CRB Cunninghams Limited

Fusion Cashless Catering

Hosted cashless catering system to manage the sale of school meals. With over 50 year's of experience in the education sector providing software, hardware, project management, training, installation and support. The system includes free school meals, allergens, overdrafts, biometrics & mifare recognition methods plus much more.

Features

• Cashless Catering for schools
• Identity Management
• School lunch money management
• Real-time comprehensive reporting
• FSM and uiFSM management
• MIS integration
• Encrypted secure database
• Centralisation
• Permission based access
• POS Hardware

Benefits

• Reduce cash brought into schools and the cash handling errors
• Manage allergens and avoid potential health risks
• Manage spend limits
• Enhance the dining-room experience and speed up the catering service
• Accurate management information and improve auditing
• Increase spend in the dining hall
• Integration to many third party systems
• Increase office admin efficiency
• Reduce debt levels
• Make data driven decisions with accurate reporting

£388.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@crbcunninghams.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

427826071894452

Contact

Tracy Scott
03330143065
info@crbcunninghams.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: The hosting environment is anticipated to be available 99.999% of the time, however the service also relies on infrastructure (network and internet access) provided by third parties and/or clients. Details of recovery and availability can be found (including disaster recovery and the methods deployed to maintain a 99.999% uptime) at: https://docs.microsoft.com/enus/azure/security/azure- infrastructure-availability
• System requirements:
  • Infrastructure requirements, such as power, data and internet access
  • An industry standard MIS solution to provide the necessary data
  • On premise server infrastructure if the hosting option not required
  • Windows based workstation PCs for installation of Fusion Back Office

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Call response times depend on the severity of the question raised. Software related remote calls: Critical response time is 30 working minutes Material response time is 2 working hours Minor response time is 8 working hours Hardware related onsite calls: Critical response time is 4 working hours Material response time is 6 working hours Minor response time is 8 working hours Our response times defined within our SLA ensure our support desk are prioritising calls based upon the need of our customers, and the severity of the impact of the reason for the call to our customers service.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: All customers using Fusion Cashless receive identical levels of support. This enables our customers to raise tickets via phone, email, or directly through our website. Tickets logged are then reviewed for their severity, and potential impact to the customer. Once reviewed, assignment to a technician is made to manage the ticket to resolution. If the call relates to a problem with any CRBC supplied hardware, an engineer will be booked to attend site to resolve. For user related enquiries, we do provide remote support enabling connection to the users workstation for visible assistance with their query. All support contracts are renewed annually, with the cost dependent on the hardware, and software supplied to the customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: A project manager will guide the customer through the implementation process.; ; Firstly, the schedule of key dates for implementation is agreed with the customer, including installation, training, and go-live dates. We provide customers with an implementation pack which includes biometric consent letter templates, blank POS layouts and marketing material.; ; Training is provided remotely or on-site, and we record every remote session to share with the customer so they have the means to re-watch any areas of the course they need refreshing on.; ; We attend site for the launch day of the system to ensure all stakeholders are confident to use and complete service.; ; Fusion has a built in manual which is accessible directly via the software.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All reports within Fusion are exportable, allowing admin users to gather any required information prior to the system contract end.; ; For example, a school may need to know the closing school meal balance of their pupils for contract end, and they can either get and extract this information themselves, or CRBC will provide them with assistance to gather this, or any other data required.; ; There is also a dedicated "export" facility within Fusion so that all data can be taken directly from the SQL database when required.
• End-of-contract process: At the end of the contract, all customers will be notified via a reminder approx. 3 months in advance, and offered a contract extension. The extension covers the specified length of new contract (minimum 12 months) and cost for renewal. Renewal of contract enables the customer to continue using Fusion and receive all support benefits offered via our SLA.; ; Notice required to end usage of the system and not renew a contract requires a 60 day notice given. As the contract end date approaches, CRBC will work with the customer to ensure they have all necessary information and data from the system. At the end of the final day of use, CRBC will disconnect all 3rd party links to MIS, and Online payment systems. Customers will still have access to their system, and data for an agreed time following the end of contract.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our Fusion Online pre-order application is designed specifically for mobile phone use.; ; This does not apply to the main Fusion back office application or POS software; ; We do have a mobile app specifically for iPayimpact which can be found in both the Apple App Store, and Google Play Store.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: The API is not publicly available and is used to connect with 3rd party services such as a school MIS system, and our Fusion Cashless Catering system.
• API documentation: No
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Each customer using the hosted version of Fusion is given their own dedicated Azure server, with resource allocation to match the expected load.; ; For example, a MAT with 10 schools centralised is given more resource than a single school to ensure that the system operates as intended without interruptions caused by high load.

Analytics

• Service usage metrics: Yes
• Metrics types: We provide dashboard reports and stats within user logins at an administrative level.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Access to the cloud service environment is restricted as follows:; ; • Dedicated devices are used to access the environment, these are not used for day-to-day work or web browsing.; • Access to these devices is restricted to senior members of the R&D team only.; • These devices are locked down, patched and maintained by our internal IT team.; • These devices are identified by our firewall using the MAC address, and are provided with a separate external IP address.; • The firewall in our hosting environment is configured to refuse access except for the dedicated IP address allocated above.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All reports can be exported into PDF, excel and Word.; ; We have an additional service called Data Factory which allows data to be collated in a central data warehouse for access by the customer.; ; Customers that require other raw data to be exported can do so via assistance from our support desk.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: Direct interface with third party MIS, and online payment providers

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: All data in transit between the Hosted Solution and end user device(s) is provided using a NetTcp interface, which encrypts data being transmitted using Transport Layer Security (TLS). Additionally, the messages being transmitted are encrypted using 256-bit encryption. Data being transmitted within the Hosted Solution is similarly secured and encrypted. Access to third party APIs is typically secured by HTTPS using certificates provided by those services. Access to the Hosted Solution API is provided via a .Net library and is secured by a licence key file, username and password that is managed directly in the Hosted Solution itself.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The hosting environment is anticipated to be available 99.999% of the time, however the service also relies on infrastructure (network and internet access) provided by third parties and/or clients. Details of recovery and availability can be found (including disaster recovery and the methods deployed to maintain a 99.999% uptime) at: https://docs.microsoft.com/enus/azure/security/azure-infrastructure-availability. There is no refund process for users if the guaranteed level of availability is breached.
• Approach to resilience: The hosting environment is anticipated to be available 99.999% of the time, however the service also relies on infrastructure (network and internet access) provided by third parties and/or clients. Details of recovery and availability can be found (including disaster recovery and the methods deployed to maintain a 99.999% uptime) at: https://docs.microsoft.com/enus/azure/security/azure-infrastructure-availability
• Outage reporting: CRB Cunninghams will take the following actions if an outage of the service occurs.; ; 1. Hosted Fusion Team Evaluate the damage; 2. Disaster Management Team Identify the affected clients and applications; 3. Communications Team Inform users and Helpdesk of abnormal service; 4. Hosted Fusion Team Spin up new Virtual Machines and restore from snapshot backups; 5. Hosted Fusion Team Restore Azure SQL Databases from most recent Point in Time backup; 6. Hosted Fusion Team Check and correct configuration of new services; 7. Communications Team Inform clients of new server addresses and process to configure onsite software; 8. Communications Team Inform clients of normal operations

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Permissions and roles are assigned to each administrative user which controls what features can be accessed within the system. Support channels are controlled by identification checks on the person accessing the support channel (Check with TW)
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 30/03/2017
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Claranet Ltd
• PCI DSS accreditation date: 31/05/2023
• What the PCI DSS doesn’t cover: N/a
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CRB Cunninghams follow an IT Security Policy implemented by our parent company Vesta Software Group. The purpose of this IT Security Policy is to establish and maintain a secure and reliable information technology environment within the Vesta Software Group.; ; The information security objectives cover Confidentiality, Integrity, Availability and Compliance.; ; To ensure continued compliance, periodic IT security audits and assessments are be conducted to ensure compliance with this policy and relevant regulations. ; ; Regular IT security training and awareness programs will be provided to all employees to enhance their understanding of security risks and best practices.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Supplied hardware are tagged, with serial numbers recorded in our central CRM system. Changes to hardware are tracked via our work orders, along with any parts consumed. This information is then entered into our CRM system to ensure that we track the removed item, along with the new item provided. Software versions are also recorded in the CRM system, again against the individual schools. Our software source code is stored in our source control system, with new releases made available after they have gone through successful alpha\beta testing. Stack and performance testing, across operating systems and hardware, also takes place.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our R&D team continuously monitor security updates and advice, for hosting environment and resources, development tools and resources utilised to create the software / service, and hardware and software elements used in the software / service This information is provided by the hosting environment provider, development tools and components vendor(s), and hardware vendors. When a vulnerability is identified it is investigated to assess priority, service, timescale and resolution. All changes made to the service(s), including the hosting environment, software or hardware, is changed according to our change release procedures. All changes are fully tested, reviewed and packaged for deployment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CRB Cunninghams and Microsoft Azure hosted services have intrusion detection systems in place. As standard, Cisco firewalls are in place and pro-active monitoring is in place across our dedicated servers. Detection of abnormal activity, including FTP, ping, SMTP, HTTP and POP3 are alerted to CRB Cunninghams via email and SMS. CRB Cunninghams also have our own internal monitoring systems, which alert us to spikes in activity / usage of the system, failed login attempts, performance, backups and other operational actions to allow us to notify clients in advance of them being aware of any issues..
• Incident management type: Supplier-defined controls
• Incident management approach: CRB Cunninghams have pre-defined processes for common events. This defined process is for clients to report security incidents via the helpdesk. General consumers (parents) have access to an email support address. Where a security incident affects all clients/users of our solutions, CRB Cunninghams will notify the named contacts within the clients’ organisations of the issue. For consumers a public announcement is displayed advising of the issue and estimated time for resolution. Prioritising of incidents and timescales are as follows: Critical – within 1 hour Medium – within 3 hours Low – within 1 week

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  Food waste has a detrimental effect on the environment and using innovative solutions to minimise waste will have a positive effect on reducing the effect. Allowing parents and pupils to pre-order their meals mean catering staff can prepare the correct amount of food eliminating the need to waste food which reduces emissions from production, transport and physical waste. Approx £1.2million meals are pre-ordered annually using our solutions across the UK contributing to improving the environment for our and future generations. ; ; We will commit to continually review and survey schools to ensure waste impact is analysed and the product improved/adapted. We will commit to being innovative and keep developing solutions that will positively impact the environment.

  Equal opportunity

  CRB Cunninghams are an Equal Opportunity employer and committed to ensuring a respectful, non-discriminatory or prejudicial relationship with our employees, potential employees, customers, partners, suppliers and the wider community. All staff have undergone Diversity and Equality training. ; ; We are an accredited Equalities Employer. ; ; We are in an enviable position where we have a very low staff turnover which is testament to our employee engagement practices and the fact that we pay better than the market rates for the job roles in our organisation and encourage a healthy work-life balance for all employees. From January 2024 the number of days leave was increased for all staff. We operate an open policy for flexible working and career breaks and staff in roles where it is possible are able to work from home or to work hours to suit their personal needs.; ; All our staff are employed on a salaried basis and paid above the Living Wage. We do not employ hourly paid operatives and we do not operate any zero hours contracts. ; ; CRB Cunninghams have a ‘Talent Development’ Programme which affords every employee the opportunity to get further training and development to enhance their skills and potential within the organisation and beyond, not just in their current role but to be able to feel confident in other roles across departments within our business and across the Jonas Group which operates in 30 countries. ; ; Our recruitment policies and procedures ensure that we have or make available positions which are suitable for the creation of a diverse workforce. All our recruitment policies promote equality of employment and we do not discriminate on the grounds of any diversity. The policies are available to all management and lead supervisory or those with recruiting responsibilities via our HR software or via training/webinars delivered by the HR team.

Pricing

• Price: £388.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@crbcunninghams.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.