Thrive CSR Limited

Social Value Management Software

Software for maximising the capture and calculation of Social Value in Procurement and Contract Management. Our software enables in-depth, real-time insight into the Social Value projected and/or delivered at an Individual Supplier, Contract, or Organisation Level, aligned to government guidance. Service can be provided with 'wrap-around' consultancy support.

Features

• Procurement Portal for appraising Social Value Commitments at Tender Stage
• Contracts Management Portal for reporting Social Value on live contracts
• Easy data collection from suppliers - email prompts, imports, logins
• Total flexibility of metrics and proxy values used -
• Use your own metrics, Thrive’s IES proxies, or other frameworks
• Access to Thrive’s Impact Evaluation Standard (www.impactevaluationstandard.org) metrics and proxies
• Ensure compliance with HM Treasury and PPN06/20 Social Value Model
• Flexibility of configuration to your data reporting requirements
• Features to ensure evidencing, auditing and verification built in
• Can be provided with 'wrap-around' consultancy support services

Benefits

• Easily appraise and compare Social Value submissions from bidders
• Manage Social Value commitments from all suppliers in all contracts
• ‘Supplier friendly’ data collection; automatic email prompts, data import, API
• Evidence can be uploaded to provide auditability of all data
• Fully flexible configuration of metrics and proxy values
• Ensure compliance with procurement requirements
• Flexible configuration to meet your own organisation's reporting structures
• Integration with Thrive's other modules; grants & volunteer management
• Visual project & metric tracking; easily see progress against targets
• Additional support available through Thrive’s wrap-around consultancy services

£5,000 to £75,000 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neilm@thrive-platform.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

242809061507252

Contact

Neil Macdonald
07789644049
neilm@thrive-platform.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Modern browser with Internet Access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Contractually within 1 business day. On average in the last rolling year the average response time has been less than 2 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: No direct testing but we use off the shelf products for web chat that already have appropriate accessibility certifications.
• Onsite support: Yes, at extra cost
• Support levels: We provide standard support levels of all our customers, with the ability to vary these for special projects. Our standard support is via our own UK based helpdesk who can assist with both technical and product based questions/problems. This helpdesk is available to all administrators of our system. We also provide access to an account manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We work with the client to scope out exactly how our platform will be configured to their needs, have it set up and then provide onsite training and documentation as appropriate to ensure a smooth roll out.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: We help the client extract their data in a suitable CSV format.
• End-of-contract process: We help the client extract their data and then securely delete their data. These two actions are included in our costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All parts of the system are accessible on both mobile and desktop.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: A full web interface
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have clients who have staff using a variety of assistive technologies.
• API: Yes
• What users can and can't do using the API: They can extract real time reporting information
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Most areas of the platform can be customised to ensure it suits client needs. Available configurations will carry no additional charges but any substantial bespoke customisation work will carry additional charges which will be outlined to the client in a proposal document. Many ongoing core platform upgrades and expansions made by Thrive are made available free of charge to existing clients. Any additional substantial bespoke customisations requested during the contract term will be chargeable.

Scaling

• Independence of resources: We have a scalable cloud based architecture and we upgrade capacity far in advance of maximum user utilization being reached.

Analytics

• Service usage metrics: Yes
• Metrics types: Number of users of the system and the common actions they take. Our system allows full tracking of the public/staff facing and admin parts of the platform to deeply understand and audit how the product is being used.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: From within the administration interface
• Data export formats:
  • CSV
  • Other
• Other data export formats: XLS
• Data import formats:
  • CSV
  • Other
• Other data import formats: XLS

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We have a 99.9% uptime SLA. Users are refunded 50% of their fee in the last month if we fall below 99%, and 100% if we fall below 96%.
• Approach to resilience: For security reasons this information is available on request - however as a guide, the resilient design of our architecture means we have never yet dropped below 99.9% uptime availability.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels are restricted by both technical and procedural enforced security, including infrastructure restrictions and privileged access management software.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We make ultimate security governance and compliance a board level responsibility yet at the same time we identify individual staff, at all levels, who are responsible for making security decisions and empower them to do so. We look to clearly link our security activities to Thrive CSR's goals and priorities. We have a corporate culture that ensures accountability for related decisions. We work to ensure that feedback is provided to decision-makers on the impact of their choices. We continously monitor our approach to make sure its fits our wider organisational approach to governance.
• Information security policies and processes: Thrive follows current industry best practices with numerous technical and procedural security policies. As an option, we can provide a Service Manager, as a single point of contact for ensuring service quality, for service level reporting, for keeping the client up-to-date on new releases/upgrades etc.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Thrive tracks all key assets through their life cycle via a central register and when any key asset is changed, removed, or introduced Thrive has an established risk analysis process, which includes a security analysis of any key changes. Significant changes to Thrive's risk profile require director level sign off.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Thrive performs automated and manual quality assurance and security testing on every major release. Vulnerabilities and potential threat intelligence is sourced from external news sources and relationships with key industry advisors. Issues and vulnerabilities are tracked in Thrive task management system and addressed per priority.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have a detailed intrusion detection and monitoring system with 24/7 alerting in place. We have an established incident response plan that involves employees at all levels of the organisation, including director level. At the heart of this is open and clear communication with our clients about verified incidents and resolutions.
• Incident management type: Supplier-defined controls
• Incident management approach: The process starts by educating staff how to report a breach or deal with a report from the outside. Once our incident response process is triggered by a breach report a designated team of senior management is convened who directly oversee the investigation and remediation of the breach. This includes alerting users (via phone or email as contractually defined) and government entities as appropriate. After this we have a structured postmortum and process improvement process.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Thrive's software solution is inherently focussed on helping organisations better capture and demonstrate all of the Social Value and Social Impact they deliver. Specifically, this can assist with valuing and reporting activities completed under all of the PPN06/20 Social Value Model Themes and Metrics.
• Covid-19 recovery:

  Covid-19 recovery

  Thrive's software solution is inherently focussed on helping organisations better capture and demonstrate all of the Social Value and Social Impact they deliver. Specifically, this can assist with valuing and reporting activities completed under all of the PPN06/20 Social Value Model Themes and Metrics.
• Tackling economic inequality:

  Tackling economic inequality

  Thrive's software solution is inherently focussed on helping organisations better capture and demonstrate all of the Social Value and Social Impact they deliver. Specifically, this can assist with valuing and reporting activities completed under all of the PPN06/20 Social Value Model Themes and Metrics.
• Equal opportunity:

  Equal opportunity

  Thrive's software solution is inherently focussed on helping organisations better capture and demonstrate all of the Social Value and Social Impact they deliver. Specifically, this can assist with valuing and reporting activities completed under all of the PPN06/20 Social Value Model Themes and Metrics.
• Wellbeing:

  Wellbeing

  Thrive's software solution is inherently focussed on helping organisations better capture and demonstrate all of the Social Value and Social Impact they deliver. Specifically, this can assist with valuing and reporting activities completed under all of the PPN06/20 Social Value Model Themes and Metrics.

Pricing

• Price: £5,000 to £75,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neilm@thrive-platform.com. Tell them what format you need. It will help if you say what assistive technology you use.