Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Abavus - Site Licence Medium Authority
Abavus.co.uk

Abavus - Site Licence Medium Authority

Our My Council Services site licence provides site-wide access to core licence and product modules on our platform. This enables a multi-channel online and native mobile customer self-service platform, and incorporating fully functional back-office modules. All of this is supported by sophisticated workflow and automation tools.

Features

  • Apps, eForms & My Council Portal
  • Contact Centre CRM
  • Mobile Working
  • Service Desk
  • Case Management
  • Contracts & Licence Management
  • Master Data Management
  • Bookings, Appointments and Spaces
  • Know My Bin Day
  • Self-Scanning

Benefits

  • A comprehensive transformation platform
  • Offer comprehensive customer facing automation & self-service
  • Complete Mobile Working
  • Functionally rich back office process management
  • Enterprise wide transformation & automation support

Pricing

£149,000 a licence a year

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@abavus.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

2 9 5 1 4 4 9 1 4 0 6 8 8 2 6

Contact

Abavus.co.uk Darren Bird
Telephone: 0208 530 2505
Email: info@abavus.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
A site licence contains the primary functional modules that form the complete My Council Services digital platform. It can be augmented further with use in conjunction with some or all of our other Abavus modules.
Cloud deployment model
Private cloud
Service constraints
The Service is intended to be available 24 hours a day, 7 days a week except for: (a) any planned downtime which includes monthly maintenance every Saturday between the hours of 3:00a.m. GMT to 5:00a.m GMT, (b) emergency maintenance if deemed necessary and (c) down time caused by an event of force majeure. Abavus will use commercially reasonable efforts to notify Customers a minimum of seven (7) days in advance of downtime planned for a Standard Maintenance Window.
System requirements
  • Supported browser is the only requirement
  • Microsoft Edge, Firefox, Chrome, Safari, Opera and mobile versions

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within maximum of 4 hours. Standard support terms do not include weekends. Weekend and out of hours support available by separate negotiation with Abavus Ltd.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Full range of support is provided as part of the annual subscription to the hosted products. Any non standard support requirements are agreed through separate negotiation with the client. All clients have access to a technical account manager.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Abavus provides a comprehensive onboarding service for every client. This includes but is not limited to the following aspects and deliverables: Mutually agreed project plan that will vary in detail and complexity based on the size and scope of the project. An agreed delivery of onsite training with accompanying training aids to support ongoing learning. Access to remote screen casting troubleshooting sessions and configuration support with a qualified technical account manager. Access to our standard support service via telephone, email and online ticketing capability. An onboarding project would also typically include some element of onsite consulting delivery to assist with any aspect of process review, platform configuration and technical configuration as required. Onsite consulting delivery is a separately chargeable service and would be agreed in advance with the client.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
All contracts with our clients clearly state that the data held in the hosted instance belongs to the client. Abavus Ltd is registered with the Information Commissioners Office (ICO) as a data processor. As a standard part of the platform, tools exist that allow clients to extract their data in flat file format at any time during their contract period.
End-of-contract process
At the end of a contract period, if a client does not wish to continue with use of the service, the secure instance of the service for that client will be inaccessible. We will have worked with the client prior to this to ensure they have retrieved any required data from the platform. Once the client has retrieved any data from the platform, the instance will be deleted and the data will also be deleted (unless subject to any legal requirement to maintain data, securely archived, for any period of time).

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Equivalent user experience between desktop browsers and their mobile versions. We also provide native mobile applications running on iOS and Android for Smartphones and Tablets.
Service interface
Yes
User support accessibility
WCAG 2.1 AAA
Description of service interface
Full Graphical User Interface is provided for all aspects of the platform
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
We routinely test our platform accessibility using assistive technology (e.g. text- to-speech). We also support client testing with their own users of assistive technology.
API
Yes
What users can and can't do using the API
My Council Services offer a web services based API. The API is a separately licensed product subscription available via G-Cloud on an annual subscription. Clients can use the API to poll the My Council Services database at regular intervals and to securely extract data relating to Service Requests, Tasks or Cases in order that it is available to third-party systems. Web APIs can include SOAP, WSDL, JSON, XML. Internal web services are RESTful. The My Council Services web services API is controlled in terms of security and access.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
All areas of the platform can be customised to the individual client's preferences using configuration-based tools. These configuration tools cover most user-facing areas of the product from form design through to themes, colours, workflow and rules for automation. Access to the entire platform is governed via
Role Based Access Control (RBAC). Individual roles can be configured by the client with differing levels of privilege that allow for increased or decreased configuration capability.

Scaling

Independence of resources
The following scalability measures are in place: The MCS platform operates a 4 Server Cluster providing a total of 212 cores, 1.2TB of RAM, and 160TB of storage. The My Council Services (MCS) platforms operates using a 100% 10GB network. Within the racks of the MCS Private Cloud everything is run at 10GB, the link between the data centres, and connections to the three transit suppliers. Our DR suite can be operational by way of a failover and will support all core services. System is clustered for High Availability & Load Balancing. Clustering at DB layer & Application server layer.

Analytics

Service usage metrics
Yes
Metrics types
My Council Services offers a useful array of real-time platform usage metrics. These include but are not limited to the following: Service Request dashboard (tabular, chart and map-based reports). Customer usage reports (tabular, chart and map/geographical boundary-based reports). Detailed analytics (configurable reports on detailed service request, task and case management data).
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
ITouchVision Ltd

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Clients (UK Public Sector organisations) can extract their data from the platform at any time in a flat file format (e.g. CSV). Where a client instance is integrated to any third party application via web services, specific ranges of data will be extracted to separate database applications at a frequency that can be set by the client (e.g. every 15 or 30 minutes).
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Contractually assured availability with the following clause: Availability. The Service is intended to be available 24 hours a day, 7 days a week except for: (a) any planned downtime which includes monthly maintenance every Saturday between the hours of 3:00a.m. GMT to 5:00a.m GMT, (b) emergency maintenance if deemed necessary and (c) down time caused by an event of force majeure. Abavus will use commercially reasonable efforts to notify Customer seven (7) days in advance of downtime planned for a Standard Maintenance Window.
Approach to resilience
The following measures are in place to ensure resilience of the platform: Firewall - Database never exposed beyond internal firewall. Penetration Testing - Regular penetration tests are performed at least every 20 days. Any relevant outcomes are immediately evaluated and acted upon. Source code encryption - Encrypted binary source code deployed to app preventing reverse engineering from hackers. SSL - Secure Sockets Layer (SSL) used for all communication & Web services. Private Key Encryption - Private key shared between app & server to encrypt data packets. The MCS platform operates a 4 Server Cluster providing a total of 212 cores, 1.2TB of RAM, and 160TB of storage. The My Council Services (MCS) platforms operates using a 100% 10GB network. Within the racks of the MCS Private Cloud everything is run at 10GB, the link between the data centres, and connections to the three transit suppliers. Our DR suite can be operational by way of a failover and will support all core services. System is clustered for High Availability & Load Balancing. Clustering at DB layer & Application server layer. More detailed security and resilience information is available upon request.
Outage reporting
Any disruption to service or outage is automatically picked up by the My Council Services 'Pulse Checker' capability. This monitors performance of the core platform and monitors the activity between My Council Services and any third party system integration. The occurrence of any out of tolerance event that has the potential to disrupt service delivery will be picked up by the My Council Services 'Pulse Monitor' service. This service runs 24/7 and monitors both core platform performance and the activity levels of any integration points between My Council Services and third party applications. Any disruption to service, beyond defined tolerance levels, will trigger an email alert and phone call to key authorised, technical personnel. In turn, once any disruptive event is identified, notifications are triggered to the Abavus Technical Account Management team who will liaise with clients to advise.

Identity and authentication

User authentication needed
Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication
Anonymous user access to customer-facing elements is available upon request.
Access restrictions in management interfaces and support channels
My Council Services is equipped with comprehensive Role Based Access Control (RBAC). RBAC allows for the configuration of highly detailed access and login privileges. RBAC will effectively govern which individual users can access management interfaces and / or support channels. RBAC governs both a user’s ability to access areas of functionality and also a user’s ability to access specific data fields.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
Industry Standard SSL Extended Validation incorporating company and financial checks.

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security governance is given the highest priority and there is an appointed board member who has a portfolio that includes the assurance of fit for purpose security governance protocols. The Abavus Business Continuity, Disaster Recovery and Security Governance Plan is regularly reviewed to ensure its accuracy and is updated accordingly. The plan describes procedures to be performed in the event of different types of event, which could affect the core operations of the business.
Information security policies and processes
Abavus has a full range of documented security policies and associated processes that enable the business to ensure effective security. These include the following: Incident management processes. Security incident definition (published internally). Personnel security checks and employment checks. Secure development policies. Supply chain security check and review. Third party supplier risk assessment. General risk assessment.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
There is a well-documented process and methodology that is in place to help the organisation manage the process of change and development in relation to the My Council Services platform. Within specific client projects and implementations there may be bespoke changes and developments that form part of the wider project delivery. In this context change management is a mutually agreed and documented process. Changes that have an effect on product functionality will be subject to the same process as listed below. Any planned changes are subject to change impact assessment. Development. Link Testing. User Acceptance Testing. Demonstration. Pre-Production. Production.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
There is a well tested and documented set of processes that enables Abavus to adequately manage potential and perceived vulnerability. These include: Vulnerability assessment. Vulnerability monitoring. Vulnerability mitigation prioritisation. Vulnerability tracking. Vulnerability mitigation timescales.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring covers how both the vendor is enabled to identify potential compromises and how the vendor enables users to identify and make the vendor aware of potential compromises. Specific processes that monitor for vulnerabilities: Firewall - Full audit data captured and prioritised. Penetration Testing - Penetration tests are performed at least every 20 days. Any relevant outcomes are immediately evaluated and acted upon. Best practice measures are in place and regular testing is conducted after every version upgrade to protect against SQL injection. Full audit information captured and prioritised. All identified vulnerabilities are prioritised and immediate action is taken.
Incident management type
Supplier-defined controls
Incident management approach
Abavus has documented incident management policies and associated processes that enable the business to ensure effective identification and management of any qualifying occurrence. These include the following: Incident management processes. Incident definition (published internally). Third party supplier risk assessment & incident identification. General risk assessment.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Covid-19 recovery

Covid-19 recovery

Our capability enables customers to fully self-serve across all council services. This negates the need to go into physical premises, therefore supporting members of the community who are worst affected, vulnerable and/or shielding. We support organisations by enabling them to put their services online in an easy-to-use format. As a cloud-hosted solution, this also enables remote working for staff, allowing for effective social distancing and sustainable travel.

Pricing

Price
£149,000 a licence a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Trial episodes can be arranged direct with the vendor.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@abavus.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.