MyScan

Service scope

Software add-on or extension: Yes, but can also be used as a standalone service
What software services is the service an extension to: ScanStation
Cloud deployment model: Public cloud
Service constraints: Support does not extend to the hardware that is procured by the service user.
System requirements: A modern browser

User support

Email or online ticketing support: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: No
Support levels: As part of our commitment to provide first class support, our proposals include the provision of “1st Line Support” throughout the life of the solution. This will be a call centre number that customers can phone 24/7/365 to report issues that pertain specifically to the performance of the app only. Detailed response times would be covered in our SLA although they are generally between 2 business hours and 24hrs depending on the severity of the issue, and recovery times of 4-8 business hours - again depending on the severity or the issue. The costs for this support are included in the licence costs. Each deployment comes with a dedicated technical manager to handle support requests, identify the issue and update stakeholders on progress in a timely fashion. Customised, higher levels of support are available on request and costed based on needs.
Support available to third parties: No

Onboarding and offboarding

Getting started: End users are expected to use the service unassisted. Customers are provided with online guidance.

A number of standard service elements may be customised during the onboarding process, including but not limited to: Service areas, evidence types, and metadata fields / Receipt functionality (including optional submission reference codes) / Branding (logos and colours) / Guidance text / Geographical scope (administrative boundaries) of address lookup.

During the initial onboarding phase the service is made available for customer acceptance testing with exclusions for search engines to prevent premature soft-launch of the service.
Service documentation: Yes
Documentation formats: ODF

PDF

Other
Other documentation formats: Google Docs
End-of-contract data extraction: No data is kept on the system
End-of-contract process: At the end of the contract, Looking Local will decommission the service and delete all supporting data from the relevant systems for which it is responsible.

Historical usage data may be provided on request in a machine-readable format prior to deletion.

References to the service may be removed from Looking Local literature and websites.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: N/A
Service interface: Yes
User support accessibility: WCAG 2.1 AA or EN 301 549
Description of service interface: The user-facing service is a dedicated web app accessed via a compatible device (e.g. tablet, mobile) using an intuitive, accessible user interface.

Management information (i.e. reporting) and QR code management is available to customers via a browser using an intuitive, accessible user interface.
Accessibility standards: WCAG 2.1 AA or EN 301 549
Accessibility testing: All solution deployments are tested against WCAG 2.2 AA standards or higher where possible. Some aspects are AAA compliant but we try to achieve a balance between accessibility and browser coverage and have found that AAA compliance sometimes rules out older browsers to the detriment of other users. The solution is tested using an automated testing tool as well as a variety of assistive technology interfaces from Windows Narrator to Jaws.
API: No
Customisation available: Yes
Description of customisation: A number of standard service elements may be customised during the onboarding process, including but not limited to: Service areas, evidence types, and metadata fields / Receipt functionality (including optional submission reference codes) / Branding (logos and colours) / Guidance text / Geographical scope (administrative boundaries) of address lookup.

There are no user customisable areas of the solution

Scaling

Independence of resources: We use load balancing servers.

Analytics

Service usage metrics: Yes
Metrics types: Service metrics are available to customers via a dedicated management console. This covers real-time reporting on scan submissions and pages scanned (by date/service area/evidence type/location), device information, session data, popular service areas and evidence types
Reporting types: Real-time dashboards

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: No
Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest: Other
Other data at rest protection approach: Submitted data is typically relayed to the council in real-time, and not retained on the service.
Data sanitisation process: No
Equipment disposal approach: A third-party destruction service

Data importing and exporting

Data export approach: No data is held on the service
Data export formats: Other
Other data export formats: No data is held on the service
Data import formats: Other
Other data import formats: No data is imported to the service

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)

IPsec or TLS VPN gateway
Data protection within supplier network: Other
Other protection within supplier network: N/A. Data does not reside on our network.

Availability and resilience

Guaranteed availability: The service is provided for end users on a continuous 24-7-365 basis, with no planned maintenance windows. Service upgrades are typically performed without downtime.
Approach to resilience: Resilience information is available on request but built into the solution at the outset.
Outage reporting: The solution is monitored by Uptime Robot and notifies technicians of any outages via SMS notification, email, and API to dedicated Slack channels.

Identity and authentication

User authentication needed: No
Access restrictions in management interfaces and support channels: Not applicable in this case
Access restriction testing frequency: Never
Management access authentication: 2-factor authentication

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: At least 12 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: At least 12 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: Other
Other security governance standards: Cyber Essentials Plus
Information security policies and processes: We have an ethical, legal and professional duty to ensure that the information the solution holds conforms to the principles of confidentiality, integrity and availability. We endeavour to ensure that the information we hold or are responsible for is safeguarded where necessary against inappropriate disclosure; is accurate, timely and attributable; and is available to those who should be able to access it. As such we have our own Information Security Policy in place that covers processes such as Legal & Regulatory Obligations, Information Classification, Compliance, Policy Awareness, Disciplinary Procedures, Incident Handling and Codes of Practice. We have a UK GDPR-compliant Personal Data Breach policy and associated register to document the process for managing and investigating personal data breaches. We ensure these policies are enforced by periodic review of the Information Services Manager.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: We use a change management tracking service called Jira to ensure that any configuration or change management requests are accurately documented, prioritised and carried out in a timely fashion. We use version control to decide whether the change constitutes as step change in the fabric of the solution and carry out regular penetration testing if the change presents a potential security issue.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: We are members of a number of accredited bodies, including the Cyber Security Information Sharing Partnership (CiSP), that share information on new or emerging security issues. Any potential threats presented are assessed for severity either by our CTO or by a third party CHECK or CREST accredited body and acted upon accordingly.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: We give any security related incidents the highest priority. We have monitoring software that detects abnormal activity and provides SMS alerts if unusual patterns of activity are detected. In the event of a potential breach, the situation is assessed for severity and an appropriate response is coordinated immediately.
Incident management type: Supplier-defined controls
Incident management approach: Customers can report incidents via our 24 hour telephone support helpdesk, via our incident reporting software or via email to the Technical Support Manager. Most incidents do fit a common type and have appropriate processes in place to deal with them. Non-common incidents are dealt with on an adhoc basis and followed up with an incident report to the stakeholders depending on the severity

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality

Fighting climate change

MyScan replaces the need for photocopying and offline storage of paper document evidence. Digitizing the end-to-end document evidence process supports authorities trying to go paperless (or reduce their paper-use) as part of their carbon footprint reduction efforts.

Covid-19 recovery

MyScan is a browser-based web app and can be used on multiple device types and browsers so that customers can use ScanStation on their personal device (rather than visiting a customer contact centre). MyScan can be utilised by those shielding from COVID-19 by allowing users to provide their evidence at home, without needing to visit their contact centre. In turn, this reduces queues and improves social distancing and COVID-19 safety measures at councils, without impacting the delivery of council services.

Tackling economic inequality

MyScan is a self-serve solution, modernising the delivery of human-resource intensive and slow processes, such as using traditional scanning or photocopying. This creates significant savings on provision without affecting service outcomes, ensuring that advisors can devote more time to complex and vulnerable cases whilst reducing waiting times.

Councils can use MyScan to support businesses by providing a quick and easy self-service option for citizens to supply evidence for their business rates and other services.

Citizens can use MyScan to provide evidence for a variety of Council services (determined by the customer Council), supporting those who face barriers to employment.

Pricing

Price: £15,000 to £40,000 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

MyScan

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents