Skip to main content

Help us improve the Digital Marketplace - send your feedback

  1. Digital Marketplace
  2. Lot 2: Cloud software
  3. Software - University Planning (Capita)
Capita Business Services Limited

Software - University Planning (Capita)

Capita University Planning Solutions is a suite of 5-modules to help Universities plan university activity in a standardised/secure fashion. The suite contains Student Number Planning, Staff-Planning, Estates-Planning, Research-Planning and Finance-Planning. The different modules can be procured individually/in-combinations, in an integrated solution. The solution can be deployed on premise/in the cloud.


  • Effectively manage student types to accurately predict student numbers/requisite resources
  • Introduces standardisation and rigour to the planning process
  • Automate/streamline the planning process, removing manual management of spreadsheets
  • Enables versions of the plan to be retained, using snapshots
  • Automate the workflow and approval process
  • Near-real-time scenario-planning; models how changes to student-numbers affect departments/budgets
  • Better integrate strategic objectives with operational and financial plans
  • Regulate the timely delivery of plans and forecasts
  • Greater data accuracy/creates “single-version of truth” improving collaboration/output


  • Standardisation of the planning process between faculties, schools and departments
  • Reduction in data collection time and automation of workflow
  • See impact on the plan immediately with real-time data input
  • Allows University to see change-impact immediately using “what-if” scenario planning.
  • Saves time, effort and money across the whole planning process.


£20,000 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

4 6 3 6 9 7 3 7 5 3 3 7 0 0 6


Capita Business Services Limited Capita Business Services Ltd
Telephone: 08702407341

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
See full terms and conditions for any platform restraints
System requirements
Access to internet via web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
The Capita online support desk system supports logging and tracking of service requests through its web browser-based customer interface. Customers can create service requests based on priority, product/solution type, status and customer contact. The process of capturing important details relating to the service request is done via a web form interface and gives the customer the ability to add and update the request. Customers can also raise urgent issue via email or our dedicated support phone number.
User can manage status and priority of support tickets
Online ticketing support accessibility
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
Web chat accessibility testing
Refer to service description.
Onsite support
Yes, at extra cost
Support levels
We provide support levels based on four severity levels: 1-4. A critical call would attract a 30 minute response with a non-critical call attracting a four hour response. We provide our support plan for this service as standard with no additional costs within standard operating hours. We provide a client engagement manager to all clients who subscribe to the platform to ensure we provide a consistent service throughout the term of the contract.
Support available to third parties

Onboarding and offboarding

Getting started
Yes, initial training provided as part of the implementation package.
Service documentation
Documentation formats
End-of-contract data extraction
It is the responsibility of the University to ensure a final backup is taken if required.
End-of-contract process
User access is terminated at contract end in the case of a SaaS installation unless the service is renewed for an additional period. On Premise licences are bought in perpetuity, and will remain available for use. If the customer requires ongoing support and maintenance, an additional period will need to be bought.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Compatible operating systems
Designed for use on mobile devices
Service interface
User support accessibility
Description of service interface
Refer to service description.
Accessibility standards
Accessibility testing
Refer to service description.
What users can and can't do using the API
Each model will have a unique port for API communication to go through. API is technically available to any user who has been granted appropriate access. API can be used to control/update objects, read/write data, run processes/chores etc. Planning Analytics Workspace (a main user interface) communicates to the Planning Analytics database solely through rest API.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
Any user with a modeler licence and has been granted Admin privileges to the model has full control over the model. What any other user can customise is controlled through security within the model which may be updated by any modeler (admin) user. Some tools/functionality are restricted depending on the type of licence that has been assigned to the user. Any modelers should be made aware of this to ensure you remain audit compliant.


Independence of resources
Underlying cloud infrastructure is designed to meet scalability and resilience requirements to ensure no impact as above.


Service usage metrics
Metrics types
All admin users will have access to a monitoring console which can be used to view memory/disk usage and what threads are running in the model. Admin users will also have access to logs which contain what processes have been run and by whom. Other metrics could be provided but would need designing.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra support
Organisation whose services are being resold
IBM Planning Analytics toolset to develop Planning Solutions.

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Built in functions allow this requirement to be met.
Data export formats
  • CSV
  • Other
Other data export formats
  • PDF
  • Excel
Data import formats
Other data import formats
To be defined and agreed by CBSL

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Standard availability of the service runs at 99.5%. No service credits are available if this is not met. Further details available on request if necessary.
Approach to resilience
On Premise deployments subject to clients own resilience arrangements. IBM resilience arrangements would apply for SaaS deployments.
Outage reporting
Users are contacted via phone and/or email regarding any outages in a SaaS deployment.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
If the solution is cloud based, all communication is secured via HTTPS and access to web interfaces/rest API is limited to only users whom have been granted access. IBM would provision RDP clients for any admin users and direct access to file shares would be limited to those with credentials issued via IBM's welcome back.
If the solution is local, access may be restricted to a select number of ports and can be configured for HTTP or HTTPS communication. Access could also be limited to only permitted IP Addresses.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
British Assessment Bureau - UCAS
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Further information is available on request regarding ISO27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
All policies are available on request. As a minimum we meet ISO27001-2013.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The ITIL v 4 Change and Release Management Process is used to manage all changes. A ticket is raised in the SysAid Service Desk tool for each task to allow tracking services, license renewals, patch updates. An expiry date is set against each ticket to ensure timely testing through the lesser environments, Dev, UAT is conducted. Change Request forms must be completed by the SME who will implement the change, and this must detail each step of the change process. This must be accompanied by a release flight plan to be present to CAB for review and approval.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
As part of Vulnerability management, the processes are Patch management, File Integrity Monitoring, Internal Scanning using the Qualys tool, and PEN testing. If any threats are recognised patch deploys are implemented immediately if a high-level threat is recognised and progressed via the eCAB process. If the threat level is medium to low level the CR will be progressed via the Change and Release process. Information of potential threats are received via Capita Cyber, AWS notifications, Azure updates, code forums and cyber security updates forums.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Protective monitoring is conducted on all devices via McAfee virus and Malware scanning. File Integrity Monitoring is conducted as part of the security practices to verify the integrity of the operating systems and applications files to detect if any tampering or security attempts. Any incident in regard to security, virus or malware attack is raised as a P1 and has immediate continuous effort to resolve. If changes are required to resolve hot fixes will be applied and the eCAB process implemented.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
ITIL v Incident Management process is used to manage all incidents. The client will raise an incident ticket via the SD Portal and receive an automated response containing a unique ticket ID. The ticket is tagged with a status, priority scale between 1 – 4, and category and is escalated to the relevant team for progress. Incidents report for P3 and P4 issues are reported on the ticket. P1 and P2 incidents have a Root Cause Analysis provided detailing the resolution steps, root cause analysis and recommendations to prevent any future occurrence.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Equal opportunity

Equal opportunity

We are committed to promoting diversity/ensuring nobody discriminates against individuals/groups under the Equality Act 2010. Promoting equality/inclusion is essential to being a responsible business/creating better outcomes for all.
We have demonstrated our commitment to disability inclusion by signing up to the Disability Confident Scheme. Our personal independence business, which supports with disability through our work for DWP, has implemented measures across recruitment, working arrangements and employee training, to become a disability confident leader.
We have sustainable representation of ethnic diversity reflecting the communities we operate in and commit to a 15% Black/Asian and ethnic minority representation across all levels, reflected by the makeup of our executive team. To identify/tackle inequality, we implemented mandatory learning on unconscious bias, to ensure we continue to breakdown stereotypes/unconscious thoughts, when recruiting, promoting, and upskilling staff.
We promote diversity via employee networks, learning, engagement, people, and leadership. Our employment procedures (recruitment-development), focuses on maximising the potential of everyone, developing talent, and recognising their differences. We have established internal network groups (gender, ethnicity, faith, LGBTQ+ and disability) to ensure we continually educate and develop our people.
In relation to Modern Slavery, our suppliers comply with all local laws/regulations providing safe working conditions, treating workers with dignity/respect, acting fairly/ethically and being environmentally responsible. The following policies help us ensure modern slavery is not taking place in our business/supply chains:
-Human Rights Policy: procedures to prevent breaches to human rights standards.
-Diversity/Inclusion Policy: to foster a fair/inclusive workplace, ensuring discrimination is eliminated.
-Procurement Policy: what to expect from CBSL when purchasing goods/services and requirements to be met by Suppliers.
-Code of Conduct: Behaviour standards to create better outcomes.
-Supplier Charter: How we/suppliers conduct business openly, honestly, and transparently.
-Speak Up Policy: Commitments to speaking up about serious concerns in CBSL/Supply Chain.


£20,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.