Fivium Limited

IR Case Manager for the Public Services - FOI, EIR, SAR, DPR and Complaints management

IR Case Manager for Public Services is specifically designed for public bodies with low volume or simple case management needs. Process Freedom of Information requests, Subject Access Request, Complaints, Enquiries & Compliments in one simple and ease to use system.

Features

• Manage Freedom of Information, SAR, Complaints, Correspondence, PQ, Data Breaches
• Comprehensive reporting with real-time dashboard, auto-generated ICO / OSIC reports
• Collaborate: allocate tasks, requests, information gathering and quality assurance
• Personalised workbaskets, enabling users to manage their priorities & deadlines
• Automated case creation from emails
• Comprehensive case search and granular audit trail for every case
• Automated response templates based on case information
• Inbuilt redactor and disclosure log for complete case management
• Government grade security, availability and resilence

Benefits

• Save time and resources through intelligent process automation
• Reassurance guaranteed by preconfigured industry best practice workflows
• Efficiencies driven by process optimisation and workload balancing
• Compliance ensured via comprehensive management reporting and granular case visibility
• Confidence in your responses through measurable quality assurance processes
• Easy to use and intuitive via its user-centric design
• Configured specifically for the needs of cost conscious public bodies
• Best-of-breed technology specifically optimised for public bodies
• Most cost effective correspondence management service available to public bodies
• Assurance through industry leading availability and reliability

£875 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@fivium.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

432571689599673

Contact

Anthony Ashton
0844 7365211
enquiries@fivium.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Community cloud
• Service constraints: None
• System requirements: Any modern web-browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 1 hour during service hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: UK-based service desk providing email and telephone support 08:00 - 18:30. Additional support hours are available on request. We have a managed SLA which we report on monthly.; ; Each customer is assigned both an ITIL service manager and a customer account manager.; ; We encourage a close working relationship with our locally-based support staff. All of our support staff are experienced technicians who have detailed knowledge of eCase and our customers. Our support team is the single point of contact for both software and technical support issues.; ; We’re proud of our record on customer satisfaction and achieved 100% customer satisfaction in our service delivery in a survey undertaken by an external agency that interviewed representatives from all our customers.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ECase has a comprehensive integrated help system. ; The eCase team provide onboarding assistance to customers. ; Classroom training is available as well as desk-side and online/remote training.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data extract is provided securely to the customer.
• End-of-contract process: All user accounts are cancelled. Customer data is provided as a final data extract then permanently removed from the application after confirmation of receipt.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: ECase is a responsive web application designed to work across all screen sizes. All functionality is available on the desktop and mobile service and the layout is optimised for both.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: ECase is browser-based application
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Manual accessibility checking conducted by a team of disabled individuals using a range of adaptive technologies (hardware and software designed to facilitate the use of computers by people with disabilities), this includes:; ; NVDA: screen reader and application used by those who are blind.; ZoomText: a magnification application used by those with low vision.; JAWS: a screen reader used by blind people to access Web pages.; Dragon Naturally Speaking: voice activated software used by those that do not use a conventional input device such as a keyboard or mouse.; Switch Access: used by those with severe mobility impairments to input commands to a computer.; Keyboard Only: some users with mobility impairments have difficulty making precise movements required by pointing devices such as a mouse; therefore a keyboard is used as the exclusive input device.; Readability: Manual checks to assess the suitability of a Web page for those with colour blindness and dyslexia.; Deaf/Hard of hearing: Manual checks to assess the suitability of a web page for those with hearing impairments.; Learning difficulties: Manual checks to assess the suitability of a web page for those with learning difficulties.
• API: Yes
• What users can and can't do using the API: API to create cases, facilitating integration with customer website or contact form. ; API to update case fields; Webhook to notify 3rd party systems of case status; API to download cases from the Houses of Parliament Q&A feed. ; ADFS (SAML) APIs for single sign-on.; Google Suite integration APIs.; Integration with 3rd third party APIs
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Some customisation can be made through the management interface by privileged users. More complex customisation can be carried out through a service request.

Scaling

• Independence of resources: ECase is deployed on a scalable, virtualised infrastructure utilising best of breed application load balancing and proactive monitoring. ; ; Database servers are physically separated.

Analytics

• Service usage metrics: Yes
• Metrics types: Service level performance in line with Service Level Agreement including response times, number of tickets and time to resolution.; Storage usage graphs, security metrics such as failed login attempts, virus detection etc.
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Data can be extracted via spreadsheet (.csv, .xlsx).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 99.9% availability 8am to 6.30pm. This is backed by a comprehensive Support Service Level Agreement
• Approach to resilience: ECase is deployed on a fully resilient infrastructure with failover servers at the primary site. ; ; A geographically separate datacentre provides disaster recovery capability in case of an outage to the primary site. See the eCase service definition for full information.
• Outage reporting: Email alerts and service management updates provided by your dedicated customer service manager.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management functions is restricted to user accounts with the relevant privileges as determined by the customer.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: SSO via SAML 2.0 or OAuth

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 08 September 2023
• What the ISO/IEC 27001 doesn’t cover: Please contact Fivium Ltd for further information on exact scope
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: Independently accredited by government departments

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We maintain a HMG IAS 1&2 compliant RMADS document set and SyOPs which implements the ISO27001 principles. This is independently reviewed by an external CLAS consultancy. An annual IT Health Check is carried out by CHECK registered Pen Test company. Fivium only use UK Government approved datacentres in the UK.; ; Fivium only use UK Government approved datacentres in the UK.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Having worked with the UK public sector for over 15 years we have a comprehensive and rigorous approach to configuration and change management based on our solid ISO27001, ISO9001 and ITIL principles. All source code is managed and version controlled and changes are linked to feature requests or service incidents. Significant changes are run through a three-step internal testing and validation process before being released to a customer test environment.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The eCase environment is proactively enforced with a weekly vulnerability scan which automatically raises any new threats to the security manager. ; ; An annual ITHC penetration test is carried out by CHECK approved third-party. Any vulnerabilities Medium or above are fixed as soon as practicable.; ; The environment is patched on a weekly basis and critical patches are released as soon as practicable.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: ECase is monitored through a series of tools and processes aligned in part with recommendations from CESG document GPG13 (Protective Monitoring for HMG ICT Systems) and, in particular, Protective Monitoring Controls (PMC 1-12). This includes checks on time sources, status of backups and others. Alerts raised are sent to our service desk for prompt investigation following our event management procedures.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Incidents can be raised by customers through the service desk via phone or email. ; ; Any security incident is logged in our security incident register and raised immediately with the security manager.; A serious incident would also be escalated to a company director.; ; We provide regular updates to the customer regarding any on-going security incidents. Following the incident we provide a detailed report to the affected customers.; ; We have defined processes for common events such as account lock outs.; ; Our security policy and procedures are externally reviewed and approved.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fivium is deeply committed to fighting climate change and to achieving Net Zero emissions by the end of March 2030. We have published our Carbon Reduction Plan on our website (see www.fivium.co.uk/about-us/carbonreductionplan for full details). We are also ISO14001 accredited.

  Tackling economic inequality

  Fivium supports training and employment opportunities through the student placement year programme it has run and managed since its incorporation. This programme offers university students, studying computer science undergraduate degrees, the opportunity to spend a year working in industry. Over the course of the programme, these students are provided with the opportunity to learn to develop real world service skills and capabilities, including planning and delivery of cloud migration projects, service security, quality assurance and performance testing, supporting cloud services and training. To date Fivium has supported seventy-seven students with placement positions. Of these seventy-seven students, permanent post-graduation roles were created for thirty-five of them. Twenty-four of these thirty-five are still employed by Fivium. Prior to the Covid-19 pandemic, Fivium had been offering up to four student placement positions each year (all paid well in excess of the National Living Wage); however, this was increased to six in 2020 in order to support more students over this period. As the company grows, Fivium’s directors intend to expand its support for cloud technology training and employment opportunities by expanding it student placement programme in volume and scope, as well as using its resources to help encourage, mentor and teach secondary school pupils in the southeast of England about computer science skills (for an example of such an activity see www.fivium.co.uk/about-us/blog/fiviu).

  Equal opportunity

  Equal opportunity; As a company proud to be an equal opportunity employer, we proactively identify and tackle inequality in employment across our business. Consequently, Fivium has previously published its gender pay gap data on its website (see https://www.fivium.co.uk/about-us/news/fivium-staff-paid-performance-not-gender) and will continue to do so annually. We are also committed to making our business and our services as accessible to all as possible. Therefore, we have invested in a range of accessibility tools that available to anyone who needs them and train our developers to ensure the services they develop meet the highest accessibility standards possible.

  Wellbeing

  Fivium is very focussed on the health and wellbeing of its team, particularly those from disadvantaged or minority backgrounds. As such, we run a comprehensive health and wellbeing programme that includes Simplyhealth and Bupa membership, daily meditation sessions, access to trained Mental Health First Aiders and Wellbeing Ambassadors. Fivium is also deeply committed to breaking down the stigma associated with mental health and so is very proud to have signed up to Mind & Rethink Mental Illness’ Time to Change Employer Pledge in 2019.

Pricing

• Price: £875 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: A free guided walk through of eCase's comprehensive service is available to public services during the Discovery and Qualififcation stage of any engagement
• Link to free trial: https://www.ecase.co.uk/talk-to-us/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at enquiries@fivium.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.