Toplevel

EQUINITI Toplevel - eAppointment

Using our low-code Outreach platform, the eAppointment service helps government to meet the Service Standard and pass GDS assessments. Used globally to offer self-service appointment booking, we improve customer service and save staff time organising diaries. Secure web-based diaries supports both staff-mediated and self-service bookings, and prevents double booking.

Features

• Appointment Booking to help meet Digital by Default Service Standards
• Proven enhanced security in line with HMG standards
• Protect+ infrastructure option meets standards required for OFFICIAL SENSITIVE data
• Flexible configuration controls extent of self-service diary bookings
• System sends automatic reminders, confirmations, lists of required items, etc
• Staff can adjust settings and configure options to suit requirements
• Configure eAppointment in-house, use our services or combine the two
• Comprehensive wizard-driven configuration with toolkits and Open Standards support
• Open Design Studio and design once use many times capability

Benefits

• Easy online booking of appointments with proven high take-up
• Self service provides more efficient and effective customer service
• Minimal business process changes needed to accommodate eAppointment
• Fast and efficient interactions save time, lower costs, improve service
• Reduce staff time organising diaries and prevent over-booking
• System manages all bookings, reminders, confirmations, performance monitoring and reporting
• Low code COTS solution; quick to set up and deploy
• Government strength security built in
• Inclusive customer interface, supports all browsers, tablets and smartphones
• Integrates fully with your website providing a seamless customer experience

£70.00 a user a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@toplev.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

266766506467557

Contact

Stuart Chivers
01453 852700
frameworks@toplev.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: None.
• System requirements:
  • Internet access
  • Web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target response times vary according to incident severity:; ; Critical - 2 working hours, Severe - 4 working hours, Disruptive - 6 working hours, Minor & Test environment - 12 working hours.; ; Outside of business hours, live service monitoring ensures that server engineers are contacted if a service becomes unavailable.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We offer support packages of various sizes with buyer agreed SLAs. Support is charged on a time basis, at an agreed rate.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Toplevel works proactively with our clients to form a personalised bespoke training and implementation programme which suits individual requirements. On-site training is provided for the Open Design Studio, along with online training videos and user documentation. Further training and onboarding can be requested at any time. Training can be delivered remotely if required, which is particularly useful if clients have teams that are either fully or partly located outside of the UK.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Data is stored in individual cases by design for security purposes and so all data cannot be retrieved from the main interface via a single button click. Users will need to contact Toplevel to discuss the data that needs to be extracted from the system at contract end. We do however provide a service in which customer data can be extracted in a number of standard formats, including XML and CSV, and users can opt to retrieve this data themselves. Bespoke data export services can also be discussed and provided at additional cost.
• End-of-contract process: Off-boarding is charged at Toplevel's standard day rate. We will extract all relevant data in a suitable format and deliver it by secure methodology to our end customer and/or the data owners. Extracted data is usually transferred to the data owner or their nominated representative via a secure service such as MoveIT. We are happy to engage and work with third party suppliers to ensure a seamless transition when off-boarding a customer, particularly so that end-users aren't affected. We comply with all necessary G-Cloud terms around off-boarding regarding data formats and SLAs, and all activities are charged at Toplevel's standard day rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service is accessed through web forms configured to suit the business process. All users, citizens, staff users and agencies, use a web browser to access these forms.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Deployed services have been tested by an independent accessibility SME.
• API: Yes
• What users can and can't do using the API: The Toplevel APIs may be configured to allow interaction with screens, forms, processes and workflows from other services; to list, read, create and update cases; to download attachments from cases; and to progress cases through their defined workflow. We will work with clients during onboarding to ensure that APIs are configured correctly.
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Toplevel’s Open Design Studio, included as standard, is our visual drag-and-drop design toolset that empowers developers and non-developers to flexibly develop, design and update digital interactive services. Open Design Studio combines a ‘Design once, use many times’ capability that allows users to design screens, case workflows, business processes, themes and branding, document layouts, forms and templates once and re-use these for other pages, projects and device types without needing to write code. Agile prototyping allows for fast delivery of working prototypes and provides built-in inclusivity and accessibility compliance. Delivery times can be cut by up to 50% vs bespoke software deployments.; An administrative console enables the setting up of users and groups of users, defining roles they may undertake and therefore whether they may customise the service or simply act on cases in the service, and it is up to the client to determine who can make any necessary changes to the system.

Scaling

• Independence of resources: We segregate environments so they do not impact on each other. We scale environments appropriately when designing and keep them under constant review by monitoring hardware metrics.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide the following on a monthly basis as part of the service performance report:; System uptime, Number of page requests, Server response times, Toplevel's performance on all raised and closed issues with the service desk against agreed SLA/KPIs, User numbers, Additional metrics are available on request.
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Data at rest may also be protected through the use of SQL Server Transparent Data Encryption (TDE).
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Toplevel's products use fully documented open APIs and web services allowing for integration to external services. We also use standards-based integration, supporting exchanging data using open data standards such as XML, PDF, CSV and SQL databases.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • Direct to SQL database
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We have segregation at an infrastructure level. This includes Access Control Lists, physical access controls and other network segregation technologies.

Availability and resilience

• Guaranteed availability: We target an SLA for overall system availability of 99.5% minimum over 24/7/365. We regularly exceed this and most customers have an uptime of 100% each month. If we fail to meet 99.5% in a given month, the period of downtime is added on free of charge at the end of the contract.
• Approach to resilience: This information is available on request.
• Outage reporting: We have a proactive support team on our ITIL-aligned service desk who monitor the service for system outages 24/7/365. Should an outage be detected, our engineers will respond and start resolving the issue as a priority and, in parallel, will contact the nominated customer contact as appropriate. If the outage occurs outside of normal business hours, the contact will be made on the next business day. Communication will be via email and/or telephone, and we will discuss with the customer their preferred approach. Extension options are available.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: We can also authenticate with Government Gateway, GOV.Verify, GOV.Notify for two-factor authentication.
• Access restrictions in management interfaces and support channels: Access is restricted to nominated and cleared personnel from dedicated devices within Toplevel. Management interfaces can be separated from public usage interfaces and access restricted by infrastructural means as well as software, such as by a VPN. Roles Based Access Control (RBAC) is implemented at an application level to ensure appropriate restrictions around visibility and read/write access to all data within the system.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Lloyd's Register Quality Assurance Limited
• ISO/IEC 27001 accreditation date: 25/03/2021
• What the ISO/IEC 27001 doesn’t cover: We have a statement of applicability which is available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • ISO 27018
  • ISO 27017

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 27017, ISO 27018, Cyber Essentials Plus
• Information security policies and processes: We are ISO 27001 accredited and we have strict protocols to follow when a security incident is detected. We also have internal controls and processes, overseen by a dedicated security team. We host systems that comply with the HMG Security Policy Framework and HMG Information Assurance standards. We are also audited against ISO 27017 and ISO 27018. Additionally, we protect personal data with regular penetration testing and necessary IT Health Checks, have granular access control to data.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We have an ITIL-aligned change management process, of which all changes to our hosted services are assessed for potential security impact. The configuration of the service's software components is managed through documented, ISO9001 accredited processes and the use of Microsoft Team Foundation Server.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a number of sources for obtaining information about potential threats, including specialist security vendors, platform providers and our in-house security team. We have a policy of ensuring operating systems are patched within 2 weeks of receiving them from the OS vendor. Antivirus definitions are updated daily and application vulnerabilities are patched immediately upon identification.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We have proprietary, proactive monitoring programs which run on our systems. These are configured to alert our ITIL-aligned service desk when threats or suspicious behaviour is detected. Our service desk will respond immediately; based on impact analysis the incident will be raised as either Critical or Severe and will be prioritised accordingly. The priority can then be amended following further investigation. Remedial and/or mitigating actions will be taken as appropriate.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined processes for each ITIL incident type (Incident, Problem, Change, Advice). These are followed by the team to conclusion and tracked through an incident management system, with appropriate escalation to expert teams. Users report incidents by phone, email or a web interface and receive confirmation with a unique ticket number. Monthly reports are provided to the service owner or service delivery manager. We also offer dedicated service delivery management calls.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  By using our G Cloud service, you can be confident that takes their responsibility to fighting climate change seriously.; We have adopted a carbon reduction target, in line with the Paris Agreement, to meet our Net Zero target by 2040. The first step is to reduce carbon emissions by 46.2% by 2029 and we have a plan to help us achieve this. We aim to have our targets approved by the SBTi in the coming year.; This will be important to you as a business too. As you are probably aware, you will soon need to report on the carbon footprint from the goods/services you purchase, as though they were your own. Your suppliers (e.g. EQ) will need to meet the targets they quote and have the relevant processes in place to achieve it.; We have already made great progress by:; • Enabling our UK buildings to use electricity from fully renewable sources ; • Reducing waste to landfill, by refusing, reusing, and recycling where possible. Where it cannot be recycled, waste-to-energy facility is used; • Eliminating single-use plastic and using LED lighting in UK offices; • Modifying the air handling system in our data centres to reduce energy use; • Reducing our reliance on paper in our operational areas.; Suppliers are also managed through Supplier Relationship Management. They are segmented by risk and criticality and our high risk; critical suppliers are subject to thorough due diligence. The key things measured includes; An overview of some of the key things measured follows below:; • Environmental – The impact of hazards arising from ecological ‘neglect’; • Social – Arising from issues related to Corporate Social Responsibility such as Human Rights.; • Reputation – Performing in such a way that damages EQ’s reputation or that of our clients.
• Covid-19 recovery:

  Covid-19 recovery

  Throughout the COVID-19 pandemic, our priority has been to support and protect the safety and welfare of our employees and to help our clients and customers through this difficult time.; A rapid and coordinated transition to homeworking took place in less than two weeks. Except for essential print and mail operations, and processing original documents where legally required, all services and telephony were delivered remotely, with more than 95% of staff operating from home. All service lines continued without interruption, enabling us to deliver the high level of service expected. ; The nature of the virus meant we needed to consider a wide range of scenarios, plan how we would respond and complete detailed plan walk-throughs, including consideration of key processes and colleagues required to support these.; Regular briefings were held, which enabled employees at all levels to be fully informed about our response and roadmap and to ask questions or raise any concerns.; We issued newsletters to clients to ensure they were informed on how we were adapting to the pandemic, share any issues and provide information relevant to the services provided. These updates were very well received by our clients.; To support our staff through this period of uncertainty, there were no redundancies, no enforced leave, and no reductions in salary. In 2020 and 2021, all staff below management grade across the UK business received a pay rise.; We reviewed our business continuity and pandemic plans as part of our approach to the pandemic. We also ensured our key suppliers had adequate plans in place. ; Throughout, we demonstrated strong operational resilience and sustained our service levels. Our motivated and flexible staff have shown through our swift response that we can adapt quickly to fast changing and uncertain working conditions with minimal impact on our clients and customers.
• Equal opportunity:

  Equal opportunity

  As a business, we are committed to being diverse and inclusive. We focus on understanding, appreciating, and valuing 'difference', both visible and invisible, and recognise the positive impact a diverse workforce can have on our business and our clients and customers.; At EQ, we strive to offer a working environment that provides equality and acceptance for all, regardless of age, gender, gender identity, race, national or ethnic origin, religion or belief, language, political beliefs, sexual orientation, and physical ability.; The differences our employees bring enrich and enhance our culture, creating one that is open, inclusive, and reflective of the diverse society in which we all live and work. This then enables our people to leverage:; • Diverse thinking; • Skills ; • Leadership experience; • Working styles.; Through our commitment to diversity and inclusion, you will benefit from engaging with a wide range of people at EQ, all with differing backgrounds, skills, and experience. You can be confident that our employees have been selected based on their relevant experience and what they can bring to the relationship.; Our diverse workforce and inclusive business environment are underpinned by our global guiding principles, robust policies, clear goals, and appropriate training. We ensure diversity and inclusion is embedded throughout the organisation from the establishment of our Global Diversity and Inclusion Council and Local Councils in country, through to our employee committees and networks.; The Board and Executive Team have endorsed a Diversity and Inclusion Policy and a Strategic Plan which holds clear statements of our values, standards, and the actions we are taking.

Pricing

• Price: £70.00 a user a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@toplev.com. Tell them what format you need. It will help if you say what assistive technology you use.