our company has always kept the wellbeing of our employees a top priority throughout the Covid-19 pandemic. We enabled all of our employees to work remotely throughout the pandemic; our IT department worked quickly to get everyone set up with the appropriate equipment to be able to work safely from home. Managers worked with employees to create flexible schedules that would accommodate childcare or any other needs. We converted our office into a safe, social distancing environment for any employees that did wish to leave their home; desks and seats were re-arranged for social distancing, public areas such as the break room were clearly marked to ensure proper social distancing, and signs were placed prominently throughout the office about the virus, masks and sanitation. Additionally, our building vastly increased the sanitation of high-touch surfaces, and upgraded the building’s HVAC system to one that is certified for virus-reduction and clean air. When local and government authorities indicated that it was safe to return to the office, Symplicity slowed the return process to ensure that employees felt comfortable. We continue to maintain flexible, work-from-home schedules for employees.
• Tackling economic inequality:

  Tackling economic inequality

  Symplicity is committed to ensuring that there is no modern slavery or human trafficking in our supply chains or in any part of our business. Our Anti-Slavery and Human Trafficking Policy reflects our commitment to acting ethically and with integrity in our business relationships and to implementing and enforcing effective systems and controls to ensure slavery and human trafficking is not taking place in our business and in our supply chains. The Symplicity Code of Conduct provides a system for our employees to escalate ethics issues, including slavery and human trafficking issues and breaches of our Ethics Policies. Both policies are reviewed annually. There have been no breaches or suspected breaches of our Anti-Slavery and Human Trafficking Policy at the time of this initial publication.
• Equal opportunity:

  Equal opportunity

  Symplicity Corporation is an affirmative action employer, and provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to protected statuses such as race, colour, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws.
• Wellbeing:

  Wellbeing

  Symplicity has several events to support employee inclusion, including a weekly happy hour party, holiday get-togethers and several other events such as an annual 5K run and parties to support the holidays of other countries. We provide free access to a gym within our headquarters building, an Employee Assistance Program for personal/emotional support of employees (including free counselling sessions with professional mental health care providers), workout and mindfulness memberships to our Brazilian employees, and provide paid-time for community service. Our employees have several groups they have developed as well, such a book club, steps club and movie club. Our products are aimed at wellbeing; our Advocate and Accommodate/Access solutions aid institutions in identifying and responding to the needs of their constituents. The solutions enable the reporting of incidents, requesting help, and identifying individuals in need.

Pricing

• Price: £16,600 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at SymplicityEurope@symplicity.com. Tell them what format you need. It will help if you say what assistive technology you use.