Abavus - Site Licence Medium Authority
Our My Council Services site licence provides site-wide access to core licence and product modules on our platform. This enables a multi-channel online and native mobile customer self-service platform, and incorporating fully functional back-office modules. All of this is supported by sophisticated workflow and automation tools.
Features
- Apps, eForms & My Council Portal
- Contact Centre CRM
- Mobile Working
- Service Desk
- Case Management
- Contracts & Licence Management
- Master Data Management
- Bookings, Appointments and Spaces
- Know My Bin Day
- Self-Scanning
Benefits
- A comprehensive transformation platform
- Offer comprehensive customer facing automation & self-service
- Complete Mobile Working
- Functionally rich back office process management
- Enterprise wide transformation & automation support
Pricing
£149,000 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 9 5 1 4 4 9 1 4 0 6 8 8 2 6
Contact
Abavus.co.uk
Darren Bird
Telephone: 0208 530 2505
Email: info@abavus.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- A site licence contains the primary functional modules that form the complete My Council Services digital platform. It can be augmented further with use in conjunction with some or all of our other Abavus modules.
- Cloud deployment model
- Private cloud
- Service constraints
- The Service is intended to be available 24 hours a day, 7 days a week except for: (a) any planned downtime which includes monthly maintenance every Saturday between the hours of 3:00a.m. GMT to 5:00a.m GMT, (b) emergency maintenance if deemed necessary and (c) down time caused by an event of force majeure. Abavus will use commercially reasonable efforts to notify Customers a minimum of seven (7) days in advance of downtime planned for a Standard Maintenance Window.
- System requirements
-
- Supported browser is the only requirement
- Microsoft Edge, Firefox, Chrome, Safari, Opera and mobile versions
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within maximum of 4 hours. Standard support terms do not include weekends. Weekend and out of hours support available by separate negotiation with Abavus Ltd.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Full range of support is provided as part of the annual subscription to the hosted products. Any non standard support requirements are agreed through separate negotiation with the client. All clients have access to a technical account manager.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Abavus provides a comprehensive onboarding service for every client. This includes but is not limited to the following aspects and deliverables: Mutually agreed project plan that will vary in detail and complexity based on the size and scope of the project. An agreed delivery of onsite training with accompanying training aids to support ongoing learning. Access to remote screen casting troubleshooting sessions and configuration support with a qualified technical account manager. Access to our standard support service via telephone, email and online ticketing capability. An onboarding project would also typically include some element of onsite consulting delivery to assist with any aspect of process review, platform configuration and technical configuration as required. Onsite consulting delivery is a separately chargeable service and would be agreed in advance with the client.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- All contracts with our clients clearly state that the data held in the hosted instance belongs to the client. Abavus Ltd is registered with the Information Commissioners Office (ICO) as a data processor. As a standard part of the platform, tools exist that allow clients to extract their data in flat file format at any time during their contract period.
- End-of-contract process
- At the end of a contract period, if a client does not wish to continue with use of the service, the secure instance of the service for that client will be inaccessible. We will have worked with the client prior to this to ensure they have retrieved any required data from the platform. Once the client has retrieved any data from the platform, the instance will be deleted and the data will also be deleted (unless subject to any legal requirement to maintain data, securely archived, for any period of time).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Equivalent user experience between desktop browsers and their mobile versions. We also provide native mobile applications running on iOS and Android for Smartphones and Tablets.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- Full Graphical User Interface is provided for all aspects of the platform
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- We routinely test our platform accessibility using assistive technology (e.g. text- to-speech). We also support client testing with their own users of assistive technology.
- API
- Yes
- What users can and can't do using the API
- My Council Services offer a web services based API. The API is a separately licensed product subscription available via G-Cloud on an annual subscription. Clients can use the API to poll the My Council Services database at regular intervals and to securely extract data relating to Service Requests, Tasks or Cases in order that it is available to third-party systems. Web APIs can include SOAP, WSDL, JSON, XML. Internal web services are RESTful. The My Council Services web services API is controlled in terms of security and access.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
All areas of the platform can be customised to the individual client's preferences using configuration-based tools. These configuration tools cover most user-facing areas of the product from form design through to themes, colours, workflow and rules for automation. Access to the entire platform is governed via
Role Based Access Control (RBAC). Individual roles can be configured by the client with differing levels of privilege that allow for increased or decreased configuration capability.
Scaling
- Independence of resources
- The following scalability measures are in place: The MCS platform operates a 4 Server Cluster providing a total of 212 cores, 1.2TB of RAM, and 160TB of storage. The My Council Services (MCS) platforms operates using a 100% 10GB network. Within the racks of the MCS Private Cloud everything is run at 10GB, the link between the data centres, and connections to the three transit suppliers. Our DR suite can be operational by way of a failover and will support all core services. System is clustered for High Availability & Load Balancing. Clustering at DB layer & Application server layer.
Analytics
- Service usage metrics
- Yes
- Metrics types
- My Council Services offers a useful array of real-time platform usage metrics. These include but are not limited to the following: Service Request dashboard (tabular, chart and map-based reports). Customer usage reports (tabular, chart and map/geographical boundary-based reports). Detailed analytics (configurable reports on detailed service request, task and case management data).
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- ITouchVision Ltd
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Clients (UK Public Sector organisations) can extract their data from the platform at any time in a flat file format (e.g. CSV). Where a client instance is integrated to any third party application via web services, specific ranges of data will be extracted to separate database applications at a frequency that can be set by the client (e.g. every 15 or 30 minutes).
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Contractually assured availability with the following clause: Availability. The Service is intended to be available 24 hours a day, 7 days a week except for: (a) any planned downtime which includes monthly maintenance every Saturday between the hours of 3:00a.m. GMT to 5:00a.m GMT, (b) emergency maintenance if deemed necessary and (c) down time caused by an event of force majeure. Abavus will use commercially reasonable efforts to notify Customer seven (7) days in advance of downtime planned for a Standard Maintenance Window.
- Approach to resilience
- The following measures are in place to ensure resilience of the platform: Firewall - Database never exposed beyond internal firewall. Penetration Testing - Regular penetration tests are performed at least every 20 days. Any relevant outcomes are immediately evaluated and acted upon. Source code encryption - Encrypted binary source code deployed to app preventing reverse engineering from hackers. SSL - Secure Sockets Layer (SSL) used for all communication & Web services. Private Key Encryption - Private key shared between app & server to encrypt data packets. The MCS platform operates a 4 Server Cluster providing a total of 212 cores, 1.2TB of RAM, and 160TB of storage. The My Council Services (MCS) platforms operates using a 100% 10GB network. Within the racks of the MCS Private Cloud everything is run at 10GB, the link between the data centres, and connections to the three transit suppliers. Our DR suite can be operational by way of a failover and will support all core services. System is clustered for High Availability & Load Balancing. Clustering at DB layer & Application server layer. More detailed security and resilience information is available upon request.
- Outage reporting
- Any disruption to service or outage is automatically picked up by the My Council Services 'Pulse Checker' capability. This monitors performance of the core platform and monitors the activity between My Council Services and any third party system integration. The occurrence of any out of tolerance event that has the potential to disrupt service delivery will be picked up by the My Council Services 'Pulse Monitor' service. This service runs 24/7 and monitors both core platform performance and the activity levels of any integration points between My Council Services and third party applications. Any disruption to service, beyond defined tolerance levels, will trigger an email alert and phone call to key authorised, technical personnel. In turn, once any disruptive event is identified, notifications are triggered to the Abavus Technical Account Management team who will liaise with clients to advise.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- Anonymous user access to customer-facing elements is available upon request.
- Access restrictions in management interfaces and support channels
- My Council Services is equipped with comprehensive Role Based Access Control (RBAC). RBAC allows for the configuration of highly detailed access and login privileges. RBAC will effectively govern which individual users can access management interfaces and / or support channels. RBAC governs both a user’s ability to access areas of functionality and also a user’s ability to access specific data fields.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- Industry Standard SSL Extended Validation incorporating company and financial checks.
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Security governance is given the highest priority and there is an appointed board member who has a portfolio that includes the assurance of fit for purpose security governance protocols. The Abavus Business Continuity, Disaster Recovery and Security Governance Plan is regularly reviewed to ensure its accuracy and is updated accordingly. The plan describes procedures to be performed in the event of different types of event, which could affect the core operations of the business.
- Information security policies and processes
- Abavus has a full range of documented security policies and associated processes that enable the business to ensure effective security. These include the following: Incident management processes. Security incident definition (published internally). Personnel security checks and employment checks. Secure development policies. Supply chain security check and review. Third party supplier risk assessment. General risk assessment.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- There is a well-documented process and methodology that is in place to help the organisation manage the process of change and development in relation to the My Council Services platform. Within specific client projects and implementations there may be bespoke changes and developments that form part of the wider project delivery. In this context change management is a mutually agreed and documented process. Changes that have an effect on product functionality will be subject to the same process as listed below. Any planned changes are subject to change impact assessment. Development. Link Testing. User Acceptance Testing. Demonstration. Pre-Production. Production.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- There is a well tested and documented set of processes that enables Abavus to adequately manage potential and perceived vulnerability. These include: Vulnerability assessment. Vulnerability monitoring. Vulnerability mitigation prioritisation. Vulnerability tracking. Vulnerability mitigation timescales.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Protective monitoring covers how both the vendor is enabled to identify potential compromises and how the vendor enables users to identify and make the vendor aware of potential compromises. Specific processes that monitor for vulnerabilities: Firewall - Full audit data captured and prioritised. Penetration Testing - Penetration tests are performed at least every 20 days. Any relevant outcomes are immediately evaluated and acted upon. Best practice measures are in place and regular testing is conducted after every version upgrade to protect against SQL injection. Full audit information captured and prioritised. All identified vulnerabilities are prioritised and immediate action is taken.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Abavus has documented incident management policies and associated processes that enable the business to ensure effective identification and management of any qualifying occurrence. These include the following: Incident management processes. Incident definition (published internally). Third party supplier risk assessment & incident identification. General risk assessment.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Covid-19 recovery
-
Covid-19 recovery
Our capability enables customers to fully self-serve across all council services. This negates the need to go into physical premises, therefore supporting members of the community who are worst affected, vulnerable and/or shielding. We support organisations by enabling them to put their services online in an easy-to-use format. As a cloud-hosted solution, this also enables remote working for staff, allowing for effective social distancing and sustainable travel.
Pricing
- Price
- £149,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Trial episodes can be arranged direct with the vendor.