Capita Business Services Limited

Software – Monatair (Capita)

Monatair is a secure cloud based (Software as a Service) open source data platform for powerful citizen sentiment insight

Features

• Near real-time access and automated alerting of open data
• Securely hosted, developed and supported in the UK
• Integrates with multiple third-party tools
• De-duplication of volume data
• Intelligent location filtering
• Evolving sentiment and machine learning capability
• Library of ready to use search parameters
• Data mining to identify key search terms
• Full audit function of use and users
• Growing data sources

Benefits

• Uncover citizen sentiment through insights powered by bespoke key terms
• Develop understanding of your customer’s voice, highlighting actionable improvements
• Provide insight into perceptions of your organisation, informing strategic decisions
• Early negative sentiment alerting allowing fast response for digital resilience
• Performance measurement behind the sentiment of service and brand decisions
• Supporting service enabling organisations with or without analysts to benefit
• Collaborating with users on data source and service design improvements
• Dedicated account management with relevant experience and sector knowledge
• Dashboarding capability to effectively digest actionable trends and insights
• ITIL Service Management, GDPR / ISO27001 compliant, and two-factor authentication

£1,400 a licence a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at engagewithus@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

228793045747238

Contact

Capita Business Services Ltd
08702407341
engagewithus@capita.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: See full terms and conditions for any platform restraints
• System requirements: Access to internet via web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: During standard operating hours, response time is within 30-minutes. Outside standard operating and weekends, response can be expected at the beginning of the next working hours. The Capita online support desk system supports logging and tracking of service requests through the web-based customer interface. Customers can create service requests based on priority, product/solution type, status, and customer contact. The process of capturing important details of the service request is done via a web form interface and gives the customer the ability to add/update the request. Customers can raise urgent issues via email or by calling our dedicated support number.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Refer to service description.
• Onsite support: Yes, at extra cost
• Support levels: We provide support levels based on four severity levels: 1-4. A critical call would attract a 30-minute response with a non-critical call attracting a four hour response. We provide our support plan for this service as standard with no additional costs within standard operating hours. We provide a client engagement manager to all clients who subscribe to the platform to ensure we provide a consistent service throughout the term of the contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Initial training provided as part of the annual service cost.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The service has built in functions to meet this requirement.
• End-of-contract process: User access is terminated at contract end unless the service is renewed for an additional period.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile and tablets can be used.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Refer to service description.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Refer to service description.
• API: No
• Customisation available: No

Scaling

• Independence of resources: Underlying cloud infrastructure is designed to meet scalability and resilience requirements to ensure no impact as above.

Analytics

• Service usage metrics: Yes
• Metrics types: To be agreed during negotiations.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Built in functions allow this requirement to be met.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
  • HTML
• Data import formats: Other
• Other data import formats: N/a

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Standard availability of the service runs at 99.5%. No service credits are available if this is not met. Further details available on request if necessary.
• Approach to resilience: Our Data Centre provider is certified to ISO22301 (Business Continuity Management and Resiliency). All aspects of the Data Centre Facilities are provided N+1 with no single points of failure.
• Outage reporting: Users are contacted via email regarding any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: All support and management access requires 2 factor authentication.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau - UCAS
• ISO/IEC 27001 accreditation date: 18/03/2021
• What the ISO/IEC 27001 doesn’t cover: Further information is available on request regarding ISO27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All policies are available on request. As a minimum we meet ISO27001:2017.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our data centre provider use an ITIL (Information Technology Infrastructure Library) based Change Management process to manage any proposed changes to the infrastructure. Change request forms ensure that changes are clearly detailed and that all of the relevant personnel have signed these off before any changes are made. Particular attention is given to any impacts potentially to Security and performance. We maintain a Configuration Management Database which is kept up to date with all information necessary to manage each environment, configuration and dependent service.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our Data Centre provider undertakes monthly security scans of our external IP addresses which highlight both application and infrastructure security risks, for example older versions of web facing software in use. We are notified within 24 hours of any security issues being identified along with a description of the remedial action required and whether this needs to be undertaken by us or the customer and can be carried out immediately. Systems are monitored 24 hours a day for any potential security incident utilising technology which correlates logs from various sources.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: There is a suite of monitoring tools that maintain a continuous watch on all systems within the datacentres. Any potential compromises are dealt with by an Incident Management Process.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Our Data Centres Service Monitoring System alerts based on pre-specified criteria. This can be tailored based on pre-defined processes to ensure that common events are dealt with swiftly or sent on for automated action. The Service Desk is accessed either by phone or email to report incidents. Further to an incident a detailed service report is provided to the client outlining the incident, any action and future mitigation. This is provided within 24 hours.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  We are committed to promoting diversity/ensuring nobody discriminates against individuals/groups under the Equality Act 2010. Promoting equality/inclusion is essential to being a responsible business/creating better outcomes for all. ; We have demonstrated our commitment to disability inclusion by signing up to the Disability Confident Scheme. Our personal independence business, which supports with disability through our work for DWP, has implemented measures across recruitment, working arrangements and employee training, to become a disability confident leader.; We have sustainable representation of ethnic diversity reflecting the communities we operate in and commit to a 15% Black/Asian and ethnic minority representation across all levels, reflected by the makeup of our executive team. To identify/tackle inequality, we implemented mandatory learning on unconscious bias, to ensure we continue to breakdown stereotypes/unconscious thoughts, when recruiting, promoting, and upskilling staff. ; We promote diversity via employee networks, learning, engagement, people, and leadership. Our employment procedures (recruitment-development), focuses on maximising the potential of everyone, developing talent, and recognising their differences. We have established internal network groups (gender, ethnicity, faith, LGBTQ+ and disability) to ensure we continually educate and develop our people. ; In relation to Modern Slavery, our suppliers comply with all local laws/regulations providing safe working conditions, treating workers with dignity/respect, acting fairly/ethically and being environmentally responsible. The following policies help us ensure modern slavery is not taking place in our business/supply chains:; -Human Rights Policy: procedures to prevent breaches to human rights standards. ; -Diversity/Inclusion Policy: to foster a fair/inclusive workplace, ensuring discrimination is eliminated. ; -Procurement Policy: what to expect from CBSL when purchasing goods/services and requirements to be met by Suppliers. ; -Code of Conduct: Behaviour standards to create better outcomes. ; -Supplier Charter: How we/suppliers conduct business openly, honestly, and transparently.; -Speak Up Policy: Commitments to speaking up about serious concerns in CBSL/Supply Chain.

Pricing

• Price: £1,400 a licence a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Dependant on a client’s use case.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at engagewithus@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.