Capita Business Services Limited

Software - University Planning (Capita)

Capita University Planning Solutions is a suite of 5-modules to help Universities plan university activity in a standardised/secure fashion. The suite contains Student Number Planning, Staff-Planning, Estates-Planning, Research-Planning and Finance-Planning. The different modules can be procured individually/in-combinations, in an integrated solution. The solution can be deployed on premise/in the cloud.

Features

• Effectively manage student types to accurately predict student numbers/requisite resources
• Introduces standardisation and rigour to the planning process
• Automate/streamline the planning process, removing manual management of spreadsheets
• Enables versions of the plan to be retained, using snapshots
• Automate the workflow and approval process
• Near-real-time scenario-planning; models how changes to student-numbers affect departments/budgets
• Better integrate strategic objectives with operational and financial plans
• Regulate the timely delivery of plans and forecasts
• Greater data accuracy/creates “single-version of truth” improving collaboration/output

Benefits

• Standardisation of the planning process between faculties, schools and departments
• Reduction in data collection time and automation of workflow
• See impact on the plan immediately with real-time data input
• Allows University to see change-impact immediately using “what-if” scenario planning.
• Saves time, effort and money across the whole planning process.

£20,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at engagewithus@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

463697375337006

Contact

Capita Business Services Ltd
08702407341
engagewithus@capita.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: See full terms and conditions for any platform restraints
• System requirements: Access to internet via web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Capita online support desk system supports logging and tracking of service requests through its web browser-based customer interface. Customers can create service requests based on priority, product/solution type, status and customer contact. The process of capturing important details relating to the service request is done via a web form interface and gives the customer the ability to add and update the request. Customers can also raise urgent issue via email or our dedicated support phone number.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Refer to service description.
• Onsite support: Yes, at extra cost
• Support levels: We provide support levels based on four severity levels: 1-4. A critical call would attract a 30 minute response with a non-critical call attracting a four hour response. We provide our support plan for this service as standard with no additional costs within standard operating hours. We provide a client engagement manager to all clients who subscribe to the platform to ensure we provide a consistent service throughout the term of the contract.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Yes, initial training provided as part of the implementation package.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: It is the responsibility of the University to ensure a final backup is taken if required.
• End-of-contract process: User access is terminated at contract end in the case of a SaaS installation unless the service is renewed for an additional period. On Premise licences are bought in perpetuity, and will remain available for use. If the customer requires ongoing support and maintenance, an additional period will need to be bought.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Refer to service description.
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Refer to service description.
• API: Yes
• What users can and can't do using the API: Each model will have a unique port for API communication to go through. API is technically available to any user who has been granted appropriate access. API can be used to control/update objects, read/write data, run processes/chores etc. Planning Analytics Workspace (a main user interface) communicates to the Planning Analytics database solely through rest API.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Any user with a modeler licence and has been granted Admin privileges to the model has full control over the model. What any other user can customise is controlled through security within the model which may be updated by any modeler (admin) user. Some tools/functionality are restricted depending on the type of licence that has been assigned to the user. Any modelers should be made aware of this to ensure you remain audit compliant.

Scaling

• Independence of resources: Underlying cloud infrastructure is designed to meet scalability and resilience requirements to ensure no impact as above.

Analytics

• Service usage metrics: Yes
• Metrics types: All admin users will have access to a monitoring console which can be used to view memory/disk usage and what threads are running in the model. Admin users will also have access to logs which contain what processes have been run and by whom. Other metrics could be provided but would need designing.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: IBM Planning Analytics toolset to develop Planning Solutions.

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Built in functions allow this requirement to be met.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Excel
• Data import formats: Other
• Other data import formats: To be defined and agreed by CBSL

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Standard availability of the service runs at 99.5%. No service credits are available if this is not met. Further details available on request if necessary.
• Approach to resilience: On Premise deployments subject to clients own resilience arrangements. IBM resilience arrangements would apply for SaaS deployments.
• Outage reporting: Users are contacted via phone and/or email regarding any outages in a SaaS deployment.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: If the solution is cloud based, all communication is secured via HTTPS and access to web interfaces/rest API is limited to only users whom have been granted access. IBM would provision RDP clients for any admin users and direct access to file shares would be limited to those with credentials issued via IBM's welcome back.; If the solution is local, access may be restricted to a select number of ports and can be configured for HTTP or HTTPS communication. Access could also be limited to only permitted IP Addresses.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau - UCAS
• ISO/IEC 27001 accreditation date: 03/06/2020
• What the ISO/IEC 27001 doesn’t cover: Further information is available on request regarding ISO27001 certification
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All policies are available on request. As a minimum we meet ISO27001-2013.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: The ITIL v 4 Change and Release Management Process is used to manage all changes. A ticket is raised in the SysAid Service Desk tool for each task to allow tracking services, license renewals, patch updates. An expiry date is set against each ticket to ensure timely testing through the lesser environments, Dev, UAT is conducted. Change Request forms must be completed by the SME who will implement the change, and this must detail each step of the change process. This must be accompanied by a release flight plan to be present to CAB for review and approval.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: As part of Vulnerability management, the processes are Patch management, File Integrity Monitoring, Internal Scanning using the Qualys tool, and PEN testing. If any threats are recognised patch deploys are implemented immediately if a high-level threat is recognised and progressed via the eCAB process. If the threat level is medium to low level the CR will be progressed via the Change and Release process. Information of potential threats are received via Capita Cyber, AWS notifications, Azure updates, code forums and cyber security updates forums.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Protective monitoring is conducted on all devices via McAfee virus and Malware scanning. File Integrity Monitoring is conducted as part of the security practices to verify the integrity of the operating systems and applications files to detect if any tampering or security attempts. Any incident in regard to security, virus or malware attack is raised as a P1 and has immediate continuous effort to resolve. If changes are required to resolve hot fixes will be applied and the eCAB process implemented.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: ITIL v Incident Management process is used to manage all incidents. The client will raise an incident ticket via the SD Portal and receive an automated response containing a unique ticket ID. The ticket is tagged with a status, priority scale between 1 – 4, and category and is escalated to the relevant team for progress. Incidents report for P3 and P4 issues are reported on the ticket. P1 and P2 incidents have a Root Cause Analysis provided detailing the resolution steps, root cause analysis and recommendations to prevent any future occurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  We are committed to promoting diversity/ensuring nobody discriminates against individuals/groups under the Equality Act 2010. Promoting equality/inclusion is essential to being a responsible business/creating better outcomes for all. ; We have demonstrated our commitment to disability inclusion by signing up to the Disability Confident Scheme. Our personal independence business, which supports with disability through our work for DWP, has implemented measures across recruitment, working arrangements and employee training, to become a disability confident leader.; We have sustainable representation of ethnic diversity reflecting the communities we operate in and commit to a 15% Black/Asian and ethnic minority representation across all levels, reflected by the makeup of our executive team. To identify/tackle inequality, we implemented mandatory learning on unconscious bias, to ensure we continue to breakdown stereotypes/unconscious thoughts, when recruiting, promoting, and upskilling staff. ; We promote diversity via employee networks, learning, engagement, people, and leadership. Our employment procedures (recruitment-development), focuses on maximising the potential of everyone, developing talent, and recognising their differences. We have established internal network groups (gender, ethnicity, faith, LGBTQ+ and disability) to ensure we continually educate and develop our people. ; In relation to Modern Slavery, our suppliers comply with all local laws/regulations providing safe working conditions, treating workers with dignity/respect, acting fairly/ethically and being environmentally responsible. The following policies help us ensure modern slavery is not taking place in our business/supply chains:; -Human Rights Policy: procedures to prevent breaches to human rights standards. ; -Diversity/Inclusion Policy: to foster a fair/inclusive workplace, ensuring discrimination is eliminated. ; -Procurement Policy: what to expect from CBSL when purchasing goods/services and requirements to be met by Suppliers. ; -Code of Conduct: Behaviour standards to create better outcomes. ; -Supplier Charter: How we/suppliers conduct business openly, honestly, and transparently.; -Speak Up Policy: Commitments to speaking up about serious concerns in CBSL/Supply Chain.

Pricing

• Price: £20,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at engagewithus@capita.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.