FFT Education Ltd

FFT Aspire

FFT Aspire is a comprehensive online reporting and data analysis tool which is widely used by schools, LAs, academy trusts, diocese and government to analyse performance and improve educational outcomes. It encompasses self-evaluation, pupil tracking and collaboration and makes use of statistical models developed by researchers in FFT's Education Datalab

Features

• Reports and dashboard for schools, academy trusts and LAs
• Estimates and predictions of future performance for pupils
• Set challenging and aspirational targets for pupils
• Identify strengths and areas for improvement
• Direct link to school MIS to synchronise data
• Benchmark school, LA and academy trust performance
• Monitor and track progress for current pupils
• Match and process pupil data
• Compare performance to other schools
• Measure value-added pupil progress in all subjects

Benefits

• Dashboard reports analysing school performance and education data
• Analyse data for pupil, school, academy trust and LA
• Aggregate reports analysing performance for local area or region
• Value-added analysis of education performance (results and pupil progress)
• Estimates (predictions) of future performance to help set challenging targets
• Improve school performance
• Raise pupil achievement
• Data processing: collect, match and process pupil data
• Data is synchronised from school MIS with FFT's national datasets

£50 to £150,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at helen.robinson@fft.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

247438813875657

Contact

Helen Robinson
01446 776 262
helen.robinson@fft.org.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: There are no constraints that buyers need be aware of
• System requirements:
  • Aspire requires a computer or tablet (Microsoft, Apple or Android/Chrome)
  • Aspire requires a compatible browser: New Edge, Chrome, Safari, Firefox

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: FFT responds to 80% of queries within one business day and all queries receive a response within 3 business days.; ; The time taken to resolve a query is dependent upon its complexity. In 2018, 80% of enquiries were fully resolved within one business day of receipt and 90% of enquiries were fully resolved within 3 business days of receipt.; ; There is no email or phone service outside of normal business hours (8.30am to 5.30pm Mondays to Thursdays, 8.30am to 5pm on Fridays).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Access to web chat is embedded within the FFT Aspire portal and connects users with the FFT support team.
• Web chat accessibility testing: N/a
• Onsite support: Yes, at extra cost
• Support levels: Support is provided by FFT as part of the Aspire subscription with no additional charge. FFT treats all calls as important and does not offer different support levels.; ; Some local authorities prefer to support their schools themselves (where the schools are being provided access to Aspire through the local authority) and this is catered for.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users have access to help guides and online training videos covering different aspects of FFT Aspire functionality.; ; FFT also offers a range of training modules which allow users to focus on different areas of Aspire and the use of educational data to help to improve of pupil outcomes.; ; Virtual Training is provided to users and it is possible to commission in-school training for individual schools, or groups of schools. The majority of training provided is hands-on, enabling users to gain direct experience of the insights and benefits that Aspire can provide through using their own data. ; ; FFT also offers webinars for school governors on the use of the Aspire governor dashboard and more advanced workshops and events covering the impact of changes in education and recent educational research. ; ; Training resources are made available to local authority trainers.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users are provided with facilities to take copies of their data at any point during the course of the project. FFT will delete user data, other than that which provides an audit trail of activity, in line with retention guidelines outlined in the FFT privacy notice.
• End-of-contract process: The contract grants customers a license to access the Aspire portal for any number of staff. It also covers the provision of help guides and email and phone support.; ; FFT runs free training courses for some users from time to time, but for the most part training courses are not covered by the contract.; ; For local authorities, LA events covering developments in education and the most recent research using educational data are provided as part of the contract.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All system functionality is available from mobile tablet devices.; ; The service operates within a responsive layout. The navigation when accessing the service through a mobile device collapses at smaller screen sizes and content reflows to fit available space. On-screen tools maintain a persistent position where space is available. Typography and spacing adjusts to take advantage of available space.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Aspire is a flexible service which provides customers and users a range of areas where they can customise the service to meet their particular needs. Administrators can create unique accounts for each user, and each user can be assigned a role and privileges. This makes it possible, for example, to limit the level of access to only allow aggregate data to be viewed. Administrators can also decide the default level of challenge at which a schools wants to work. Users can customise the reports they view with an array of settings: set persistent Key Stage settings and apply filters that are carried from report to report. Uses can set email preferences about whether to receive email updates. Each user can save to a list of reports through a bookmarking system and assign descriptions to each report. Certain users can achieve custom interfaces by accessing the system through a BI interface.

Scaling

• Independence of resources: Service capacity, scalability, availability and performance is managed by separation of services and scale up/down based on service needs. Services are monitored on a per minute active monitoring of server availability, performance and load. Servers are Load Balanced to evenly distribute load and where additional capacity is needed, this is managed automatically. Capacity is distributed across different UK availability zones for additional resilience. Database server capacity is over provisioned ahead of time to ensure capacity requirements are met.

Analytics

• Service usage metrics: Yes
• Metrics types: FFT provides metrics to Local Authorities and multi-academy trusts with information about how the service is being used by schools. Metrics include information about number of users, user logins, pageviews and functional areas of service used.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export pupil and school data from FFT Aspire for use by the organisation in other management information systems, including FFT's estimates of future performance. Dashboard reports can be exported for use offline and printing (PDF or Excel).
• Data export formats: Other
• Other data export formats: TSV (tab separated values)
• Data import formats: Other
• Other data import formats: MS Excel

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.5% available during Normal Business Hours, excluding any planned maintenance and loss of internet connectivity between the FFT Portal and the Customer.
• Approach to resilience: Information available on request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: FFT Aspire uses role-based permissions to grant users access to the relevant areas of service. Customers are responsible for granting access to their users based on the standard roles available.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: UKAS accredited
• ISO/IEC 27001 accreditation date: 13/4/2010, latest recertification January 2024
• What the ISO/IEC 27001 doesn’t cover: The complete Aspire service is covered by FFT's ISO/IEC 27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: FFT adopts all the information security controls identified under ISO27001:2013. Policies are reviewed and updated to a defined schedule. Training on information security is given to staff on induction and through frequent workshops and training sessions. FFT has put in place a governance structure which includes responsibilities for SMT, SIRO, DPO, Information Security Officer and a wider Information Security Forum. Internal and external audits are carried out to a defined schedule. Surveillance and recertification audits are carried out annually on a 3 year cyclical basis.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: A risk assessment covering information security is carried out before embarking on any new developments or significant changes. Azure DevOps is used for source control of code and for managing development and change/configuration. Requirements are logged and tracked through user stories, product backlog items and tasks. All changes are assessed against the FFT change management policy and the FFT Secure development policy with consideration being given to scale, scope, security and testing requirements of code and components before release to a production environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are monitored and assess through a range of processes including vulnerability testing, external penetration testing and third party vulnerability management systems. The service undergoes an annual IT Health Check (ITHC) by a Crest Approved Security Tester. This includes a code review. In addition, up to date information on potential threats is obtained through security forums and from information provided by technical bodies and vendors. Patches are deployed as a matter of course on a monthly basis with more frequent patching when required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Industry standard vulnerability management, threat management and antivirus solutions are used to monitor the infrastructure from which Aspire is delivered. In addition, AWS provide a multi layered defence in depth monitoring service. Active monitoring is in place for the firewall. System log monitoring is carried out. Any alerts or risks identified are managed through an internal helpdesk system with processes to escalate serious threats and ensure prompt resolution.
• Incident management type: Supplier-defined controls
• Incident management approach: FFT has a defined process for managing security events as defined in its security event policies. Events are reported and managed through a help desk system. Prioritisation and escalation of events is established by FFT's information security manager with escalation to SMT as needed. All events are reported internally to FFT's information security forum. The classification of information security incidents is defined by FFT's information security policies. In the event of a breach, processes are in place to inform affected users, the relevant Data Controllers and the ICO.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Covid-19 recovery
  • Tackling economic inequality

  Covid-19 recovery

  FFT is an established non-profit organisation that that uses education technology to provide software as a service solutions to schools, LAs and Academy Trusts to help improve pupils’ education outcomes. During the Covid-19 recovery period in 2021 and 2022, FFT has created 40 new sustainable jobs across the UK.; ; FFT develops and provides education services for schools to help schools recover from the impact of Covid-19 including analyses which evaluate the impact of learning loss on education outcomes, analyses to improve pupils’ attendance and a reading tutoring programme which provides reading catch-up support for disadvantaged pupils.

  Tackling economic inequality

  FFT proactively manages cyber security risks through its mature Information Security Management System (ISMS). FFT has been accredited to the ISO27001 standard since 2010 and is audited annually to ensure ongoing compliance. FFT has appointed a Data Protection Officer who works with the central information security team. The ISMS is subject to continual improvement activity in-line with the requirements of the ISO standard.; ; FFT holds the Cyber Essentials and Cyber Essentials Plus accreditations and completes an annual independent IT health check conducted by an external CREST approved service provider. Information on the accreditations held by FFT is made available through their website alongside other information to support customers in their assurance processes in relation to data sharing and processing.; ; FFT has an established process for risk management and training is provided to staff on identifying and logging risks. Regular risk reviews are conducted. The supply chain used by FFT in delivery of its services to schools is intentionally small and appropriate security checks are part of the established supplier management process.; ; Annual information security training is delivered to all staff and is supplemented by regular briefings/bulletins. FFT is committed to retaining their information and cyber security related accreditations and to the ongoing development of their information security approach.

Pricing

• Price: £50 to £150,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Schools interested in purchasing a subscription to Aspire can request access to a free trial version of the FFT Aspire dashboards and pupil tracking tool for a time limited period.
• Link to free trial: Www.fft.org.uk

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at helen.robinson@fft.org.uk. Tell them what format you need. It will help if you say what assistive technology you use.