Bromcom Computers Plc

Bromcom MAT Enterprise

Bromcom is a cloud-based MAT MIS that provides a powerful suite of administration, analysis and communication tools for all phases and types of school. In addition to the essentials, Bromcom includes a parent portal, clubs/trips management and student/parent/teacher apps. It answers all your Multi-Academy Trust needs in one intuitive interface.

Features

• Intuitive Analytics dashboards include Custom, Lesson, Attendance, Behaviour and Insight
• Record both summative and formative assessments, then analyse performance
• Efficient attendance registration via any device, including mobiles and tablets
• The Parent Portal provides a wide range of real-time information
• Collect, monitor and analyse behavioural events with automated outcomes
• Staff/Parent/Pupil messaging system with automatic and manual messaging functions
• Extensive built-in reports alongside a powerful ad-hoc report writer
• Automate reports, behaviour procedures, group assignment and much more
• Direct links to Power BI, design and present custom dashboards
• Google, Microsoft and third-party integration via our secure API

Benefits

• Get a clear picture of school performance with powerful analytics
• Easily identify trends and act before they become an issue
• Save money by reducing your reliance on third-party bolt-ons
• Access and record information from anywhere on any device
• Flexible assessment allows you to track how you see fit
• Engage with parents by providing real-time feedback and notifications
• Our intuitive interface helps to reduce training overheads
• Bring all functionality into one place, with one simple interface
• Save hours by administrating clubs, trips and wraparound care online
• Say goodbye to technical issues with a 24/7 Cloud-Based MIS

£6 a unit a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@bromcom.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

373787345597107

Contact

Sales Office
020 8290 7171
tenders@bromcom.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: The service is subject to planned maintenance, which is scheduled outside of normal UK school operational hours. Users are always given advance noticed of planned maintenance.
• System requirements:
  • Web browser: Chrome, Internet Explorer, Edge and Safari supported.
  • Microsoft Word (or compatible) for web merge reporting
  • Microsoft Excel subject to Excel integration requirements
  • Microsoft Power Bi account subject to BI integration requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on the type and priority of the ticket our response targets are between one hour and 16 working days. Incidents (such as software bugs) are treated with a higher priority than service requests (such as queries about how the software works) and in turn have a faster response and resolution target.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Bromcom uses a Microsoft product for our web chat service. This supports European accessibility standards and prioritises accessibility by design. Bromcom has also piloted the software with a range of users as part of the rollout and the evaluation criteria includes an accessibility review for assistive technology users.
• Onsite support: Yes, at extra cost
• Support levels: Costs are in the service pricing document, which shows the standard range of services offered. ; ; Typically, Bromcom provides a SupportDesk service covering 1st, 2nd and 3rd line support and these are included in the costs contained in the pricing document. Bromcom has a standard SLA to cover support service levels based on ticket type (incident or service request) and priority.; ; All staff working on Bromcom’s SupportDesk are both product and technically trained helpdesk engineers and our aim is to resolve the majority of calls on first contact. Bromcom can also adapt the support function if the customer wishes to take on aspects of the support themselves; Multi Academy Trusts, Federations and Local Authorities may wish to take on the 1st line and 2nd line support for all or parts of the solution. Bromcom can provide specialist training and accreditation services to support third parties with this and can support integration of the respective service desks to ensure efficient escalation channels.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A Project Manager is appointed to manage the on-boarding process from start to finish in consultation with the school to make a smooth transition. Bromcom provides a comprehensive data migration service that is the best of its kind to ensure a simple and quick data transfer, with direct data extraction from SIMS, CMIS and RM Integris, with CTF and CSVs used from other systems. SIMS.net users can carry out their own migration with our bespoke software to further reduce cost. Training is provided using a test migration of the school's own data and the System Manager is guided on which aspects of the service can be configured to their school’s needs, although a fully usable default configuration applicable to the school phase/type is provided. Typically the process of migration and training from account creation to ‘Go Live’ takes between 5 days to two weeks. Bromcom also provides transitional support in the form of daily phone calls during the first two weeks after the go-live date.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers can export any data at any time using built in functions, and therefore can extract data prior to the contract end. ; ; At the end of the contract, the school’s SQL database is offered in its entirety to the User. The data will be placed on an encrypted backup set held on a portable medium [DVD or similar] and then made available for User collection from Bromcom HQ in Bromley, Kent, subject to 24 hours’ prior notice or uploaded to a secure location of the school's choosing. The password will be supplied separately.
• End-of-contract process: Customers can export any data at any time and therefore can export data manually prior to contract termination. Also, the school will be offered free of additional charge, a copy of their school’s SQL database, which will be placed on an encrypted backup set held on a portable medium [DVD or similar] and made available for collection from Bromcom's UK Headquarters. The school account is decommissioned on expiry of the contract and no further access is available. The MIS data including any saved documents will be securely deleted from the cloud service no later than 30 days following the expiry of the contract or sooner at the customer’s request. Data backups taken before the contract expiry will continue to hold a copy of the school’s data until 30 days have passed, at which point a data backup copy will no longer be available. Should a database restoration be requested after contract termination (only possible within the 30 day limit), an additional charge will be made to cover costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Certain web pages render according to screen size and having a touch interface or a keyboard.; ; HTML5 utilised by the application.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Bromcom MIS has a modular structure, with modules accessed via a menu system, a global search function and favourite links. In addition our online help, knowledge base, and "walk throughs" guides step users though accessing key features. Each module has a consistent, visual layout, showing the available processes, maintenance and reporting options. ; ; In the event of incident reporting, registered users can log and monitor tickets via our user website.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: We test the service with web accessibility evaluation tools to help assistive technologies.; ; The service does not need a mouse and is accessible using a keyboard.; ; The service is compatible with the range of accessibility tools including magnify, zoom, high contrast, text to speech as well as functioning with third party accessibility tools such as JAWS™ and Naturally Speaking by Dragon.; ; Accessibility features such as size re-rendering are routinely tested with each release.; ; The service does not use sound.; ; Clickable buttons change colour when they are hovered over; ; The service provides mouse-over tool tips that help understanding and navigation.; ; Greyscale colour does not obscure the display.; ; Favourites can be set up for ease of access.; ; Service web page URLs reflect the function being accessed as a visual aid and can be used as shortcuts outside of the service. Login security is maintained however the service is accessed - if a user links to a page and is not yet logged in, they first be required to log in before being taken to the specified page.
• API: Yes
• What users can and can't do using the API: Bromcom’s API is a secure web service that supports automatic data transfer with third party systems. This is a free to use option (for read access) with a free support programme for any third party wishing to integrate with the Bromcom MIS. The API scope covers all data items and is subject to access permission. Only successfully authenticated connections can retrieve data. These connection accounts are set up and administered by the buyer (school), permitting them to retain control over their data. All data transfers are encrypted using HTTPS connections. Read only access is standard. Users wishing to write back data should contact Bromcom for details.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Buyers (schools) can adjust the menu of options used, add the school logo, set the rules for user authentication, adjust report templates and where used, assessment tracking schemes and behaviour/reward schemes. Usable defaults are provided. These are adjusted by the administrator level user(s) of the buyer (school).; ; Users can further customise their dashboard, search tools, quick menu, favourite shortcuts and selections.; ; Customisation is carried out using the supplied service web pages to suitably authenticated users.

Scaling

• Independence of resources: The service is designed to provide the stated services under all normal load conditions, including peak loading. Various load monitors are running 24/7 to log service loading and alerts provide service administration and management staff with weekly notice of performance and immediate notice of any exceptions outside of defined boundaries. The service capacity is increased in steps according to the customer number increase, although additional dynamic resource allocation is being built to provide further on demand allocation. Load balancing is used to distribute the load.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide users with the following metrics via our support site:; ; Service uptime status,; Number calls raised, opened, and closed,; ; We can supply reports that provide you with the following information:; % of calls responded to within the SLA,; % of calls resolved within the SLA,; A call break-down by product and priority.; ; Automated reports can also be setup and e-mailed; an example being calls raised this week and outstanding calls.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Aside from school MIS specific exports such as census and examination entries, the Bromcom MIS provides functionality to export data at the core of the service. All the provided reports utilise a standard toolbar that enables users to export any report. In addition, the included ad-hoc report designer also uses the standard toolbar and therefore enables users to select any data items from the system to export. A number of other facilities built into the system provide export data functions. An Excel add-in also enables live data to be securely and efficiently extracted from the MIS.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel 97-2003
  • Excel Worksheet
  • Powerpoint Presentation
  • RTF
  • Web Archive
  • Word Document
  • XPS Document
  • TIFF file
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • EDI

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We aim to provide customers with 99.95% availability between core schools hours, 8am to 5pm and 98% at off peak times. These figures do not include downtime for planned maintenance and upgrades. Customers are informed 5 days in advance of any planned work. In the event of a serious service failure we provide service credits.
• Approach to resilience: The service is hosted by Microsoft Azure on a Tier III platform with Tier IV physical infrastructure that offers 99.95% uptime service levels. Further information about the physical security of the data centres, geo-redundancy and other aspects of our resilience planning are available on request.
• Outage reporting: We provide a service status dashboard, which is available through our support site along with e-mail notifications to customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: This can be configured to request in addition to password, random characters from a user entered memorable word. Password and random character rules are defined by the school's MIS administrator. IP and time restrictions can also be associated to user accounts.
• Access restrictions in management interfaces and support channels: Only successfully authenticated users have access to management interfaces and online support channels. Telephone support channels also require the successful completion of a verbal authentication procedure before support will be given.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 17 April 2020
• What the ISO/IEC 27001 doesn’t cover: Nothing, it covers all areas of the service.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 20/6/2017
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Nothing, it covers all areas of the service.
• PCI certification: Yes
• Who accredited the PCI DSS certification: URM (Ultima Risk Management)
• PCI DSS accreditation date: 22/08/2016
• What the PCI DSS doesn’t cover: Our PCI DSS scope is the support domain which is where all support to clients is conducted and all client information is held and accessed. This domain has extremely stringent security controls applied to it.
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Data Security Policy,; Personal Data Security Policy,; Safe guarding Policy,; Data Protection Policy,; Business Continuity Management,; Computer and e-mail acceptable use policy,; Internet acceptable use policy,; Password protection policy,; Clean desk policy,; Physical security practices policy (e.g. building).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Policies are in place to regulate the creation, testing, implementation and retirement of each component of the service. Beta environments are used in which tests are carried out on the internal performance of new components and their interaction with the main service. ; Multiple stakeholders are involved in the change process as users generate requests and they are considered from the perspective of utility, feasibility and security. The purpose, scope and responsible engineer of each change is logged, so an audit trail is available. After beta testing a separate risk analysis is conducted to consider any unforeseen impact on the service.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: To maintain a secure network patches are reviewed within four hours of release then classified as emergency, critical, non-critical or non-applicable. Emergency patches are deployed within eight hours, while other applicable patches are applied within five days. The IT Manager undertakes a continuing process of vulnerability monitoring, identifying threats through daily scans of the network for known attacks and vulnerabilities and review of external sites, including ncsc.gov.uk and those of all vendors whose software operates within the network. All networked devices have current anti-virus software and vulnerability through human action/error is minimised by data security training for all staff.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Security at the border of the network is maintained through account locking at the third unsuccessful login attempt and the (optional) restriction of acceptable IP addresses for roles or users. Users with appropriate access can schedule an activity log to be generated to identify unusual patterns of access or activity. When data breaches are identified a defined process is followed and the incident is tagged as a breach for purposes of audit so that system integrity can be restored as quickly as possible. Data Breach Incidents are of critical priority and are resolved within three days.
• Incident management type: Supplier-defined controls
• Incident management approach: All incidents are logged and strictly dealt with following pre-defined processes. Faults are identified, quickly isolated and a potential work around determined. If no workaround is possible, or the incident is deemed to have too great an impact on system operation then the recovery phase of the Change management processes returns the system to its prior state within SLA timeframes. In the event that a work around is available, this will be distributed to all system users and work on a permanent solution will be undertaken via Problem Management. Customers have online access to review the status of their incidents.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: London Grid for Learning (Atomwide)

Social Value

• Fighting climate change:

  Fighting climate change

  Bromcom acknowledges the threat posed by pollution and climate change and is reinforcing and extending its efforts to reduce its impact on the environment. This includes reviewing the policies and commitments of our suppliers. Our commitment strives to continuously improve our environmental performance and integrate recognised environmental management best practices into our business operations. To reduce our consumption of resources and improve the efficient use of those resources. To measure and take action to reduce the carbon footprint of our business activities to meet our published objectives and targets. To manage waste generated from our business operations according to the principles of reduction, re-use and recycling. To manage our business operations to prevent pollution. To give due consideration to environmental issues and energy performance in the acquisition, design, refurbishment, location and use of buildings. To ensure environmental, including climate change, criteria are considered in the procurement of goods and services. To comply at a minimum with all relevant environmental legislation as well as other environmental requirements to which the firm subscribes. To meet our commitments, we will set and monitor key objectives and targets for managing our environmental performance at least annually. Communicate internally and externally our environmental policy and performance on a regular basis and encourage feedback. Communicate the importance of environmental issues to our people. Work together with our people/employees, service partners, suppliers, landlords and their agents to promote improved environmental performance. Promote appropriate consideration of sustainability and environmental issues in the services we provide to our clients. Review our environmental policy regularly and publish guidance to reinforce these objectives.
• Covid-19 recovery:

  Covid-19 recovery

  Currently the government has removed the health and safety requirements to explicitly consider COVID-19 in any risk assessment in the workplace. At Bromcom we look after all our employees, and we follow existing Health and Safety policies in place to ensure that we offer a clean and well-ventilated work environment. We have continued to offer the ability for staff to work remotely when their role allows it, which is also supported by our environmental policy. We support staff identified as contracting COVID-19. We work to regularly review our own policies in line with government guidelines to provide a healthy and positive working environment as we leave the pandemic.
• Tackling economic inequality:

  Tackling economic inequality

  The focus on social purpose is forefront in the minds of all at Bromcom. Bromcom is committed to tackling economic inequality across all aspects of the company, improving education and training, and to use opportunities such as expanding its business and creating new employment to help reduce inequality. Our business is also directly involved in developing services that complement the strategies of our customers and the government to identify and tackle inequality by better supporting children in their education. Bromcom wants to ensure that it is doing what it can to help lower the unequal distribution of income and opportunity between different groups in society.
• Equal opportunity:

  Equal opportunity

  Bromcom is an equal opportunity employer and is committed to a policy of treating all its employees and job applicants equally. Bromcom will avoid unlawful discrimination in all aspects of employment including recruitment and selection, promotion, transfer, opportunities for training, pay and benefits, other terms of employment, discipline, selection for redundancy and dismissal. It is the policy of the Bromcom to take all reasonable steps to employ and promote employees based on their abilities and qualifications without regard to age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race (including colour, nationality and ethnic or national origins), religion or belief, sex and/or sexual orientation. Bromcom will appoint, train, develop and promote based on merit and ability alone. Bromcom regularly monitor the effects of selection decisions and personnel practices and procedures to assess whether equal opportunity is being achieved. This will also involve considering any possible indirectly discriminatory effects of its standard working practices. If changes are required, the Bromcom will implement them. Bromcom will also make reasonable adjustments to its standard working practices to overcome substantial disadvantages caused by disability.
• Wellbeing:

  Wellbeing

  At Bromcom we want to ensure that our environment and ethos is geared to encouraging vitality, a healthy quality of life, and a positive working environment in which people thrive. As we grow as a company, we begin to become proactive in our approach to wellbeing, so employees can gain awareness, education, and support to be the best they can be when functioning both at work and at home, we want to ensure that any factors that would negatively impact their health are limited if not eradicated to provide a balanced wellbeing culture.

Pricing

• Price: £6 a unit a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Limited access trial accounts are available following service demonstration and a review of requirements with the MAT. Trial accounts are on a shared sample database and usually limited to one week of access, on a first come, first serve basis. Test migration option to trial service operating with familiar data.
• Link to free trial: https://cloudmis.bromcom.com

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@bromcom.com. Tell them what format you need. It will help if you say what assistive technology you use.