DELOITTE LLP

OPS Grant Management Service (Open Source)

Deloitte services to Operate the OPS Grant Management Service, an installation of the Open Source OPS (Open Project System) platform. The OPS platform allows the full lifecycle of grant management including user configuring and releasing entire grant application processes. This Deloitte service Operates the OPS installation.

Features

• Full lifecycle services delivered on a “one-stop-shop” basis
• Best practices-based implementation approach
• Configurable for multiple Grant Applications programmes
• Full grant and project lifecycle from application to payment supported
• Integrated reporting & management information
• Full life-cycle from application, payment to grant management and evaluation
• End-to-end solution integration including ERP finance
• Access for all grant life-cycle participants
• Local implementation and support team
• Leading Experts in OPS Platform

Benefits

• Modern Open-Source architecture
• Scalable user configurable platform
• Integrated Management Information and reporting
• Delightful intuitive user experience (UX)
• Customer competency enablement
• Ongoing solution enhancement and evolution
• Intuitive Design Low training need
• Reusable templates for housing and land, regeneration, culture and similar
• Payment processing, reclaims, reconciliation and approvals management
• Configurable advanced assessments model useful for impact studies for example

£450 a unit a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

510786165391632

Contact

Donna Farrell
0207 303 0913
publicsectorbidteam@deloitte.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: Feature updates are provided to Open-Source release frequently.
• System requirements:
  • Modern Browser
  • Access via public internet

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Deloitte Global Service desk receives tickets via a dedicated service portal. The Service Desk & Delivery Support staff are ITIL v3 Foundation qualified. We respond to tickets within the published SLAs which are : Priority 1 - 1 working hour Priority 2 - 4 working hours Priority 3 - 8 working hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: Accessibility testing would be performed aligned to clients ‘paid’ requirements and to a minimum of http://www.w3.org/TR/2008/REC-WCAG20-20081211 AA currently supported the current release of our ITSM. toolset.
• Onsite support: Yes, at extra cost
• Support levels: Named Technical Account Manager provided for all clients Typical Support Levels Priority 1: Major Incident [Loss of service] Description: A whole system or service is affected or unavailable at a location/site resulting in a major Impact to total business and services provided. Respond: 30mins Resolve: 4Hrs Target: 95% Availability: 24/7x365 Priority 2: [Transaction failure with no workaround possible] Description: Total loss of non-critical systems and partial loss of critical systems/service. Respond: 1Hr Resolve: 8Hrs Target 95% Availability: 24/7x365 Priority 3: [Transaction failure with workaround possible] Description: Minor impact on business or service Respond: 4Hrs Resolve: 3 working days Target: 90% Availability: UK Working days 08:00 – 18:00 Priority 4: [Investigation / Indepth analysis] Description: Low impact not preventing user from working Respond: 5 days Resolve: As Agreed Target: 95% Availability (Back to back with SAP for SAP clients): UK Working days 08:00 – 18:00.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: An external wiki page includes full and comprehensive instruction manual.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Extraction via CSV file and or whole database copy.
• End-of-contract process: Users may extract reports of data at any time, alternate form extracts can be provided at additional cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Certain screens are unsuitable for small phone screens and the UX deteriorates. Tablets, laptop or desktops are ideal for all features. Application is a responsive design.
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The service interface enables the customer to configure projects and programmes using the 'blocks' available within the system.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The accessibility is determined by the Open Source product. This is tested for accessibility at source and updates made where appropriate.
• API: Yes
• What users can and can't do using the API: APIs exist to allow retrieval of grant application data and allow on the fly changes to the live grant processes.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Configuration is performed via a user interface. Additional customisation can be developed and hosted with the service.; Customisation are not constrained but not recommended in large quantities.

Scaling

• Independence of resources: Scaling is managed by the cloud provider using our specific configuration, this allows the application to scale horizontally by creating new instances as required. Vertical scaling of the application is possible by upgrading the specification of each server used.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: CSV file as standard, alternate forms can be considered.
• Data export formats:
  • CSV
  • Other
• Data import formats:
  • CSV
  • Other

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: OPS will provide 99.5% availability in any subscription month, excluding scheduled downtime. A subscription month will be considered to be a calendar month during which the client has had a full site subscription for the entirety of the month.
• Approach to resilience: The solution is architected using all of the availability features provided by the cloud platform for the highest resilience and availability. For all the underlying app and database availability can be assured using multiple availability zones, hence in the event of a failure, the service would not be affected. Persisted data is backed up in a secure format and replicated to multiple locations.
• Outage reporting: Via a Deloitte "Help Desk"

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Username or password with 2 factor authentication for Super Admins.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Limited
• ISO/IEC 27001 accreditation date: 01/04/2022
• What the ISO/IEC 27001 doesn’t cover: The scope of the Information Security Management System is limited to the scope of Deloitte LLP and its subsidiaries in the UK, Gibraltar, Switzerland and Liechtenstein.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials; Cyber Essentials Plus
• Information security policies and processes: OPS follows ISO 27001-2013, which outlines our processes and is used to continuously improve our internal policies and processes. We have a strong IT Governance process driven from the CTO through technical architects into all projects and products.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Changes to the service go through in-depth automated testing to ensure that there is no regression on the service. A managed release process is followed for production releases
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We carry out annual vulnerability tests with accredited 3rd party. Any threats are prioritised in order on critical, high, medium and low.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We will use tooling to monitor the system activity and network traffic of the underlying services for suspicious activity. This type of activity is raised with priority via our 24/7 service desk for immediate analysis and remedy by our qualified support staff.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We allow organisations to provide P2, P3, & P4 incidents via our support desk. For P1 incidents, KIT has a 24/7 phone number available to call for full system outages. If a P1 incident occurs then when the issue is fixed and the service is restored, we will update all customer administrators of the times the service was lost and restored and the reason behind it. For any planned outages, the relevant communications will be carried out.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Deloitte is committed to delivering effective stewardship of the natural environment both with our clients and within communities. We do this through our methodologies, how we run projects, how we work in partnership with our Social Value Delivery Partners and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the Social Value Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of commitments.; We have infrastructure in place to deliver against this theme. Our Social Value Team manages our ecosystem of Social Value Delivery Partners, and shapes our commitments for delivering additional environmental benefits and influencing environmental improvement and protection. This is done in collaboration with our WorldClimate team, Responsible Business team and Net Zero Transformation, Strategy and Innovation Team.; Our WorldClimate strategy focuses on four objectives where we can make the biggest impact: achieving Net Zero by 2030: Operating Green; empowering individuals through education and sustainability challenges/tools; and engaging ecosystems by collaborating with our clients, alliance partners, NGOs, industry groups, suppliers, and others to address climate change at a systems and operations level.; Our engagement teams can undertake volunteering activities with our climate related Social Value Delivery Partners as social value commitments, contributing to habitat creation and increasing biodiversity (e.g. WWT, WDC). We also have partnerships where we can co-design commitments around green skills, green jobs and carbon literacy.

  Covid-19 recovery

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Tackling economic inequality

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Equal opportunity

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with this theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to each engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated SV Team provides the bidding and governance infrastructure to deliver against all 5 themes. The team manages our ecosystem of SV delivery partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes are met. ; Via our social impact strategy, 5 Million Futures (5MF), we also have access to a broad range of societal partners across 24 geographies in the UK, 16 nationwide partnerships and 34 partnerships with schools. The priority areas within our strategy are digital skills, education and employability, with inclusion at their core. The Strategy focuses the firm's resources and efforts on addressing inequality, helping people/communities to develop job skills and recover from the impact of the Covid-19 pandemic, improve educational outcomes and access opportunities to succeed in this rapidly changing economy. We have also co-developed a range of products and services with our 30+ Social Value Delivery Partners, enabling us to deliver a range of activities specific to an engagement.

  Wellbeing

  Deloitte is committed to integrating the five Social Value (SV) themes within the UK Government’s SV Model into engagements through our methodologies, how we run projects, how we work in partnership with other organisations and how we think about the future direction of our business. Specific action we would take to support a client with the wellbeing theme would depend on the scale and scope of the engagement, the SV Model Award Criteria (MACs) deemed relevant to the contract, and the locality/beneficiaries/ communities we are targeting. ; Each engagement will be designed as an impact led service, with Social Value run as a workstream in parallel with the core phases/deliverables of the contract. A Social Value Lead will be assigned to an engagement to agree KPIs and oversee progress and delivery of SV commitments.; Our dedicated Social Value Team provides the bidding and governance infrastructure to support engagement teams. The team manages our ecosystem of Social Value Delivery Partners, shapes our commitments, promotes good practice, and monitors delivery/impact for our clients to ensure the policy outcomes of improving the health and wellbeing within the contract workforce and community cohesion are met. ; We have an extensive programme of wellbeing initiatives, tools and events to support our contract workforce. Our Future of Wellbeing team also specialises in wellbeing impact measurement, strategy, and culture, and can work with clients on improving these areas in their organisation. Their methodology is informed by best practice from around the world (e.g. CIPD, COMB-model of behaviour change, World Happiness Report, BSI ISO 45003, Thriving at work standards Stevenson/Farmer, City Mental Health Alliance).

Pricing

• Price: £450 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at publicsectorbidteam@deloitte.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.