Team Netsol Limited

BECS Online Discretionary Payments Application and Assessment Solution

Part of the BECS suite of online services providing self-service that allows for a customer to Get Help, claim for Discretionary Housing Payments and other Welfare payments. Staff can manage claims and assess validity. Integrated with back office systems to automatically deliver effective workflow and streamline services.

Features

  • Intelligent application process ensures correct entitlement is claimed
  • Custom question design with website customisation and branding
  • Optimised question process based on customer circumstances
  • Customer self-service, or authenticated assisted use by trusted representatives
  • Completed application is generated for review and assessment
  • Integrates with all main local authority EDMS (Document Management) systems
  • Save and return, change your answers, review information before submission
  • Real-time reporting of claims and assessments
  • Export of claims for payment processing through back office systems
  • Secure online data capture using any modern browser

Benefits

  • Quick, simple and easy to use for customer and LA
  • Assists decision making to ensure funds are allocated appropriately
  • Eradicate paper forms and reduce follow-on correspondence
  • Increase the quality and consistency of data captured from customers
  • Full access to MIS and reporting of claims and assessments
  • Channel shift from subject matter experts to Customer Service
  • Speed up processing and aim for same-day service
  • Claims can be made for DHP or other welfare services
  • Transparency of claims and review of applications within assessment module
  • Improves channel shift and digital transformation

Pricing

£0.03 to £0.03 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at damianlewis@teamnetsol.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

4 3 4 1 9 4 3 3 2 7 5 3 4 7 4

Contact

Team Netsol Limited Damian Lewis
Telephone: 01618348342
Email: damianlewis@teamnetsol.com

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
An out-of-hours planned maintenance window is reserved for security patching and infrastructure upgrades once every 7 days. Buyers are notified in advance if a reserved window is to be used and end-users are notified before and during maintenance to minimise disruption.
System requirements
  • Users must have a modern, secure desktop/mobile Web browser
  • Back office integration requires secure reverse proxy or VPN connection
  • Back office integration requires the appropriate APIs from system suppliers

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times apply Mon-Fri 9am-5pm excluding UK public holidays:

Critical - 1 hour response
High - 4 hour response
Medium (default) - 8 hour response
Low - 1 day response
Cosmetic - 1 day response

Out-of-hours monitoring of support requests is performed and response times then apply from the next available work day, unless a Critical issue is alerted that requires our business continuity call tree to be activated in which case response will be as soon as feasible.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Team Netsol is committed to providing excellent support for its services. We operate an ITIL-like Kanban issue resolution process that triages issues based upon their scale and impact:

Critical - Service unavailable or many users affected - Resolution within 1 day
High - Parts of service unavailable but still functional - Resolution within 1 week
Medium - Low number of users affected but still functional - Fix available for UAT within 1 month
Low - Minor issue with available workaround - UAT of fix within 3 months
Cosmetic - UAT of fix within 3 months

Customers log issues with our help desk via a dedicated email address or phone and are issued with a ‘Support Ticket’ which is visible to Support engineers.

Outside of standard help desk hours, there is monitoring of support requests and an emergency call tree process in place.

Bug fixes, security patches and issue resolution are included in the annual price. Customer Change Requests are subject to assessment to identify whether there is an associated cost that then needs to be approved by the customer.

We provide technical account management via our Support & Implementation Manager, escalated to our Product Manager and Infrastructure Manager as appropriate.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Installation and implementation are included within the pricing.

The implementation phase is documented and project planned with the buyer. This includes configuration of the system to the buyer's requirements, integration with their back office systems, secure connectivity, customised branding, and localisation of the rulesbase and text content.

A UAT instance of the system is provided to the buyer for further customisation and optimisation prior to deployment to Live production.

Onsite or Web-based training is included, depending on the buyer's preference. Training materials and reference guides are provided to the buyer for reference and wider distribution within their organisation.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • MS Excel
  • MS Word
End-of-contract data extraction
Data is generally transferred to the buyer's back office systems in real-time or batched within 1 day, depending on preference.

Partially completed data that reaches its data retention lifetime is securely deleted automatically from production systems.

Any partially completed, un-transferred data or generated documents that exist when the contract ends are transferred securely to the buyer in an encrypted compressed archive prior to secure deletion of all buyer data from our servers.
End-of-contract process
When the contract ends, the secure connection to the buyer's back office systems is terminated, and certificates and user accounts revoked. Buyer data is securely deleted within 30 days.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
No functional difference. Responsive design enables the service to be used conveniently on mobile devices.
Service interface
No
User support accessibility
WCAG 2.1 AA or EN 301 549
API
No
Customisation available
Yes
Description of customisation
BECS services may be customised as follows:

- Styling and branding customised in accordance with corporate guidelines where possible.
- Buyer-specific content may be changed.
- Policy schemes are localisable.
- EDMS document indexing is customisable
- Supporting evidence requirements are localisable
- Custom management reports can be added
- Administrative user accounts can be self-managed by the Buyer

Buyers localise and customise the services during the implementation phase by working through the agreed implementation plan.

After go-live, customisation is handled as part of normal support or as a Change Request, depending on the nature and scale of the customisation.

All customisation is performed by Team Netsol's staff on behalf of the buyer and is released to production systems once UAT has been performed by the buyer and approval given to proceed.

Scaling

Independence of resources
The system is vertically and horizontally scaled with ample capacity for a significant increase in use by individual or all customers, well above the peak processing periods normally experienced.

Several shared system components, e.g. storage, databases, etc. are configured for high availability and sized with future demand in mind.

Each system instance is re-sizeable and isolated from the resources of other instances.

Monitoring and alerting facilitates pre-emptive action by support staff when an instance's available resources fall below the acceptable threshold.

Resource availability is reviewed weekly during Infrastructure Team meetings and planned accordingly.

Analytics

Service usage metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
End-users may export their data in PDF or HTML format using the in-built facilities in the system. Requests under the DPA 2018 for migration of data in other formats will be handled in accordance with, and within the timescales described by, the law.

Authorised buyer staff with the appropriate permissions may use the system's administrative features to export individual records of data in PDF or HTML format. Management information is also available to them for export in PDF, CSV and Excel formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • XML
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
We are assured to Cyber Essentials Plus and implement data pseudonymisation and strong encryption of data and filesystems.

Network access is restricted by client device digital certificates and we implement daily revokation of user privileges requiring our authorised technical staff to seek daily approval to access infrastructure resources.

We operate an ISO 27001 compliant ISMS and have strict Data Protection, Confidentiality, and Information Classification and Handling policies in place.

Availability and resilience

Guaranteed availability
SLA for service availability is 99.9% and for packet delivery is 99%.

Service Level Credit is calculated as: (Annual Price x Outage Minutes) x SLA% / (365 x 24 x 60)

Service Level Credits must be requested within 5 days of an outage and are subject to a monthly maximum.
Approach to resilience
Team Netsol's services are designed to be resilient. Further details are available to interested buyers on request.
Outage reporting
Email, SMS and private Twitter alerts are sent to Team Netsol engineers for any sub-optimal events or incidents.

Outage reporting to customers is performed by email by our support staff to designated contacts once an event is confirmed by our engineers as an outage or another significant incident that affects customers.

Identity and authentication

User authentication needed
No
Access restrictions in management interfaces and support channels
End-users, e.g. citizens, are not required to authenticate with the data capture services, but may authenticate via the system or a buyer-supplied customer portal in order to retrieve previously saved information.

Authorised buyer staff may access administrative features via a secure interface which requires authentication. Access to administrative interfaces is restricted by IP address where required by the buyer.

Authentication complies with NCSC guidelines and is protected against brute-force, dictionary and replay attacks. User activity is logged for audit purposes.

Only designated buyer contacts may request support and administrative password resets are never performed via email or to unknown callers.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
Yes
Any other security certifications
ISO 27001 accreditation in progress

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Team Netsol's Information Security Management System is compliant with ISO 27001.

Team Netsol is currently working with its CREST-approved security advisors to finalise its ISO 27001 accreditation in 2019.

Team Netsol is Cyber Essentials Plus accredited across all its operations and services, certificate no. 9878133970059378

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Team Netsol's policies and procedures are compliant with ISO 27001 standards and are available for inspection on request.

Team Netsol implements a risk management approach to security and any system changes are assessed for risks, known threats and vulnerabilities.

We implement a Secure Development Policy which includes OWASP guidelines, SOLID and DRY principles for code development.

We have firm change management procedures and use Scrum for new development and Kanban for ongoing support and implementation, supported by industry-standard tools for issue tracking, configuration management and deployment.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Team Netsol's policies and procedures are detailed in our ISO 27001 compliant ISMS.

All security patches are deployed within 14 days of notification, in accordance with Cyber Essentials Plus guidelines.

Threat management is operated via a mix of automated facilities from our infrastructure vendors, our own research of security bulletins and weekly review of CVE databases.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Team Netsol's protective monitoring approach is described in its ISMS policies and procedures which may be inspected on request.

Potential compromises are assessed as a critical priority and any actual breach will be reported in line with the Data Protection Act 2018 and the Information Commissioner's Office guidelines.

Incidents are responded to within the timescales determined by our ISMS based on their scale and impact.
Incident management type
Supplier-defined controls
Incident management approach
Team Netsol's incident management processes are described in its ISMS policies and procedures which are compliant with ISO 27001 standards and may be inspected upon request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

We operate our services from datacentres that conform to environmental impact reduction standards ISO 14001 and ISO 50001. Our operations are primarily electronic in nature, with little to no paper or consumable waste. Any waste generated is recycled by an accredited recycling company in the UK.
Covid-19 recovery

Covid-19 recovery

During lockdown we supported our employees with financial help, homeworking equipment, accredited online training and pastoral support. We employed a young apprentice and two undergraduate work placement students during lockdown as part of our commitment to delivering social value to our local community. Post-lockdown, we have obtained flexible co-working office space to support part-time homeworkers. Our Workplace Representative continues to provide a forum for employees and access to emotional, psychological and financial assistance. We have provided access for employees to fully-funded Degree Apprenticeships to enhance their Personal Development Plans and continue to support their career development through regular training workshops and courses.
Tackling economic inequality

Tackling economic inequality

We provide formal Workplace Representation and encourage Union membership to ensure a confidential channel for reporting issues and advocating on behalf of employees for better fair pay conditions. Employees have Personal Development Plans which we empower by providing formal training, access to fully-funded education and regular reviews. We maintain an inclusive working environment supported by our Equality Policy and perform BPSS checks to help identify potential cases of Modern Slavery within our recruitment process, and checks within our supply chain. We provide generous full-pay during interruptions due to ill health and family emergencies or bereavement. We also openly encourage employees to reveal any financial difficulties that they face so that we can identify how we can help.
Equal opportunity

Equal opportunity

We maintain an Equal Opportunities Policy and have a zero-tolerance approach to harassment, abuse or violence targeted at, or by, any of our employees. We have a diverse, multi-cultural workforce and expect high standards of professionalism within the workplace, in our communications and when dealing with customers and suppliers.
Wellbeing

Wellbeing

We maintain formal Workplace Representation for employees which includes wellbeing as part of their pastoral care. We fund both ergonomic equipment for physical health and professional wellbeing training for employees. This includes "mental health" days off on request, flexible working hours and a high spec co-working space to combat homeworker loneliness.

Pricing

Price
£0.03 to £0.03 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at damianlewis@teamnetsol.com. Tell them what format you need. It will help if you say what assistive technology you use.