Abavus - Blue Badge
Our Blue Badge capability enables local authorities to fully manage all Blue Badge processes digitally from a single system. (i) Badge applications, renewals, appeals, payments, and cancellations; (ii) badge reviews and query resolution by staff; (iii) reporting a lost, stolen, or fraudulent badge; (iv) reporting a change of circumstances
Features
- Full Blue Badge contract lifecycle management
- Automation opportunities for reminders, renewals, cancellations
- Setup and configuration of sophisticated validation processes
- Ability to integrate into third party systems
- Full range of payment processes enabled
- Blue Badge reporting & analytics
- Blue Badge applications for individuals, groups, and organisations
- Book mobility assessments for completion on a mobile device
Benefits
- Fully integrated contracts module
- Save money compared to traditional line of business solutions
- Rapid to implement with pre-made forms and easy data migration
- Portal enables applicants to self-serve (e.g. track applications)
Pricing
£5,000 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
3 8 1 5 3 9 7 1 7 2 6 1 0 6 6
Contact
Abavus.co.uk
Darren Bird
Telephone: 0208 530 2505
Email: info@abavus.co.uk
Service scope
- Software add-on or extension
- Yes, but can also be used as a standalone service
- What software services is the service an extension to
- This component forms part of our complete Abavus My Council Services digital platform. It can be used standalone or used in conjunction with some or all of our other Abavus modules.
- Cloud deployment model
- Private cloud
- Service constraints
- The Service is intended to be available 24 hours a day, 7 days a week except for: (a) any planned downtime which includes monthly maintenance every Saturday between the hours of 3:00a.m. GMT to 5:00a.m GMT, (b) emergency maintenance if deemed necessary and (c) down time caused by an event of force majeure. Abavus will use commercially reasonable efforts to notify Customers a minimum of seven (7) days in advance of downtime planned for a Standard Maintenance Window.
- System requirements
-
- Supported browser is the only requirement
- Microsoft Edge, Firefox, Chrome, Safari, Opera and mobile versions
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Within maximum of 4 hours. Standard support terms do not include weekends. Weekend and out of hours support available by separate negotiation with Abavus Ltd.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AA or EN 301 549
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- Full range of support is provided as part of the annual subscription to the hosted products. Any non standard support requirements are agreed through separate negotiation with the client. All clients have access to a technical account manager.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Abavus provides a comprehensive onboarding service for every client. This includes but is not limited to the following aspects and deliverables: Mutually agreed project plan that will vary in detail and complexity based on the size and scope of the project. An agreed delivery of onsite training with accompanying training aids to support ongoing learning. Access to remote screen casting troubleshooting sessions and configuration support with a qualified technical account manager. Access to our standard support service via telephone, email and online ticketing capability. An onboarding project would also typically include some element of onsite consulting delivery to assist with any aspect of process review, platform configuration and technical configuration as required. Onsite consulting delivery is a separately chargeable service and would be agreed in advance with the client.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- All contracts with our clients clearly state that the data held in the hosted instance belongs to the client. Abavus Ltd is registered with the Information Commissioners Office (ICO) as a data processor. As a standard part of the platform, tools exist that allow clients to extract their data in flat file format at any time during their contract period.
- End-of-contract process
- At the end of a contract period, if a client does not wish to continue with use of the service, the secure instance of the service for that client will be inaccessible. We will have worked with the client prior to this to ensure they have retrieved any required data from the platform. Once the client has retrieved any data from the platform, the instance will be deleted and the data will also be deleted (unless subject to any legal requirement to maintain data, securely archived, for any period of time).
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Equivalent user experience between desktop browsers and their mobile versions. We also provide native mobile applications running on iOS and Android for Smartphones and Tablets.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- Full Graphical User Interface is provided for all aspects of the platform
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- We routinely test our platform accessibility using assistive technology (e.g. text-to-speech). We also support client testing with their own users of assistive technology.
- API
- Yes
- What users can and can't do using the API
- Clients can use the API to poll the My Council Services database at regular intervals and to securely extract data relating to Service Requests, Tasks or Cases in order that it is available to third-party systems. Web APIs can include SOAP, WSDL, JSON, XML. Internal web services are RESTful. The My Council Services web services API is controlled in terms of security and access.
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- All areas of the platform can be customised to the individual client's preferences using configuration-based tools. These configuration tools cover most user-facing areas of the product from form design through to themes, colours, workflow and rules for automation. Access to the entire platform is governed via Role Based Access Control (RBAC). Individual roles can be configured by the client with differing levels of privilege that allow for increased or decreased configuration capability.
Scaling
- Independence of resources
- Our technical infrastructure is made up of a tenanted solution designed to scale system resources dynamically based on demand. This is achieved through specific cloud-based services and configuration that automatically adjusts system resources required in response to real-time usage. Load balancing distributes incoming traffic across multiple areas to maintain speed and reliability. Failover systems reduce service interruptions, so if one component fails another can take over to maintain service continuity. Continuous monitoring of system performance identifies issues for resolution before they impact users.
Analytics
- Service usage metrics
- Yes
- Metrics types
- My Council Services offers a useful array of real-time platform usage metrics. These include but are not limited to the following: Service Request dashboard (tabular, chart and map-based reports). Customer usage reports (tabular, chart and map/geographical boundary-based reports). Detailed analytics (configurable reports on detailed service request, task and case management data).
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- ITouchVision Ltd.
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- Clients (UK Public Sector organisations) can extract their data from the platform at any time in a flat file format (e.g. CSV). Where a client instance is integrated to any third party application via web services, specific ranges of data will be extracted to separate database applications at a frequency that can be set by the client (e.g. every 15 or 30 minutes).
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Contractually assured availability with the following clause: Availability. The Service is intended to be available 24 hours a day, 7 days a week except for: (a) any planned downtime which includes monthly maintenance every Saturday between the hours of 3:00a.m. GMT to 5:00a.m GMT, (b) emergency maintenance if deemed necessary and (c) down time caused by an event of force majeure. Abavus will use commercially reasonable efforts to notify Customer seven (7) days in advance of downtime planned for a Standard Maintenance Window.
- Approach to resilience
- The following measures are in place to ensure resilience of the platform: Firewall - Database never exposed beyond internal firewall Penetration Testing - Regular penetration tests are performed at least every 20 days. Any relevant outcomes are immediately evaluated and acted upon Source code encryption - Encrypted binary source code deployed to app preventing reverse engineering from hackers SSL - Secure Sockets Layer (SSL) used for all communication & Web services Private Key Encryption - Private key shared between app & server to encrypt data packets. Our DR suite can be operational by way of a failover and will support all core services. System is clustered for High Availability & Load Balancing. Clustering at DB layer & Application server layer. More detailed security and resilience information is available upon request.
- Outage reporting
- Any disruption to service or outage is automatically picked up by the My Council Services 'Pulse Checker' capability. This monitors performance of the core platform and monitors the activity between My Council Services and any third party system integration. The occurrence of any out of tolerance event that has the potential to disrupt service delivery will be picked up by the My Council Services 'Pulse Monitor' service. This service runs 24/7 and monitors both core platform performance and the activity levels of any integration points between My Council Services and third party applications. Any disruption to service, beyond defined tolerance levels, will trigger an email alert and phone call to key authorised, technical personnel. In turn, once any disruptive event is identified, notifications are triggered to the Abavus Technical Account Management team who will liaise with clients to advise.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- Anonymous user access to customer-facing elements is available upon request.
- Access restrictions in management interfaces and support channels
- My Council Services is equipped with comprehensive Role Based Access Control (RBAC). RBAC allows for the configuration of highly detailed access and login privileges. RBAC will effectively govern which individual users can access management interfaces and / or support channels. RBAC governs both a user’s ability to access areas of functionality and also a user’s ability to access specific data fields.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
- Industry Standard SSL Extended Validation incorporating company and financial checks.
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
-
Security governance is given the highest priority and there is an appointed board member who has a portfolio that includes the assurance of fit for purpose security governance protocols.
The Abavus Business Continuity, Disaster Recovery and Security Governance Plan is regularly reviewed to ensure its accuracy and is updated accordingly. The plan describes procedures to be performed in the event of different types of event, which could affect the core operations of the business. - Information security policies and processes
- Abavus has a full range of documented security policies and associated processes that enable the business to ensure effective security. These include the following: Incident management processes. Security incident definition (published internally). Personnel security checks and employment checks. Secure development policies. Supply chain security check and review. Third party supplier risk assessment. General risk assessment.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- There is a well-documented process and methodology that is in place to help the organisation manage the process of change and development in relation to the My Council Services platform. Within specific client projects and implementations there may be bespoke changes and developments that form part of the wider project delivery. In this context change management is a mutually agreed and documented process. Changes that have an effect on product functionality will be subject to the same process as listed below. Any planned changes are subject to change impact assessment. Development. Link Testing. User Acceptance Testing. Demonstration. Pre-Production. Production.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- There is a well tested and documented set of processes that enables Abavus to adequately manage potential and perceived vulnerability. These include: Vulnerability assessment. Vulnerability monitoring. Vulnerability mitigation prioritisation. Vulnerability tracking. Vulnerability mitigation timescales.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Protective monitoring covers how both the vendor is enabled to identify potential compromises and how the vendor enables users to identify and make the vendor aware of potential compromises. Specific processes that monitor for vulnerabilities: Firewall - Full audit data captured and prioritised. Penetration Testing - Penetration tests are performed at least every 20 days. Any relevant outcomes are immediately evaluated and acted upon. Best practice measures are in place and regular testing is conducted after every version upgrade to protect against SQL injection. Full audit information captured and prioritised. All identified vulnerabilities are prioritised and immediate action is taken.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Abavus has documented incident management policies and associated processes that enable the business to ensure effective identification and management of any qualifying occurrence. These include the following: Incident management processes. Incident definition (published internally). Third party supplier risk assessment & incident identification. General risk assessment.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
Fighting climate change
4.1. My Council Services delivers additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions. Our fully digital solution negates the usage of paper, ink, and other physical items required to deliver services. Our Mobile Working and Route Optimisation solution enables workers to conduct work in the most efficient way possible to reduce travel time, distance, fuel consumption, and resulting carbon emissions. Our Bin Sensor technology ensures there is no ambiguity regarding whether bins need emptying, ensuring that workers only visit and route bins that require emptying rather than having to check each individual bin. Cost savings generated through adoption of this digital technology through efficiency can be re-directed towards green initiatives (e.g. purchasing all-electric or hybrid vehicles), compounding environmental benefits further.Covid-19 recovery
1.2. My Council Services supports people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding. The solution is cloud-based and therefore individuals have the ability to transact fully online with their local authority. This ensures that there is no degradation in the service offered to these individuals in order that they can be shielded and protected within the community.
1.3. My Council Services supports local authorities to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. Specifically, again as a cloud-based system, workers are able to perform their duties from home or a place of safety without needing to be office-based. This protects both the health of workers and also their employment status by being able to perform their full duties in safety from any location with an internet connection, in accordance with their specific needs.
1.5. My Council Services enables improvements to workplace conditions that support the COVID- 19 recovery effort including effective social distancing, remote working, and sustainable travel solutions. For local authorities, our solution offers the ability and flexibility to enable staff to deliver the full range of services remotely. Consequently, this flexibility not only supports social distancing, but also sustainable travel. It also opens up opportunities for individuals to work remotely who may live in deprived areas, opening up job opportunities across the country.
Pricing
- Price
- £5,000 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Trial episodes can be arranged with the supplier