The Gallery Partnership Ltd

BenefactorCloud

BenefactorCloud supports the whole lifecycle of your grant management process and can be accessed 24/7 wherever your staff, applicants or reviewers may be, whatever their device. BenefactorCloud is one place for all your grant, reports and audit information, communication and documents. Built and hosted with industry leading security practices.

Features

• Customised Dashboards, Customised Workflows, customised to your brand
• View part completed applications, Graphical representation of which stage
• Audited Decisions can be recorded against a grant.
• Payment Tracking
• Produce board ready reports, online dynamic reporting.
• GDPR privacy controls allow regular and automated data management
• User-based pricing
• User screens carefully designed to meet WCAG 2.1 standard
• Full comprehensive support, expert consultancy and training
• Eligibility checking

Benefits

• Access on any internet based device
• Pause and resume applications from where you left off
• Reduce administration time with automated eligibility checking and reporting
• Continuous security testing
• Easily adaptable software to meet future grant-making needs
• Flexible for the short or long-term user
• Invitation system for external 3rd party users to score applications
• One place for all your grant, reports and audit information
• Complete visibility of previous and scheduled payments
• Track communication history from a single system

£1,800 to £4,500 a licence a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@gallerypartnership.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

288836402299918

Contact

Gallery Partnership
0207 096 2800
info@gallerypartnership.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The Benefactor Application and its Ancillary Services are regularly upgraded and TGPL reserves the right to discontinue, add and/or substitute functionally equivalent features in the event of product unavailability, end-of-life, or changes to software requirements. TGPL will notify the Customer of any material change to or discontinuance of the Benefactor Application and / or its Ancillary Services prior to undertaking any upgrade of the Customer’s Benefactor Application and / or its Ancillary Services.
• System requirements: Internet based device, PC,Mac or mobile

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: An email address is provided for non-urgent enquiries. ; A telephone support line for urgent queries is open from 9:00 a.m. to 5:30 p.m. (GMT) Monday-Friday. Authorised Users calling this line will be able to describe the nature of the problem or question to a technician who will immediately log the call. If unable to work on the problem immediately, a support technician will return the call to a designated customer contact and will work to resolve the problem.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Included in the license fee is support to the system administrators. The expectation is that system admins then provide support to applicants.; ; The client will be assigned a technical account manager.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Every customer is partnered with a Senior Implementation Consultant experienced in the onboarding process and BenefactorCloud. To ensure project transparency and progress, Gallery Partnership utilises a dedicated project management tool which guides the customer through the process clearly outlining deliverable tasks and associated due dates. This platform also serves as a single portal for communications and a centralised place to keep associated documentation.; ; Our collaborative approach recognises and accommodates the demanding schedule of a Grant Manager. Our onboarding process is designed around you and your team. When planning the implementation timeline, we take into account and reserve time for various commitments such as application deadlines, Trustee meetings, and other events that may divert attention from the project. This ensures a steady and stress-free progression, while also guaranteeing the success of the timeline. ; ; Training is provided preferably online however, can be held onsite. A suite of online user documentation is available to view.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: A MySQl export will be provided along with a zipped folder containing all attachments.
• End-of-contract process: A MySQl export containing all table data and a file containing attached documents. Migration support to a new system is not included.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/a
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Benefactor Cloud uses a web based service interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Designed with best practice in mind, internally tested to meet WCAG 2.1AA.
• API: No
• Customisation available: Yes
• Description of customisation: BenefactorCloud offers admin user customisation in the following areas:; -Application form building; -Bespoke fields; -Privacy statements; -Landing pages; -Reports configuration; -Workflows ; -Dashboard; ; Changes are made using inbuilt tools.

Scaling

• Independence of resources: Servers are built with excess capacity in mind, monitoring will be used to ensure they are adequately resourced.; ; If required individual servers can be allocated to individual customers.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics can be provided if the customer has chosen to run on a dedicated server.; ; Login metrics can also be provided.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: BenefactorCloud uses an inbuilt reports tool, standard reports can be used to display data in a variety of ways. Bespoke reports can be created to specification if required. Results can be export in formats such as PDF, XLSX, CSV.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • XLSX
  • XLS
  • RTF
  • DOCX
  • MHT
  • Text
  • Image
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Specified IPs if required
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Specified IP access

Availability and resilience

• Guaranteed availability: Benefactor Cloud will aim to achieve 99.8% uptime (yearly) excluding planned downtime. Should this not be met, then pro rata refunds will be issued to clients.
• Approach to resilience: Available on request
• Outage reporting: Email alerts to account leads

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All access to the management interfaces is via the portal logon. All administrators and users have a individual user account.; ; There are two types of admins, the administrators of the BenefactorCloud application itself (super users) and customer admins (system admins). System admins can only administer their own application / database. ; ; Benefactor cloud enforces default passwords with a complexity of 8 character minimum, uppercase, lowercase and number. The passwords will not be forced to expire.; ; Clients do not have access to the AWS back-end. Only system admins can access AWS and their accounts must use 2FA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus
• Information security policies and processes: Gallery Partnership adhere to Cyber Essentials Plus

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: TGPL uses GITHUB for source code version control, access to the repository is restricted to named users. Pull requests to the master release branch are restricted to lead developers.; ; Any changes to the AWS environment, e.g. resizing virtual servers and resources and performing security patch updates, is managed by TGPL. ; All changes made are recorded in a ticket management system and a Change Management Log is updated.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: 1. Security patching- TGPL receive daily notifications these are managed by (https://alas.aws.amazon.com/) When critical severity notifications are flagged, TGPL check to see if these are in use. If so, the security patches are installed within 2 working days.; 2.Application code vulnerabilities are automatically highlighted via GITHUB, all high risks will be patched within 2 working days.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: BenefactorCloud is hosted within AWS which provides active monitoring via Shield Standard. ; ; Monitoring alerts are delivered to Gallery developers which are then reviewed in accordance with our standard SLA.
• Incident management type: Supplier-defined controls
• Incident management approach: TGPL maintain an internal document which contains steps to recover from server issues, as well as key contacts and points of support. Topics include recovering from a snapshot and other common problems.; ; Detection of a comprimised server will result in TGPL replacing the server instance and investigating the route cause.; ; Users are able to report incidents via benefactorsupport@gallerypartnership.co.uk; ; Incident reports will be emailed to key account leads following TGPL procedure.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change - ability to manage excessive levels of data storage and the carbon emissions associated with data storage in data centres.

  Covid-19 recovery

  Covid 19 recovery - ability to quickly deploy grant programmes specifically tailored to Covid19 recovery or any other emergency programmes.

  Tackling economic inequality

  Tackling economic inequality - ability to track applicants and grantees to identify groups that are not applying, whether they are geographic, ethnic etc.

  Equal opportunity

  BenefactorCloud provides application review tools which promote equal opportunity and aim to remove bias (either conscious or Unconscious). This is done by setting what reviewers can see during the selection process, presenting key information allowing the reviewer to gain a clear understanding of the application. However removing any private information and information that might lead to bias, such as gender, ethnicity, age etc

  Wellbeing

  Wellbing - ability to track applicants and grantees to identify groups that are not applying, whether they are geographic, ethnic etc.

Pricing

• Price: £1,800 to £4,500 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@gallerypartnership.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.