GatenbySanderson Ltd

GatenbySanderson Online Peak Team Performance Diagnostic

Online tool to enable executive / senior teams to anonymously review performance against the five conditions of an effective top team including; team purpose, composition, trust, accountability and agility Outputs challenge/support existing top teams to fast-track organisational change or new team formation to reach optimum performance.

Features

• Assess team dynamics against five conditions for Peak Team Performance
• Anonymised views: trust, role clarity, agility, skills and strategic alignment
• Outputs provide aggregate view and baseline for team development priorities
• Consultant conducts a set up interview with the CEO/team leader
• Output report accompanied by CEO/team leader consultation and 2hr de-brief
• Small customisations available. Standard or tailored real-time reporting options
• Branding options available with video content where required
• Fully managed service: all administration activities undertaken by us
• Automated reminders to individuals and their reviewers
• High browser compatibility - tablet and mobile responsive / friendly

Benefits

• Helps top team fast-track optimal performance/ organisational success
• Embeds self-review and feedback at executive/top team level
• Surfaces unspoken views through safe forum, providing feedback ‘voice’
• Outputs allows team to understand strengths, agree development priorities
• Improves quality of dialogue/interaction between members of senior team
• Option: combine with psychometrics/360 to further examine team dynamics
• Mobile access 24/7 allows individuals to complete in own time
• Initial feedback to CEO/team leader allowing input before team cascade
• Optional team coaching and development offered

£100 a person

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@gatenbysanderson.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

366669872846692

Contact

Charlotte Jourdon
07530 578920
tenders@gatenbysanderson.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: We keep service down-time to a minimum. If we need to schedule server maintenance, we display a prominent banner on all our websites, advising of maintenance for a minimum of 24 hours prior, and schedule maintenance for out-of-hours (generally after 11pm). We plan ahead to ensure we identify timeframes that avoid or minimise client or user disruption.
• System requirements: A modern web-browser with javascript enabled

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 9 to 5.30 (UK time), Monday to Friday, within a few days, typically within 24 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We can offer a varied level of support depending upon the client requirements. This could relate to configuration options, customisation requirements or assistance relating to execution of activity. We provide a technical account manager and prices will be a cost per hour basis, dependent upon the seniority of personnel required.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An account and project coordinator are assigned to each new client project. The project plan will include the process for launch. Configuration requires limited input from the client. The platform is intuitive and no training is needed to complete the questionnaire; telephone and email support is available if additional support is required. The outputs are presented to the group in a 2 hour debrief session to explore the results. Post launch, the account team are available to answer any questions or provide support to ensure successful implementation of the system.
• Service documentation: No
• End-of-contract data extraction: At the end of any contract, we can provide CSV files of relevant data. Where individual data is required to be deleted, we retain anonymous, aggregate data for reporting purposes.
• End-of-contract process: At the end of the contract, we remove user access to the system and can provide CSV data as required, as well as a copy of any website content. All data will be anonymised after 4 years, and can be anonymised sooner on request.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Uses a responsive-html design that scales and re-layouts the design for mobile and tablet users.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Additionally, at an extra cost, clients can request additional functionality or customisation to match the specific needs of their process. Custom reports are also available for data that needs to be presented in a particular format. ; ; Different levels of service support are also offered.

Scaling

• Independence of resources: We review each project to gauge expected load and determine whether separate server(s) are required or whether a shared server is more cost effective for the client. We routinely monitor the performance of server(s) and take appropriate action to negate any potential disruption.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide information on completion rates at agreed intervals / as requested.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data submitted by participants and contributors can only be accessed and/or modified by themselves or within our administration system (requiring a username and password). Passwords are encrypted with bcrypt hashing; Other data is not encrypted due to reporting and analytics requirements. The RDS is encrypted at rest
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Participant data can be exported as CSV files.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service commitment is 99.9% during standard office hours. If we fail to reach this level, we would consider the impact upon the client business and agree an appropriate level of compensation.
• Approach to resilience: Daily backups of the RDS are taken daily and retained for 30 days. Our deployment process is also automated so in the event of failure we are able to restore environments in a short period of time. Our service is also monitored to detect any suspicious activity or high traffic volumes.
• Outage reporting: For any outages, we would promptly contact affected clients by telephone or email (depending on time and severity). Public notification would be via our twitter account, and if possible our website(s). ; ; Once an outage has been resolved we will investigate the cause and provide an explanation of what happened, with a timeline, and what changes we will be making to avoid a similar outage in future.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We have a separate internal administration system, currently this is username/password based (with password strength enforced with 'zxcvbn'). Some parts of the system currently require a signed client-side certificate to view.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 25/10/2022
• What the ISO/IEC 27001 doesn’t cover: A.14.2.7 Outsourced Development
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials + Certified

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus Certified; ISO27001 and ISO27701
• Information security policies and processes: We have Data Protection and Data Security Policies that form part of each employee's formal induction process as well as maintaining an ongoing risk register. We formally record when induction modules are complete. Additionally, we communicate any ongoing requirements to protect ourselves from vulnerabilities. This includes reminders about the use and care of laptops and mobiles also the importance of password security. More formally, colleagues are warned of the potential disciplinary action of failing to adhere to these policies and procedures which could result in the termination of employment. As soon as colleagues leave the business, we terminate access rights and delete accounts. All admin pages and logins are via HTTPS and we use HSTS and public-key-pinning to protect and warn users against attempted man-in-the-middle attacks/insecure internet connections.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests and bug reports are directed to defined product owners who evaluate, prioritise and document changes adding them to product backlogs, which are then scheduled into the development cycle.; ; Code is versioned and branched in a git repository, following the Git-Flow practice of feature branches pull-requested into a develop branch, and releases performed on the master branch. Merges into develop and master branches (and deployment to servers) are restricted to the head of development. Testing is performed on the developers' own machines (using virtual machines) and on a staging server before deployment to live servers.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We pro-actively gather information on potential threats from email subscriptions to http://cve.mitre.org & https://www.us-cert.gov/ncas/alerts , along with regular checks of https://www.reddit.com/r/netsec.; ; New alerts are assessed for whether they affect us, For deployment we automatically apply patches to servers on a regular basis to resolve any exploits. If there is a way of mitigating against them (eg rewrite-rules, config changes) we will apply protection to the servers ourselves asap. We will then audit servers to confirm that the exploit had not been used against us.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: In terms of our web server, AWS provide us with the monitoring capabilities to monitor access to the servers and inform us immediately if they see any suspicious behaviour. We routinely audit server logins and server errors to identify suspicious behaviour. We are registered with relevant news sites/forums that quickly identify vulnerabilities. We have a fast action response where the Head of Development will allocate and oversee resource to close off any vulnerabilities.
• Incident management type: Supplier-defined controls
• Incident management approach: Users report incidents via phone & email and these are forwarded directly to the Development team.; ; We deploy the Development team to investigate incidents, exploits or areas of vulnerability and whether a breach has occurred. Vulnerabilities are closed. We have a central breach register, which documents a formal communications plan to inform individuals, organisations and regulators of the potential compromise. ; ; Breaches of security are formally reported at Board Level and documented in monthly board reports. Remedial action required is agreed and executed within specific timeframes. Learnings are documented and any change to best practice implemented.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Being fully online, our tool supports paperless working and lowered carbon emissions as no travel is involved. As an organisation, GatenbySanderson is committed to minimising any negative effects that our business and facilities may have on the environment. We have our own Carbon Reduction Plan in place, and other initiatives include: ; ; Online client reporting (rather than paper-based) and reduced fees to those clients who use this method. ; ; Video conferencing to significantly reduce internal travel. ; ; Movement sensitive lights in meeting rooms and within our main office areas. ; ; Recycling of paper, cardboard plastic and tin. ; ; Our company policy is for staff to use public transport wherever possible. Our offices are purposely close to major railway stations.

  Covid-19 recovery

  Our tool can be incorporated into Covid-19 recovery plans, as it is fully secure online and remote delivery, providing all users with ease of access no matter their shielding status, caring arrangements, or working pattern.

  Tackling economic inequality

  GatenbySanderson works exclusively within the public sector and our purpose is to ‘help shape a better society’ through our work at local level to bring the best talent into communities. Many of our roles revolve around economic development, enterprise and social cohesion and we are experts in these areas. As an advisory business, we have a small number of suppliers and aim, wherever possible, to use local ethical businesses based close to our offices. We conduct due diligence on our supply chain and are compliant with the Modern Slavery Act. As an organisation, we recognise the importance of data security and risk management to supply chain security, and are Cyber Essentials + Certified (ISO27001 and ISO27701), with all colleagues at GS receiving significant training on cyber safety and using two-factor authentication. ; ; Each member of staff can utilise two working days to participate in community causes. We also promote opportunities centrally to encourage staff to make full use of these opportunities, and as an organisation we select a ‘charity of the year’ to fundraise for. We encourage colleagues to volunteer at local schools, running mock interviews, to support student development and prepare them for HE or life after school, no matter their background.

  Equal opportunity

  GS is a diverse and inclusive organisation, with an extensive programme of diversity training across the organisation, spearheaded by a dedicated Head of Diversity and Inclusion. We are proud to be a Disability Champion, signed up to the Halo Code and Race at Work Charter, and with four thriving affinity groups: Women, Race, LGBT+, and Disability. Each group have their own Chairs and Exec Sponsors, along with frequent collaboration with HR and Marketing to support and engage the wider GS community and advise on our policies and processes. Our level of engagement across the organisation through a number of forums has aided us in achieving our GOLD Investors in People Award. ; ; Though fully online, this does not mean that those with less technological experience are at a disadvantage using our tools, as our friendly and knowledgeable project co-ordination team have significant experience troubleshooting and walking users through the process if needed. We similarly have experience in advising on reasonable adjustments as and when required.

  Wellbeing

  Our Peak Team Performance process supports the wellbeing of top teams and the organisation itself, by providing a specific and focused method of identifying key challenges, frustrations and blockers to successful performance and supporting the team to identify ways to address these. This can allow for significant culture change to cascade in the organisation. Again, we can provide guidance to completing this process that ensures all feedback is constructive and delivered in the appropriate manner, with the growth of and wellbeing of individuals and the team as a whole as paramount.

Pricing

• Price: £100 a person
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@gatenbysanderson.com. Tell them what format you need. It will help if you say what assistive technology you use.