Fortesium Ltd

Continuous Professional Development (CPD): Submission & Assessment Management Portal

As requirements on regulators become more onerous, we are always looking for ways to pre-empt issues. This provides a powerful/comprehensive tool with dynamic dashboards for regulators to collect data and assess their users.

Simple, automated selection/assessment processes, including dealing with missed-thresholds and reassessment and portals for users, admin and assessors.

Features

• Flexible Portfolio Durations
• Wide-ranging Cycles
• Clear Threshold Criteria
• Date-driven Interactions
• Variable Measurement Units
• Integrates with Fitness to Practice to provide real-time risk data
• Powerful BI including management dashboards
• Easily configurable CPD portals for admin, users and assessors
• onsite or Cloud based
• Easily interface with 3rd parties including Sage, Mailchimp, Go Cardless

Benefits

• Allows regulator to focus on their statutory obligations
• Subject matter expertise – unique understanding of worldwide regulation
• Quantifiable savings in time ,effort to manage your Registrants
• Easily configurable functionality to manage future changes
• Digital services for your key customers - members/registrants, employers, public/patients
• integrated payment functionality allowing for credit cards or direct debit
• Cutting edge technology, built on the Microsoft stack of products
• Proven >1,000,000 current users ( inc. Nursing and Midwifery Council)
• Easy integration with your existing systems (legacy systems)
• Device agnostic, latest accessibility levels met

£0.30 to £15.60 a user a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian.khan@fortesium.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

396180701733527

Contact

julian khan
0203 397 3712
julian.khan@fortesium.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Our service can interface with backend legacy systems, Microsoft Dynamic CRM, SAGE accounting, direct debit payments (Go Cardless, Paypoint) and credit card payments
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Our solution is based on the latest Microsoft stack products. Regulator Online can be hosted in the Cloud or In-House.
• System requirements:
  • Hosting ROL in Azure will meet the key system requirments
  • ROL includes a licence for NServiceBus messaging service
  • ROL uses Sendgrid to manage email processing

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLA ; Classification Description SLA for solution identification ; Critical (P1) Prevents core part of system from working, there is no workaround 1 hour response fix within 8 working hours ; Major (P2) there is a difficult workaround 4 hours response fix within 24 working hours ; Minor (P3) there is an easy workaround 8 hours response fix within 32 working hours ; Trivial (P4) there is no need for a work around 12 hours response fix within 48; ; Email response within 2 hours daily 9am-5pm, Month-Friday
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Web chat testing was undertaken by a recognised 3rd party
• Onsite support: Onsite support
• Support levels: SLA ; Classification Description SLA for solution identification ; Critical (P1) Prevents core part of system from working, there is no workaround 1 hour response fix within 8 working hours ; Major (P2) there is a difficult workaround 4 hours response fix within 24 working hours ; Minor (P3) there is an easy workaround 8 hours response fix within 32 working hours ; Trivial (P4) there is no need for a work around 12 hours response fix within 48
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide a range of training either online or onsite. Our goal is to ensure every user understands the maximum potential of the system
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is stored in a Microsoft Sql Server database. Data extraction can be undertaken using backups or saving the raw data to another database or medium.
• End-of-contract process: At the end of the contract the client is able to extract part or all of the data from the database.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Completely device agnostic - all web pages have been written with Bootstrap an industry standard tool that allows for the page to be clearly displayed on a range of mobile devices
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Using a product called NServiceBus our product, RegulatorOnline has the ability to provide additional, easy to implement services.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Service is currently used by the Nursing and Midwifery Council to process 2million messages per month
• API: Yes
• What users can and can't do using the API: Using the API the user can offer their clients a range of different secure data features including searching for a Registrants, their qualifications, registrants status, Fitness to Practice sanctions
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our Regulator Online portals for Registration, Fitness to Practice, CPD are all high configurable and customisable. This is not just branding and logos but data capture forms, workflows, email templates can easily be modified without additional effort from Fortesium

Scaling

• Independence of resources: We recommend using a Cloud based hosting solution such as Azure. In this case we work with our clients to ensure the platform is configured for maximum efficiency. On the case where there maybe a surge in resources required, as in the case of Annual Retention, then the Cloud resources can in increased accordingly.

Analytics

• Service usage metrics: Yes
• Metrics types: Metrics are provided by Azure dashboards
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Microsoft Sql Server provides a range of feature to allow the exporting of data. In addition we use Microsoft PowerBI reports to allow users to collate and view the information they require before extraction
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • Another Sql Server database
  • Another database that can be connected to SQL Server
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: As our product is hosted on Azure the guaranteed availability is inline with that provided by Azure.
• Approach to resilience: We use Microsoft Azure for all hosting purposes. The service can be as resilient as required
• Outage reporting: Public dashboard, email alerts, API's

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Industry standard access restrictions will be applied to interfaces and support channels
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: Fortesium is working towards ISO 27001 accreditation.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All components are version controlled and versioned to allow change tracking.; ; Regular reviews are performed with upcoming changes for early identification and resolution of any security issues.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As solution is deployed to Microsoft Azure Platform, we follow recommendations from Azure Security Center on performing vulnerability assessments on any Azure virtual machines, container images, and SQL servers deployed in the solution.; ; Patches are deployed automatically by Microsoft within this platform following Azure best practices.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Azure Security Center identifies potential compromises within the ROL platform. Key ROL team support members are automatically alerted if a potential compromise is identified.; ; Upon receiving an alert Fortesium investigates the issue and puts into action our software and services incident response plan.; ; Continuous monitoring means that the team are kept up to date with any ongoing incident and are responses to these can be triaged into our standard support SLAs based on severity.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: A pre-defined set of questions assist with incident management and the triage process. ; ; Depending upon the severity of the issue (and the SLA agreements in place), there are various channels available to report an issue - the most common being via the support email address. For P1 issues it is advised to also reach out directly to the support team when raising a ticket.; ; Weekly stats are provided back to all customers to show overall system health. Quarterly reports can also be produced depending upon the level of assurance purchased.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Our workforce is hugely invested in fighting climate change and even as an SME we have an Environmental Policy available to view on our website or available on request.; ; As a team we have used the catalyst of Covid to agree to no longer have the climate overhead of a central office, of daily commuting, preferring working from home as our standard operating method.; ; This policy has the effect of limiting almost all of our variable climate overhead to almost zero. Nevertheless we are still looking for other ways to go further including some of the fastest technologies around to limit processing times and associated energy footprints.
• Covid-19 recovery:

  Covid-19 recovery

  Software development, support and IT in general are high-growth and medium to high-skill industries attractive to younger people and those seeking to change careers. ; ; Although we are an SME, at Fortesium we run the Fortesium Academy - primarily aimed at new graduates (of any age) or those with new coding skills, firstly bringing them into our Support Team to learn our product and development processes and how to work with Clients; then into our Development Team proper as their skills progress. Thus far we have had two entrants successfully go through our programme and are now doubling our entry numbers in 2022 as we grow.; ; All of our team are able to combine working from home with occasional visits to a central site to work together and learn from each other as well as to socialise. Since lockdown we no longer have our own office space, rather a contract with a space provider to rent space on an ad-hoc basis as we require. We fully expect a hybrid approach to be the future of the business.
• Tackling economic inequality:

  Tackling economic inequality

  Even as an SME, at Fortesium our staff complement is incredibly diverse including the economic backgrounds of the team. We do not discriminate against anyone on the basis of their background. ; ; We seek to grow our business by bringing new recruits through our Fortesium Academy programme where we look for people who have recently acquired coding/developing skills and train them firstly as Support Staff and then into our Development Team. All we look for is some base knowledge and passion for the industry. Given that we can help anyone learn and develop to have a career in programming.
• Equal opportunity:

  Equal opportunity

  Even as an SME, at Fortesium our staff complement is incredibly diverse including the economic backgrounds of the team. We do not discriminate against anyone on the basis of their background. ; ; We seek to grow our business by bringing new recruits through our Fortesium Academy programme where we look for people who have recently acquired coding/developing skills and train them firstly as Support Staff and then into our Development Team. All we look for is some base knowledge and passion for the industry. Given that we can help anyone learn and develop to have a career in programming.; ; We have a Modern Slavery Policy which is fully enacted and available on request or from our website.
• Wellbeing:

  Wellbeing

  As an SME we well know that having staff off sick can be hugely disruptive, particulalry when this is avoidable with good people management and hence we take a proactive approach to workplace wellbeing on the basis it is good for our employees and good for business.; ; We recognise that promoting and improving staff health & wellbeing can help:; ; Reduce sickness absence and staff turnover; Increase productivity and improve our bottom line; Motivate and engage our employees; Foster an open & inclusive working environment ; ; As a part of our programme we check in with each employee every single morning to see how they are managing, we ensure that meet ups are regular to destress, and that online meetings have social content and opportunities to collaborate and ensure no one person feels they are 'on their own' in solving a problem.; ; We are also developing an employee options scheme (for roll-out 2022) to ensure ALL our team are benefiting from our successes and feel invested and a part of the company.

Pricing

• Price: £0.30 to £15.60 a user a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at julian.khan@fortesium.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.