NEC SOFTWARE SOLUTIONS UK LIMITED

CitiZone

CitiZone is a highly configurable, end-to-end case management solution, created by ex-practitioners from adult justice. It supports corrections staff, offenders, victims and the public throughout the justice process. It’s easy to use, makes light work of reporting and simplifies collaboration.

Features

• Fully integrated justice platform
• Next generation case management system
• Highly configurable data model
• Modern and simple User Interface
• Configurable states and transitions
• Highly customisable for any case management context
• In-built notification system
• Embedded reporting and dashboards
• Flexible Cloud Hosting
• Supports multiple languages

Benefits

• Manage different offender pathways court to sentence completion
• Lightning fast data entry reduces admin time
• In-built system reminders to help manage workload
• In-system colleague tagging to help case collaboration
• Customisable dashboards to see what is relevant to you
• Important data clearly presented to ensure nothing is missed
• Embedded reporting means no more jumping between systems
• No painful updates, always be on latest version of system
• Available to service users 24x7

£1,200 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@necsws.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

338040202059159

Contact

NEC Frameworks Team
07852 936231
frameworks@necsws.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: CitiZone can be used on PCs, Laptop or tablets and is tested for compatibility with latest versions on all common browsers but may need to be tested with very old browser versions.; Depending on the sensitivity of your data you can access using internet or a secure intranet; working with your data-owner to set up appropriate controls to protect your data.; Service Desk support is currently 09:00 to 17:300 on working days. Extended support up to 247 can be provided on request.; Maintenance is currently done at weekends. Maintenance windows can be agreed with individual customers.
• System requirements:
  • A PC, laptop or tablet
  • Modern Browser
  • Data owner/accreditor may decide on added security features

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Incidents can be raised with the Service Desk by email or telephone and will be responded to within 15 minutes during office hours. Normal office hours are 08:00 to 18:00 weekdays (except public holidays), calls or emails received outside of these hours will be responded to within 15 minutes of the start of the next working day. Extended cover up to 24/7 can be arranged if required with the same response times as working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Web Chat support is provided by a COTS product that has been extensively tested for assistive technology support and conforms to W3C AA Standards for Accessibility.
• Onsite support: Yes, at extra cost
• Support levels: Our Software-as-a-Service products comes with Service Desk, Hosting and Infrastructure Support all included in the cost. Standard Service Desk support is the same for all customers: Service Desk hours 09:00 to 17:30 weekdays (except public holidays), accessed via email, customer portal (with Web Chat support) or phone, responses within 15 minutes, severity one incidents resolved within 4 hours (see detailed SLA). The NEC Service Desk is staffed with ITIL trained, SC Cleared Analysts, fully trained on all NEC applications, able to resolve the majority of incidents on the first call. Extended Service hours up to 24/7 quoted on request at individual customer rate depending on requirement.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The standard onboarding process is free and consists of the initial set-up of authentication and loading of reference data. CitiZone comes with a self-service kiosk for password maintenance with administrator facilities for on-going security management. We can set up the administrators who can then manage the rest of the staff or we can perform an initial loading by importing a CSV file. Each customer will have an account manager who takes care of the onboarding process, ensuring the correct set-up of authentication and reference data. CitiZone has an individual instance of the training system for each customer and comes with a free train-the-trainer session.; Additional on-boarding including cascade training, development of bespoke modules or APIs or individual infrastructure will be quoted on an individual basis.; The standard offering is a multi-tenanted offering utilised by multiple customers with individual authentication paths to segregate their data. Customers with particularly sensitive data may request an individual bespoke hosting environment (in the cloud hosting environment of their choice) with addition security and defence architecture. MOJ customers already have an accredited multi-tenanted infrastructure in UKCloud Elevated so additional on-boarding infrastructure is quick and cost-effective.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: At the end of the contract customers will be provided with their production data using a CESG certified procedure. The data is extracted from the production system and can be provided in a number of formats including SQL Server, CSV and Excel. If the data is sensitive, we will protect it on a CESG approved encrypted drive that will be securely transported to the customer using a process approved by the customer data owner. Once the data has been extracted the cloud data storage will be erased using CESG approved techniques.
• End-of-contract process: CitiZone is a cloud hosted Software-as-a-Service Product and is charged on a usage basis plus a basic monthly subscription. At the start of the contract each customer is provided with a URL to access CitiZone and their users are set up with valid authentication to access the system. At the end of the contract, after the customer data has been returned, access will be removed and the customer’s databases (including the authentication) will be erased using CESG approved techniques. There is no additional cost to provision of the data extract or termination.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: CitiZone is accessed via browsers on desktop PCs, laptops, tablets, displays detects and adjusts to the display / device in use. CitiZone can be used on a smartphone with appropriate security provision if data is sensitive but the application is optimised for use on desktop PCs, laptops and tablets.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: NEC's applications are built to use modern, lightweight REST/JSON web service interfaces; to best enable open and extensible architectures that can integrate between systems, data mining and application extensions.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: NEC’s utilises modern frameworks and technologies which deliver the basic set of requirements for semantic and accessible UI code. We perform assistive technology testing using ZoomText, JAWS and Dragon Naturally Speaking and ensure we are in compliance of W3C AA Standards for Accessibility.
• API: Yes
• What users can and can't do using the API: CitiZone is designed using a micro-services architecture where discrete functions or services communicate through APIs which facilitates interfacing. CitiZone can integrate with other applications or OGNs (Other Government Networks) to receive standard reference data ensuring consistency. CitiZone can interface with ERP applications to provide data to and receive data from enterprise resource management or with other Case Management or HR Systems. CitiZone APIs are easy to configure and are set up in on-boarding.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Because CitiZone has been developed using a micro-services architecture it is easy to customise. The CM Roadmap is reviewed at bi-annual User Group Meetings and the user community agrees on priorities. Representatives from the User Group also participate in Agile development of the releases ensuring that each enhancement benefits from practitioner input. The Bi-annual releases are included in the SaaS license subscription but individual customers can also request bespoke development. Customer funded bespoke modules are held in individual micro-services only executed for that customer; these enhancements are developed with the customer using the agile methodology, the IP is retained by the customer and source and object code are owned by the customer enabling the customer to exploit the same service in other applications. This is useful for non-CMS APIs, standard services such as internal reference data and also useful for innovative modules developed by a customer that the customer wants to keep confidential.

Scaling

• Independence of resources: Performance on all customer systems is monitored with real-time dashboard displaying utilisation of processor, memory and disk. Automatic alerting provides timely warning or the need to augment resource and new virtualised resource can be implemented before any impact occurs. Network analysis tools display all internal traffic within applications so any constraints building on any system node are anticipated and managed. Customers with particularly sensitive data may opt to operate on dedicated virtual cloud infrastructure for security reasons; regardless of whether running on dedicated or shared infrastructure resources are maintained well above thresholds and monitored to ensure better that SLA performance.

Analytics

• Service usage metrics: Yes
• Metrics types: CitiZone provides detailed usage metrics. The Software-as-a-Service charge is calculated on a combination of a fixed fee per business unit and a variable fee based on usage and customers are provided with the number of user logged-on each day, the number of unique users logged-on (as opposed to someone who takes a break and comes back into the system), number of clients / offenders, the number of open interventions and a history of he completed interventions. Service Desk statistics on incident management and SLA performance are also available to users and to the User Group.

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data at rest is protected according to the solution selected by the customer and the cloud provider capabilities. All cloud providers support as a minimum AES-256 encryption of data. NEC encourage its customers to protect their own data using encryption technologies where they are the sole decryption key owners. In this way, our customers are assured that their data can never be accessed by a third party. NEC own data is encrypted when the service requires it.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CitiZone is designed to provide easy access to data within and outside the application. The micro-services architecture facilitates interfacing through APIs including a standardised CMS interface which passes all attendance and progress data back to the CMS and the potential for customised interfaces with other customer applications. Standard reporting provides comprehensive dashboards and KPI monitoring and users are able to build their own reports and data extracts. Search screens are customisable and the data from any search can be exported to Excel.
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: Alongside deep inspection of protocols (Palo Alto IPS), NEC controls the logical networks that are created atop the physical cloud provider infrastructure. We use defence in depth approach, logically segment networks where possible, configure several firewall layers, IPSs, deep packet inspection and real time security event correlation monitoring.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection within supplier network: As well as using Private network or public sector networks, Palo Alto Firewalls and Segmentation, NEC controls the logical networks that are created atop the physical cloud provider infrastrcuture. We use defence in depth approach, we logically segment networks where possible, configure several firewall layers, IPSs, deep packet inspection and real time security event correlation monitoring.

Availability and resilience

• Guaranteed availability: NEC Guarantees high levels of availability by hand picking cloud providers which promise outstanding uptimes and high levels of accountability in their work. The minimum uptime requirement that we consider acceptable is 99.9%. We strive to ensure that on the rare occasion that downtimes does occur that the root cause of the problem is identify to prevent future occurrences. Our commitment to above and beyond levels of availability help us to ensure the highest levels of end user availability.
• Approach to resilience: Our service relies on the cloud providers capabilities, which are deployed across a number of zones (local replication), sites (datacenter replication) and regions (geo replication) offering various levels of resilience. Each zone is designed to eliminate single points of failure (such as power, network and hardware). By default, a standard service would allocate a VM in a single datacenter. The customer must then decide whether their solution requires further resilience and purchase the corresponding service level from NEC. Load balancing and autofailover are available. Customers are encouraged to ensure their solution spans multiple sites, regions or zones to ensure service continuity should a failure occur.
• Outage reporting: Outages are identified as Planned maintenance, Emergency maintenance, and platform issues. Service outage portals provide end user live feedback on outages allowing the user to know in real time without having to call the NEC support desk to ask one of our expert engineers to launch an investigation into the root cause. Email are also sent out for Planned maintenance, Emergency maintenance, and platform issues. The designated Technical Account Manager will proactively contact customers as appropriate.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
• Access restrictions in management interfaces and support channels: CitiZone is supported by the NEC Service Desk supported by second-line Live Services support and applications support. Access to the live environment is strictly controlled to SC cleared staff on the principle of least privilege. Access is issued by security management to specific individuals for specific tasks for specific periods and controlled through rigorous authentication policies. A full audit trail of all interventions is maintained for forensic purposes.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 07/06/2021; valid until June 2024. Certificate IS 598449.
• What the ISO/IEC 27001 doesn’t cover: The NEC Information Security Management System (ISMS) is registered to ISO 27001:2013 and therefore audited by BSI at least annually. All NEC staff are required to comply with the ISMS.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: NEC has a number of inter-connected governance frameworks in place which control how the company operates and provides its services to customers. The most relevant of these is certification to ISO/IEC27001:2013, the international standard for Information Security Management Systems. Various policies refer to: SPG016P-Acceptable use of NEC resources & assets; SIM009P – User account security instructions and password management; SIM033P-User access control instructions; SPG017P-Physical security procedures; SPG018P-Data handling procedures; SPG019P-Data access procedures; SPG020P Network access procedures; SPG022P-Change management; SPG026P-Incident management; SPG027D- Business and service continuity; SPG032P-Backup procedures; SIM011P – NEC Network Administrator SyOps; SIM039N – NEC Infrastructure Group Policies; SIM020N – Log Monitoring Guide; SPG023P Internal IS Audit Procedures; SPG029P Document Management Procedure; SPG030P Compliance Checking Procedures; SPG036P Software Patching Procedures; SPG037P Hardware Lifecycle Management; SPG038P Software Lifecycle Management; SPG042P Software Development - Testing; SPG045P Agile Software Development Policy; SPG046P Secure Services Engineering; SIM003P Illegal Working checklist; SIM034P Staff Recruitment Checklist; SIM041P Infrastructure Outage Instructions; SIM043P Acceptance into Service Checklist. There are several other Technical server builds, client builds, vulnerability management, firewall controls baselined documents. All policies are covered by NEC review procedure. Policies for critical assets are reviewed six monthly and other are reviewed at least annually.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: NEC fully tracks the status, location and configuration of service components throughout their lifetime to industry best practice. Security considerations are mandatory prior to its submission for review by the Change Advisory Board, including: User service(s), team or location impacted Risk and impact assessed. Identification of the applicable assets involved in the proposed change. Plan for change testing activities and regression testing. Assignment of appropriately qualified resources, in-line with change impact assessment tasks. Changes are only permitted where the above criteria are met, and any potential security issues are identified and properly prepared for.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: NEC has a process to identify threats and vulnerabilities which could have impact on the loss of the confidentiality, integrity or availability of data assets. Information with regard to technical vulnerability is sought from various sources. These include; Regular independent ITHC check, Nessus vulnerability scans and Microsoft windows alerts. Patches are deployed manually and via automated processes. NEC technical services team prioritise the mitigation of vulnerabilities based on its severity. Evidence of vulnerability management is independent validated by ISO 27001 auditors and status of the action taken against vulnerabilities is periodically assessed as part of the ITHC checks.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: NEC G-Cloud services are protected by the NEC Secure Operations Centre (iSOC). The iSOC delivers a full GPG-compliant logging service. ; All application and system logs are reviewed and alerted based on twelve core control areas documented within GPG13. The iSOC team monitors alerts displayed on consoles in the secure area, allowing NEC G-cloud Services to support active monitoring, incident identification and active response and investigative activities. Potential threats are analysed with clear escalation paths to second-level support for specific threats. Evidence of an effective protective monitoring service has been validated, assessed, and certified, multiple times by the MOJ Accreditors.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: NEC has formal policies and procedures for incident management activities to identify, remediate & resolve incidents. NEC’s service desk is ISO27001 accredited and all staff are SC cleared. NEC provides ITIL compliant support for service desk tickets. The Incident Management Process are published within the on-line Customer Portal all provide clear information to customers on what a incident is and how it should be reported to the Service Desk. The Service Desk will provide a triage service for all calls and route them to the NEC Application/Infrastructure Support, or third party Service Desks for incident analysis and resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Fighting climate change:

  Fighting climate change

  NEC has committed to being Net Zero by 2030. We project our carbon emissions will reduce by 50% from our baseline by 2026. ; We have implemented a multitude of initiatives to support this:; • Appointing an Environmental Manager and Environmental Champions.; • Successfully obtaining certification for and implementing ISO14001:2015 Environmental Management System (EMS). ; • Developing a Carbon Reduction Plan, which is published on our website and an Environmental Strategy.; • Maintaining an Environmental Aspect and Impact Register (down to site level) through which to capture elements of our operating practices which could negatively impact the environment.; • Working with government accredited consultants to understand environmental impact and using outputs to inform future improvement activities.; • Collaborative activities to influence customers, supply chain partners and employees.; Specific initiatives applicable to our contract delivery approach include:; • Energy used on the contract will be from green energy sources.; Business travel will reduce where possible through utilisation of technology such as:; • Video conferencing.; • Sharing documents.; • Conference call facilities.; • Working from home/flexible working arrangements.; • Approval controls in place for commercial flights.; • Use of environmentally friendly data centres.; Our Environmental Policy objectives, relevant to the contract include:; • Meeting all relevant legal requirements and monitoring our compliance.; • Minimising our environmental impacts for the life cycle (including disposal) of work equipment and other physical assets under our control.; • Demonstrating efficient use of energy, water, and other natural resources.; • Maximising opportunities to minimise our waste by reusing or recycling waste, where practical.; • Ensuring our supply chain is aware of our environmental policy and our commitment to ensuring its effective implementation.; • Increasing environmental awareness and commitment amongst colleagues through training and briefings.; Continuing to identify opportunities to improve our environmental performance through clear objectives, plans and targets.
• Covid-19 recovery:

  Covid-19 recovery

  Since the emergence of Covid-19 as a global health crisis, we have supported our customers and the local communities they serve to adapt to the challenges posed by the pandemic. As a supplier of software and services to the public sector, this has included rapid development and deployment of software solutions to enable the efficient and effective delivery of new government schemes and changes in legislation, such as provision of Test and Trace Support Payments and new hospitality sector licensing requirements. ; Initiatives we have implemented to support the policy outcomes include:; • Increasing our pre-pandemic workforce numbers through recruitment of an additional 250 UK based roles, many of whom were unemployed following redundancy from other sectors such as hospitality.; • Re-training and redeploying temporarily displaced colleagues rather than imposing redundancies or taking advantage of the furlough scheme.; • Commitment to investing over £400,000 in training and apprenticeships.; • Working collaboratively with customers to introduce new ways of working.; • Delivering community based social value through donations in kind to voluntary sector organisations impacted by the pandemic. ; As part of our response to the pandemic we invested in and introduced several initiatives and workplace adaptations to protect employee health and safety, including:; • Introducing wider use of remote and flexible working, including making additional allowances for those caring for young children.; • Enhancing office safety, including installing sanitising stations, hygiene screens and digital thermometers.; • Increasing the frequency of colleague communications, with a focus on provision of mental health support and reducing the risks of isolation/loneliness.; • Providing all employees with free access to additional specialist resources, including 24x7 counselling and mental health services.
• Tackling economic inequality:

  Tackling economic inequality

  We recognise the expertise, innovation and value that can be gained from having a diverse supply chain and providing all suppliers with a fair and equal opportunity to become suppliers to us and our customers. We operate openly and transparently to enable this collaboration with third-party suppliers including large enterprises, sub-contractors, SMEs, VCSEs, mutuals and social enterprise organisations. ; Additionally, we are committed to nurturing new and existing talent and creating a sustainable learning and development culture, equipping our staff with the appropriate skills, knowledge and processes so the company continues to deliver innovative, industry leading solutions.; Processes and practices we have adopted to tackle economic inequality include:; • Using outcome-based specifications and co-design methods to encourage suppliers, communities, users and third sector organisations to collaborate and propose solutions based upon end user requirements, rather than being prescriptive.; • Advertising supply chain opportunities openly and always operating transparently. ; • Including modules covering anti-bribery and corruption, whistleblowing, equality and diversity in our all-colleague compulsory Annual Compliance Training.; • Having policies and operating practices that support effective supply chain relationships through fair selection and responsible management. For example, only flowing down appropriate contract terms. ; • Paying at least 95% of all invoices within agreed terms and agreeing to reduced payment terms for SMEs and subcontractors.; • Never deducting sums from payments as a charge for remaining on our supplier list. ; • Investing in new jobs and training opportunities through an active Apprenticeship scheme.; • Creating opportunities for career progression and investing in reward and recognition initiatives that support employee retention. ; • Following the foundational principles of the Good Work Plan in respect of employee satisfaction, fair pay, well-being and safety, career progression, voice, and autonomy.; • Having appropriate controls in place to mitigate cyber security risks.
• Equal opportunity:

  Equal opportunity

  We want to be an employer of choice for people of all backgrounds, regardless of sexuality, disability, nationality, race, gender or religion. We are committed to ensuring workers either directly employed or employed within our supply chains are treated fairly, humanely, and equitably.; To encourage a diverse and varied workforce our approach to equal opportunity includes:; • Ensuring job adverts reach a diverse audience, including utilising job sites which encourage interest from disadvantaged and Black, Asian and Minority Ethnic (BAME) groups.; • Inclusive and accessible recruitment practices, supporting candidates with disabilities through provision of supportive technology and/or changes to working practices.; • Collecting, analysing and senior reporting of equality and diversity data obtained during recruitment activities.; • Making appointments on the grounds of selecting the most suitable candidate for the post.; • Gender-neutral role definitions.; • Ensuring policies and employee communications promote respect and equality for all.; Other activities supporting equal opportunity within the workforce include:; • Tackling gender pay gap, through annual audits. Women now comprise over a third of our leadership team, including our Chief Executive. ; • Compliance with Modern Slavery Act 2015 and 9 core principles of Ethical Trading Initiative Base Code.; • Ensuring effective controls are in place to mitigate and manage risks of exploitation within the supply chain, including supplier questionnaires and evidence requirements.; • Provision of appropriate channels for colleagues to have an effective voice, such as our Employee Steering Group.; • Investment in workforce development and training, including an active Apprenticeship and Graduate Recruitment programme.; • No use of zero hours contracts or fire and rehire practices.; • Being a Real Living Wage Employer.; • Flexible working practices.; • Transparent and structured promotion, pay and reward processes.; • Senior level sponsorship at board level supporting and promoting equal opportunity beyond basic statutory requirements.
• Wellbeing:

  Wellbeing

  Physical Fitness and Mental Stability is one of our sustainable development goals.; Our approach to supporting good health and wellbeing which will be applicable to the contract workforce includes:; • Providing employees with free and confidential access to specialist resources 24x7, including counselling and mental health services through our Employee Assistance Programme. ; • Providing private healthcare cover for employees. Cover includes Doctor at Hand service to provide employees with fast and convenient access to advice, assistance and medical treatment, GP appointments anytime and anywhere.; • Maintaining compliance with the six standards of the Mental Health at Work commitment and a dedicated module to promote health and wellbeing as part of our all-colleague compulsory compliance training.; • Accommodating workplace adjustments, such as supportive technology for those with a disability or health condition.; • Encouraging good physical health by providing discounted corporate gym membership over 3,300 participating gyms through our employee GymFlex scheme.; We incorporate national health and wellbeing campaigns within our communications calendar, raising employee awareness and signpost to useful support pathways. Our 2022/23 calendar include raising awareness of the following nationally recognised campaigns:; • Stress Awareness Day.; • Mental Health Awareness week.; • World Menopause Day.; • National Eye Health week.; • World Diabetes Day.; • Stress Awareness Month.; • Suicide Prevention Day.; • Men's Health week.; Within one of our acquired businesses, we have Mental Health First Aiders who have trained to spot signs of mental ill health and provide early support for colleagues who may be developing a mental health issue. ; Supporting employee health and wellbeing is underpinned by clear action plans for improvement and several Human Resources policies, such as our:; • Health and Safety Policy; • Alcohol, Drugs & Solvent Abuse Policy; • Menopause Policy; • Absence Policy ; • Flexible Working Policy; • Gender Reassignment Policy.

Pricing

• Price: £1,200 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@necsws.com. Tell them what format you need. It will help if you say what assistive technology you use.