BetterTrack

BetterTrack SaaS

BetterTrack enables organisations to improve performance by establishing live KPIs that help leaders and teams to spot performance gaps and put in place the remedial actions to get back on track.

Features

• Management & cascade of objectives and KPIs
• Alignment & status of deliverables and actions to KPIs
• Management of data sources and feeds
• Automated indicators and exception reporting
• Collaboration
• Modern user interface with multi-device support
• Microsoft technology base

Benefits

• More meaningful and relevant KPIs to achieve performance objectives
• More focused effort and involvement of project teams
• Improved quality, range and speed of KPI production
• Earlier warning and better visibility of gaps for corrective action
• Improved engagement & participation to achieve performance objectives
• Greater levels of adoption & more rewarding use
• More robust and scalable solution

£33 to £195 a user a quarter

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ahudson@bettertrack.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

298021829425551

Contact

Andrew Hudson
07776145009
ahudson@bettertrack.org

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Microsoft Azure
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Server side updates & maintenance is between 0200-0300 UTC on Sundays.
• System requirements: Google Chrome, Microsoft Edge or Internet Explorer, Safari

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Mon-Fri 0800-1700 <2hours; Sat-Sun 0900-1700 <4hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users see a chat option on the bottom right of the screen. Clicking on this link opens a discussion panel. If user has text to speech software assistant technology installed, then this should be configurable to read out discussions from the web chat and provide for user speech recognition.
• Web chat accessibility testing: We have experience of using Dragon and JAWS accessibility software tools
• Onsite support: Yes, at extra cost
• Support levels: 1. Software support (functionality and bugs) is included in the SaaS contract and provided to designated contacts as a 2nd line of support; 2. Proactive support includes training, configuration and data setup on a pre-paid basis charged quarterly or annually at a rate of £650 per day+VAT.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial setup and configuration support to system administrator and data managers. This includes support for setup of standing and dynamic dataset feeds plus the setup of the initial analysis and indicators for KPI tracking. ; ; For end users we provide online training in the method and tool. Most users would not need formal training due to the simple and intuitive user interface. For organisations looking to establish better measurement and continuous improvement practices, we can help to facilitate workshops that help teams to find more of the right measures. Via a "train the trainer" approach, we can help to establish performance measurement competencies and disciplines within the organisation.; ; We also provide support to develop a strategy & plan for deployment. This includes establishment of Objectives, KPIs and dataset management.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Admin users may perform a download of all of standing, dynamic, analysis, collaboration and indicator datasets in JSON format. This is suitable for load and import into third party SQL/NoSQL database tools.; ; Datasets are saved in an encrypted and password protected ZIP file format and is only available for a single download once permissions have been granted by the registered data administrator.; ; Users may also print/export pages to PDF format
• End-of-contract process: Included: JSON extract of datasets to the assigned data controller. In the case of dedicated server instances, we also provide a certificate confirming eradication of the Azure environment.; ; Additional Cost: Support for migration to alternative system or server

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Mobile devices have restricted access to certain types of lists dependent on the device type (e.g. smart phone versus tablet). For smart phone devices only the first 3 list columns are shown with a click link to expand and view further details
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: No
• Customisation available: Yes
• Description of customisation: Users customise dataset feeds, field names, filters as well as analysis and indicator datasets. This is done by nominated data managers who have the credentials to setup feeds / IP addresses etc with connected systems

Scaling

• Independence of resources: Indicators and datasets are maintained so that access to data is localised to reporting needs. This minimises the impact of complex queries which are pre-processed. Azure service performance is also monitored and if demand peaks, additional capacity may be provisioned. Customer databases and server side applications / API are hosted on private virtual servers or public cloud. Customers may also host on privately "managed" Azure servers.

Analytics

• Service usage metrics: Yes
• Metrics types: Users can see #Views, #Comments and #Likes of their Objectives and KPIs, ; Admin users can monitor, #user logins, #views, #comments and #likes by Objective and KPI
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure, SQL Server

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: From any list, users can export their data to XLSX or CSV format; From any screen - e.g. with charts, details and list, users can save a copy in PDF format; From the data manager screens, admin users can export data in JSON format
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • JSON
  • XLSX
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • SQL
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Priority 1 - 1 hour response, 4 hours resolution; Priority 2 - 1 hour response, 1 day resolution; Priority 3 - 4 hours response, 5 days but can vary; Priority 4 - 1 days , next major release
• Approach to resilience: Datacentre is managed by Azure and includes daily full backup, 3hour incremental backs and an Azure managed recovery and restore service on instance and data
• Outage reporting: We provide email alerts to service admin users with ongoing recovery status updates in the event of outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management requests are performed over secure and authenticated channels. All management requests via phone are screened to confirm requestor credentials. All management requests are notified to the nominated site administrators by email.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Company, LLC (Azure)
• ISO/IEC 27001 accreditation date: 03/12/2021
• What the ISO/IEC 27001 doesn’t cover: Certification relates to Microsoft Azure platform and infrastructure. It does not relate to BetterTrack as an organisation which would be open to certification if required. ISMS policies and procedures are available on request.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 12/11/2021
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: This covers Azure platform certification (Deloitte & Touche LLP) and not BetterTrack which deploys onto the Azure Atlas service
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Full details are available in our Information Security and Privileged Account Management policies. The information security policy includes ; 1.0 Information Security Mission Statement; 2.0 Information Security Policy Overview; 3.0 Security Policy; 4.0 Security Organisation; 5.0 Asset Classification and Control; 6.0 Personnel Security; 7.0 Physical and Environmental Security; 8.0 Communications and Operations Management; 9.0 Access Control; 10.0 Systems Development and Maintenance; 11.0 Compliance
• Information security policies and processes: 1.0 Information Security Mission Statement; 2.0 Information Security Policy Overview; 3.0 Security Policy; 4.0 Security Organisation; 5.0 Asset Classification and Control; 6.0 Personnel Security; 7.0 Physical and Environmental Security; 8.0 Communications and Operations Management; 9.0 Access Control; 10.0 Systems Development and Maintenance; ; Included in the IS policy are details of compliance processes that include

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We track services via a product log of MS architecture components in a change log. All code is versions and releases are tightly controlled with use Gitlab for code management and automated release deployment to instances maintained is a master register.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use Accunetix to conduct penetration tests on our test instance which replicates all other sites. Code threats are monitored a news feed of alerts and we assess these for levels of risk to our architecture and setup. Vulnerabilities are also reviewed and actioned via a risk based vulnerability log.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is included in our IS and PAM policies. These include clearly defined roles and objectives for protective monitoring. Monthly PAM reporting is based on the server event log with analysis of admin user access, failed attempts, new accounts and permission changes. We also monitor IP addresses for potential DoS and intrusion attacks.
• Incident management type: Supplier-defined controls
• Incident management approach: There is a defined process and portal (configured using BetterTrack) for reporting service incidents which includes links to specific screens and automated monitoring / tracking of issues. When an incident is reported, it is categorised for severity, a message is sent confirming receipt and with details of the contact for investigating. Incident updates and resolutions are reported via email and the incident portal. We provide incident stats and reports using indicators (our own configured solution using BetterTrack)

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our platform enables organisations to better align and measure the impact of their initiatives against UN sustainable development goals including climate change. As an organisation, we have ambitions to support the establishment of a national library of indicators and a register of programmes and projects and their impact.; ; We are a supporter of the TCFD initiative.; ; We also offer staff the opportunity to spend 1 day a quarter working on a local sustainable development project of their choice.
• Covid-19 recovery:

  Covid-19 recovery

  We're supporting national efforts to recover from the pandemic focusing on social care initially. We won an InnovateUK Covid19 rapid recovery grant and are working with the sector to support renewal of social care, especially care homes which have been greatly affected by the pandemic.
• Tackling economic inequality:

  Tackling economic inequality

  We're passionate about helping the UK to address the productivity puzzle which concerns the UK's relatively low productivity versus other developed economies. A key part of that is improving the balance between company profits and employee pay. We won an InnovateUK grant to design and test the feasibility portal which helps organisations to improve productivity through better performance and better pay.
• Equal opportunity:

  Equal opportunity

  We are an equal opportunity employer that ensures recruitment is not biased to any group with a goal to ensure diversity of staff covering physical capacity, social background and ethnicity.; ; We have an EMI share options scheme for key staff
• Wellbeing:

  Wellbeing

  We continuously review the health and well being of our staff and encourage them to take "time-out" if we feel their health is at risk.

Pricing

• Price: £33 to £195 a user a quarter
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We provide access to a trial environment that can be used as a sandbox to create indicators from Excel data sources and share these with colleagues. We do not include access to the data manager for management of data feeds.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ahudson@bettertrack.org. Tell them what format you need. It will help if you say what assistive technology you use.