HAF SEND and Wraparound Booking and Data Solution for Councils
Eequ is the leading event booking solution to manage activities for the Holiday Activities and Food (HAF) programme as well as SEND Short Breaks and Family Hubs. The centralised platform helps local councils to engage hard-to-reach families, fund more local providers and makes DfE reports simple.
Features
- A central solution for HAF, SEND Short Breaks & Wraparound.
- Progressive web app. iPad compatible, mobile compatible and desktop compatible.
- DfE compliant analytics, programme performance, view engagement, monitor attendance.
- Online registers to manage schedules or customise and print PDFs.
- Automated eligibility checking of bookings and walk-ins, make discretionary decisions.
- Create custom eligibility categories to monitor vulnerable groups/ local priorities.
- Prevent double bookings across providers, set booking limits.
- Customise checkout questions for councils and service providers.
- Integrated payment system, childcare processing, messaging and waiting lists.
- Video support and chat support for councils, providers and families.
Benefits
- Ensure accurate data about HAF, Short Breaks and Wraparound care.
- Increase engagement through beautiful holiday activity listings with high SEO.
- Meets accessibility standards, translates to other languages to increase engagement.
- Understand school participation and school communication with eligibility and attendance.
- Secure, centralised online records minimises data breach risks.
- Increase families data privacy confidence with interfaces that empower parents.
- Reduce administration costs, increase efficiency with instant DfE compliant reports.
- Ensure fairness, increase transparency. Discretionary decisions based on local priorities.
- Increase event attendance with booking confirmations and two email reminders.
- Prevent providers approving before verifying eligibility, check walk-ins are eligible.
Pricing
£150 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 0 7 0 5 3 9 5 9 7 5 6 7 9 1
Contact
EEQU LTD
Avida Hancock
Telephone: +44 7557 093609
Email: avida@eequ.org
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
-
Users should have updated browsers and operating systems. We cannot guarantee support for versions more than 3 years old. Users require internet connectivity.
Maintenance Windows: We perform maintenance outside peak hours, where necessary communicating plans in advance to minimise impact.
Customisation Level: The platform offers some customisation to meet council preferences whilst ensuring system integrity and performance.
Deprecation Schedule: Customers receive advance notice about any changes, ensuring smooth transitions without operational disruption. - System requirements
-
- Internet connectivity
- Supported browsers are Chrome, Safari, Firefox.
- Users should maintain operating systems within the last few years.
- Council IT teams should ensure our website is whitelisted.
- Should whitelist docsend.com for the secure transfer of procurement documents.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We offer chat support 7 days per week. The response time may be reduced in the evenings and weekends. Our median response time for chat support during the working week is 15 minutes. Our median response time off-peak is 3 hours. Users may book a 1:1 video support call via our online diary system. Slots are normally available within the same day during the working week and within 1 day off-peak.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AA or EN 301 549
- Web chat accessibility testing
- In our efforts to ensure inclusivity and accessibility within our web chat services, we have actively engaged with a diverse group of users, including hundreds of parents and service providers who experience learning differences, dyslexia, and face language barriers. These interactions have been instrumental in testing our web chat functionality, particularly with the implementation of Intercom, a platform recognized for its commitment to accessibility (as outlined in their article on messenger accessibility). The feedback from these sessions has been overwhelmingly positive, with users expressing gratitude for the ease of use and the thoughtful design that accommodates their needs. This direct engagement has not only validated our approach to inclusivity but has also highlighted the importance of considering a wide range of user experiences in the development and continuous improvement of our services.
- Onsite support
- Onsite support
- Support levels
- We provide the highest levels of onboarding and day to day support. Each council will be assigned an account manager. We encourage council teams to work together to share best practise and new feature requests. We meet together after each delivery to hear feedback and ideas for improvment. Each council votes on all feature requests creating a stack ranked priority list for future development. The CEO acts as the technical account manager and meets reqularly with each council team.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Eequ provides online onboarding sessions for council teams in the form of workshops. This service is free of charge. Together we will arrange the most appropriate onboarding plan for your providers. In most cases this will include an introductory webinar. We provide a single 'Onboarding Link' for providers which take them to a guided step-by-step flow to set up their Eequ account and create their first listing. Providers can book a personal one-to-one onboarding call at any time during this process.
- Service documentation
- Yes
- Documentation formats
- Other
- Other documentation formats
-
- Help articles
- Interfaces with notes and tool tips
- YouTube videos
- End-of-contract data extraction
- Councils can remove FSM data from their dashboards by deleting it. Other data on learners activity and provider performance can be downloaded. All HAF questionnaire data can be isolated via association with council ID and deleted by Eequ on request.
- End-of-contract process
-
If a council team wishes to leave a contract, they may do so at the end of any contract period with 3 months' notice. During this time we will prepare an exit plan with particular reference to the destruction of the HAF questionnaire data that contains the personal information processed by the LA during the contract.
We will collaborate on communications to providers. We will extend the offer of usage of the platform to providers beyond the contract with no subscription fees.
All data can be exported for future manual analysis.
All HAF data will be destroyed via a script and the council dashboard will be shut down.
Contract offboarding and Data deletion is included at no extra cost.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Eequ responds dynamically to different sized devices such as mobiles, iPads and desktops. Mobile and iPad interfaces differ to desktop and look to the user like an APP. In some features such as our Schedule/Register, we allow the desktop user to toggle between mobile, iPad and Desktop views according to their preference and this allows them to carry out different tasks efficiently.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
- We use a Web based application. Providers and Bookers have a similar interface with a menu to manage their bookings and schedules and message. Councils users have a custom dashboard which gives them a number of pages providing an overview of their providers and programme performance. The interface is elegant and modern and fully responsive.
- Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
-
Our site is regularly used by families with accessibility needs. We routinely meet with providers who have disabilities on video calls and during our onboarding and support calls will document any feedback and create any actions. We also conduct testing internally using multiple tools including:
aXe;
Lighthouse;
Wave.
We tested a sample of pages that prioritise the most common usages of the platform and user experience such as landing pages, search pages, organisation pages, iFrames, Listing Pages and checkout page. We chose these pages for their frequency of use as shown by Google Analytics.
You can see links to some of our Lighthouse accessibility test reports in our accessibility statement. - API
- No
- Customisation available
- Yes
- Description of customisation
- Councils can set their own checkout questions in order to create their required data sets. Councils can create a custom set of eligibility categories in addition to FSM and SEND.
Scaling
- Independence of resources
- We use monitoring and alert tools to stay abreast of demand. We optimise our queries to allow for complex computations at scale.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Whole programme booking performance. Diversity of the programme-no children for each provider/listing. A real time display of the required DfE metrics: Attendance by Eligibility, broken down by FSM/Non FSM, SEND and non SEND. Number of participating schools by type. SEND children by provision type and eligibility status. Average number of free days attended by school stage. Total number of sessions attended by school stage. Engagement by count of sessions and percentage based on canonical FSM list and FSM+discretionary list. Sessions requested & attended by eligibility category.
For providers we provide visualisations for any date range and listing or in aggregate. - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Councils users have several data export options on their dashboard. They can click the download buttons to export the following: Learners who have engaged with attributes such as eligibility categories. Booking activity can be exported per listing for any date range. The exports show bookings, cancellations, late cancellations, unique learners, attended numbers and attendance percentage. School participation export shows with schools are good communicators about the HAF programme. Providers and postcodes can be exported for mapping purposes. In addition, Providers have a comprehensive data analytics and the ability to download marketing, registers and all HAF and custom questions.
- Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We have provided 99.9% uptime in the last 2 years .
Service and Support issues will be assigned a severity level according to the following:
‘Severity Level 1’ includes an issue that has a critical business impact on the Council. The wholeProduct(s) or a core essential component of the Product(s) is not usable.
‘Severity Level 2’ involves an issue that has a significant business impact on the Council. Important functions or services within the Product(s) are not usable.
‘Severity Level 3’ involves an issue that has a minor business impact on the Council. The Product(s)or its functionality is not seriously affected.
The Contractor will meet the following response times dependant on severity level:
SEVERITY LEVEL 1:
INITIAL PROBLEM UPDATE TARGET - Within 4 working hours;
CONTINUING PROBLEM UPDATE TARGET - Every 2 working hours;
PROBLEM SOLVED TARGET - 8 working hours.
SEVERITY LEVEL 2:
INITIAL PROBLEM UPDATE TARGET - Within 7 working hours;
CONTINUING PROBLEM UPDATE TARGET - Every working day;
PROBLEM SOLVED TARGET - Every 2 working days.
SEVERITY LEVEL 3:
INITIAL PROBLEM UPDATE TARGET - Within 10 working hours;
CONTINUING PROBLEM UPDATE TARGET - Every 2 working days;
PROBLEM SOLVED TARGET - Every 7 working days. - Approach to resilience
-
We benefit from AWS security measures. These include AWS Identity and Access Management (IAM), which controls individual permissions, and AWS Systems Manager for managing system configurations. AWS also provides traffic control tools like Security Groups and Network ACLs.
In terms of physical security, AWS data centres offer robust measures including security staff, video surveillance, and multi-factor access control systems. For technical security, AWS provides firewall and network security services, data encryption features, and services like AWS GuardDuty for threat detection and AWS CloudWatch and CloudTrail for continuous monitoring. - Outage reporting
- Our team recieve alert that are integrated into our internal communication systems. We report this by email to users. In the event of a serious disruption to users we would display a notice to users.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- At Eequ, we enforce multi-factor authentication (MFA) for all staff and all tools to enhance security. Segregation of duties is achieved through role-based access controls, ensuring that system and service administrators have distinct responsibilities and access permissions. Access to management consoles, diagnostic and configuration ports is strictly limited to authorised system administrators and is protected by stringent authentication mechanisms. For AWS, access is authorised based on defined roles and permissions in AWS Identity and Access Management (IAM), following the principle of least privilege.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- Less than 1 month
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Citation ISO Certification (formerly QMS International)
- ISO/IEC 27001 accreditation date
- 30/05/2024
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Our approach to security governance is underpinned by strict adherence to data protection regulations, particularly in handling sensitive information such as HAF questionnaire data. We ensure contractual clarity on data management, including a detailed exit plan for secure data destruction, emphasising our commitment to confidentiality post-contract. Collaborative stakeholder communications during the exit phase and the provision of continued platform access to providers highlight our dedication to transparency and service continuity. Our comprehensive data protection measures include encryption, access control, and regular audits, ensuring robust security governance throughout the data lifecycle, in full compliance with UK data protection standards.
- Information security policies and processes
-
Our governance and risk management processes involve continuous monitoring, regular internal and external audits, and compliance checks. Eequ’s Information Security Policy is found here. We also leverage AWS's compliance with international and industry-specific standards, such as ISO 27001, to manage risks. For risk assessment, we conduct regular audits and use AWS's threat detection services to identify and mitigate potential threats.
The CEO has overall responsibility for information security and is the Data Controller. The CEO is the owner of the Information Security Policy (this document).
The CEO defines which Eequ staff are allowed access to infrastructure and data.
Staff are given a thorough security onboarding process and external training. Staff are responsible for complying with Eequ’s information security policy and for reviewing it annually.
Eequ staff are required to sign a Data Processing Agreement which lays out their responsibilities and obligations.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Our configuration and change management align with CSA CCM v3.0 and NCSC's guidelines, focusing on tracking service components and assessing security impacts of changes. We use AWS's change management processes, which follow best practices for managing changes in the infrastructure and reducing potential risks. These include maintaining a record of all changes, performing risk assessments for significant changes, and using a review and approval process before changes are implemented. We also use AWS Systems Manager to manage system configurations and maintain software consistency across our resources. Our procedures include strict testing protocols to prevent deployment of breaking changes.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Alongside regular external vulnerability scanning, front and back-end monitoring tools such as Sentry & AWS provides us with several services that facilitate audit logging and intrusion detection providing immediate alerts to any potential threats:
AWS CloudTrail is a service that provides event history of AWS account activity. This enables security analysis, resource change tracking, and compliance auditing.
AWS Security Hub provides a comprehensive view of high-priority security alerts and compliance status. It also aggregates, organises, and prioritises security alerts. Threats are triaged immediately by our team and patches can be deployed without service disruption via our blue/ green deployment method. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
Any potential compromises are identified as part of our risk management protocols in our day to day development. We regular review and update libraries and tools. We utilise a number of technical tools and management protocols to identify suspicious behaviour and technical threats. Our incident management process is illustrated in our Eequ Disaster Recovery and Business Continuity Plan. We consider communication with clients and users to be of the utmost importance.
We respond to incidents quickly due to our alerts being connected with team emails and Slack channels. These are monitored through extended daytime hours, evenings and weekends. - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
- External reports of bugs or incidents are placed in a triage and users are tagged so that they can be updated through the lifecycle of the incident investigation. User can report bugs via their menu which provides a dedicated BUG REPORT page. Bug reports are public until resolved. Users can also report bugs via our chat tool, Intercom, by email or telephone. Regardless of the channel, a ticket is created, triaged and actioned according to the severity level. We acknowledge all incidents are important to users and strive to address them immediately. All serious incidents are reported to council clients.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
Promoting Local Learning: Encouraging and facilitating community-based learning reduces the need for long commutes for work or training, thereby reducing carbon footprints.
Reducing waste: Eequ facilitates extensive visualisations of data from schedules to registers to analytics. This avoid the repetitive printing of paper reducing waste of production and disposal of paper, printers, inks and electricity.Covid-19 recovery
Strengthening Community Networks: Our platform nurtures relationships within communities, leading to strengthened bonds, mutual support, and collective growth.Tackling economic inequality
Technology-enabled Community Services: By reducing administrative costs and overheads, Eequ makes learning experiences more affordable and accessible.
Empowerment of Local Talent: Eequ aids local mentors in monetising their skills and wisdom, contributing directly to the local economy.
Streamlining Resources: By supporting collaborations between local authorities and providers we aid knowledge sharing and streamlining of resources. By enabling customisation we preserve the difference in cultures and needs of different authorities and individual education providers.Equal opportunity
Accessible for All: Eequ’s platform is designed to be inclusive, catering to diverse learners from different socio-economic backgrounds and ensuring equal opportunities. Eequ’s beautiful interfaces act as a bridge to technology for many groups of providers and learners who would otherwise struggle to access digital tools.Wellbeing
Access to Holistic Learning: Eequ’s portal provides diverse, in-person learning experiences, promoting not only intellectual but also emotional, social, and spiritual growth (EQ).
Authentic Relationships: Through our platform, we facilitate genuine human encounters, which studies have shown to be crucial for positive life outcomes.
Reduced Digital Fatigue and assoicated Mental Health issues: Use of digital devices and social media has been linked to mental health problems, especially in the young. By emphasising and facilitating in-person interactions, Eequ offers a sustainable alternative to the over-reliance on digital technologies.
Pricing
- Price
- £150 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Councils can experience the use of the platform for one delivery period with up to 3 providers at no cost as a free trial.