COMMUNITY BRANDS UK LIMITED

Groupcall Parents Evening Booking System

Netmedia's Parents' Evening Booking System (www.parents-booking.com) helps 1700+ schools in the UK take appointment booking online. This cloud-based software helps schools improve parental engagement, increase attendance and allows parents to make appointments at times that suit them. Customers can 'bolt-on' separate Event and/or School Club Booking modules for a surcharge.

Features

• Synced with your school MIS. Create Parents Evenings in minutes
• Parents can log in and book their own appointments online
• Parents control their own timetable and appointment schedule
• Two-way messaging between parents and teachers if desired
• Parents evenings run more smoothly
• Reduces time that parents and teachers spend waiting
• Accessible via all modern devices: mobile phones, tablets, laptops, desktops
• Teachers control their own availability
• Parents and teachers can print their appointment schedules
• No need to rely on students to make appointments

Benefits

• MIS sync enables efficient, rapid set up of Parents Evenings
• Simple, easy to use parental interface
• Parents make their own appointments online in seconds
• Ensures no double booking of appointment times
• Reduces parental waiting times on the evening
• No reliance on students to make appointments
• Parents can make bookings with multiple teachers in one click
• Two-way messaging enables teachers and parents to prepare
• School admin can block out times as required
• Teachers can be given permission to control their own availability

£0.60 to £0.75 a person a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jagrajj.atwal@communitybrands.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

511292050951549

Contact

Jagrajj Atwal
0208 506 6100
jagrajj.atwal@communitybrands.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Groupcall Messenger school communication system
• Cloud deployment model: Public cloud
• Service constraints: Supports the following browsers:; • Internet Explorer 10+; • Microsoft Edge (latest version); • Firefox (latest version); • Chrome (latest version); • Safari (latest version)
• System requirements: Browser based

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Uusally within 1 hour and often sooner. Immediate confirmation emailed providing case reference etc.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: Support is included without additional cost offering email, telephone and live web chat support during normal UK business hours plus emergency support outside these hours.; Critical - A problem which must be resolved before the end user can continue normal business operations. Response within four (4) working hours of receiving notice of a critical problem being reported. ; Serious - A problem which significantly inhibits production but does not prevent operations. Response within within eight (8) working hours of receiving notice of a serious problem being reported. ; Moderate - Requirements which do not impede productive use of the Software. Response within seventy two (72) working hours of a moderate problem being reported. ; Minor - Cosmetic production problems and general test system problems that do not affect availability of the production system. Response within two (2) working weeks of a minor problem being reported, or if relevant in the next version release. An example of a minor issue, may be an enhancement request or notification of a incorrectly spelt word
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Online training, telephone training and, where required, onsite training is made available to new users. Online documentation, FAQs and training videos are provided also.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Customers can edit and delete their records individually, in bulk or completely at any time. Parents' Evening Booking System is committed, by Terms and Conditions, to delete any data within 24hrs (or on the next working day if this is on a weekend) of the contract expiring if it has not been deleted by the customer.
• End-of-contract process: At the end of the contract the school's data is deleted, their account is suspended without access for 30 days (in the event that the school may choose to renew after-all). After 30 days the school's account is permanently deleted.

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Reduced feature set on mobile devices. All main features work however advanced features require desktop access
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Authorised administrator users can configure their own software to send SMS, Push and Email messages with attachments through our APIs on behalf of their organisation. The API does not provide functionality to make configuration changes as this is not its purpose
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Our 'Settings' page allows the school to customise simple settings such as the school's logo and a map of its rooms, while a more advanced settings area lets the school change everything from software preferences to the text which is shown to parents, allowing the phrasing of public sentences to be customised. Amongst the features that customers can adjust are the ability to turn on/off the 'booking wizard' parents use to make their appointments, the ability for parents to submit advance notice of a 'discussion topic' with their booking, the ability for teachers to be able to extend/shorten their availability, the ability to allow parents to request a translator join them during their appointments, and many more features.

Scaling

• Independence of resources: We use Amazon AWS cloud servers. We monitor the CPU resource of the application and database servers daily, and can increase server size as required manually. We use 'Data Dog' as well as AWS' in-built tools to review resource levels. We use a load balancer and elastiEcach memcach to manage traffic and divide it across our servers. In the event that a server were to go down, traffic would be sent to one of the other servers. We are currently investigating and intending to use 'auto scaling' and 'reserved instance' technologies offered by AWS for further automated control.

Analytics

• Service usage metrics: Yes
• Metrics types: Local authorities or organisations who purchase Parents' Evening Booking System can be provided with usage statistics across all of their institutions. These statistics include the names of all parents' evenings run, the number of parents/students associated, the booking numbers and booking percentages. We also help calculate the time and money saved per parents' evening. Schools can view their own parents' evening statistics from a 'Statistics' page found on their Admin Dashboard.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: We integrate with all major MIS databases so that schools can click a button and import their pupils, parents and teachers. This process is usually performed through a native integration with the MIS database, but schools can also use data transfer tools such as Groupcall Xporter, or Xporter on Demand, to upload their data. There is often also an alternative option whereby a school can extract the required pupil/parent/teacher fields from their MIS database (typically by creating/running a 'custom report'), and upload a spreadsheet containing the same data.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We guarantee 99.95% availability. We also guarantee: Urgent issues are responded to within 1 hour and resolved within 2 days. High priority issues are responded to within 2 hours and resolved within 2 days. Medium priority issues are responded to within 2 hours and resolved within 7 days. Low priority issues are responded to within 2 hours and resolved within 7 days. Our support system is set up to send reminders to support staff about issues if they are in danger of not having been resolved or responded to within the guaranteed times.
• Approach to resilience: We use Amazon AWS as our datacentre. Amazon AWS' resilience is of an extremely high standard. Amazon AWS provide us with a service level agreement (SLA) for the EC2 and RDS services we employ, and these include service credits based on the percentage of downtime. Resources: Amazon AWS EC2 Service Level Agreement: https://aws.amazon.com/compute/sla/ Amazon AWS RDS Service Level Agreement: https://aws.amazon.com/rds/sla/
• Outage reporting: We use monitoring tools built into the system to understand load and resource matters, and third-party (external) monitoring tools in the event the system were to go down. E-mail alerts are used to contact customers in the rare event of downtime.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access is restricted using permission based roles. Internally these are determined by management based on the function being provided (support, development, sales etc.) and permissions are restricted to an 'as necessary for the role' basis, ensuring no person is able to access data that they do not need to access in order to perform their role. Administrators at school level are also able to set permission levels for their additional users to restrict access to a granular level as required or desired.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS
• ISO/IEC 27001 accreditation date: Originally accredited March 2013. Annually audited and renewed each year since then
• What the ISO/IEC 27001 doesn’t cover: ISO/IEC 27001 covers entire company, all processes and all products and services
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 27001

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We have achieved our 'Cyber Essentials Plus' certification. Our certificate is available at the hyperlink below. We are also working towards being ISO27001 certified by the summer in conjunction with Highland IT Security Ltd. Neither of these certifications are requirements, but these are the standards we intend to have certified none the less. Reference: https://www.qgstandards.co.uk/qgce2758/
• Information security policies and processes: Our Information Security Policy is available upon request, and available here: https://parents-booking.com/downloads/INFORMATION%20SECURITY%20POLICY%2011.07.18.pdf Detailed within are: - Password and account controls - Device and perimeter security - Individual device security and configuration - Devise backup - Anti-virus and anti-malware controls - Remote access controls, third party access, employee, sub-contractors and account access levels - Mobile devices security - Security of other information - Clear desk policy

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We operate with our own Change Control Management processes for the documentation, application code, testing, server configuration and database changes. We have achieved Cyber Essentials Plus certification, and operate with strict change control procedures that assess any security impact of the change. We are also working towards our ISO27001 certification. Craig Dingwall of Highland IT Security Ltd can confirm our ongoing work towards this certification.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use Qualys to scan our network services internally and externally. The scanning is carried out for patch management and known weaknesses. The scanning is carried out for patch management and known weaknesses. These scans are carried out every 30 days. We also scan all 'builds' on our test server before these are released to the live server, Any identified issues are raised as support incidents to be processed as part of our Incident Support Process. Our Cyber Essentials Plus accreditation demands that we release updates within 14 days of being for vulnerabilities described as 'critical’ or ‘high risk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use Qualys to scan our network services internally and externally. The scanning is carried out for patch management and known weaknesses. The scanning is carried out for patch management and known weaknesses. These scans are carried out every 30 days. We also scan all 'builds' on our test server before these are released to the live server, Any identified issues are raised as support incidents to be processed as part of our Incident Support Process. Our Cyber Essentials Plus accreditation demands that we release updates within 14 days of being for vulnerabilities described as 'critical’ or ‘high risk.
• Incident management type: Supplier-defined controls
• Incident management approach: We provide a support portal for customers to log and update their support incidents in addition to telephone and email reporting. All support incidents are tracked through our Incident Management Process and logged in our support portal. Incidents are reviewed to determine the root cause with appropriate actions taken to reduce or prevent a re-occurrence.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Equal opportunity:

  Equal opportunity

  Groupcall are an equal opportunity employer, committed to being a successful, caring and welcoming place for all employees. We want to create a supportive and inclusive environment where our employees can reach their full potential, without prejudice and discrimination. We are committed to a culture where respect and understanding is fostered, and the diversity of people's backgrounds and circumstances will be positively valued. The policy aims to achieve equality by removing any potential discrimination in the way that our employees are treated by fellow employees or Community Brands, including: ; ; •people with disabilities; •people of different sexual orientations; •transgendered and transsexual people ; •people of different races ; •people on the grounds of their sex; •those of faith and of no faith ; •in relation to their age; •in relation to their social class or medical condition ; •people who work part-time ; •those who are married or in a civil partnership; •women who are pregnant, have recently given birth or are breastfeeding.; ; Discrimination can be either direct or indirect discrimination. Some of the above are protected characteristics under the Equality Act 2010 and discrimination is prohibited, unless there is a legal exception under the Equality Act.; ; Victimisation: ; ; This is not the same as the common meaning of victimisation but is specifically regarding treating someone less favourably because they have complained about or given information about discrimination or harassment, either regarding themselves or someone else.

Pricing

• Price: £0.60 to £0.75 a person a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full version free of charge for your next Parents Evening.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jagrajj.atwal@communitybrands.com. Tell them what format you need. It will help if you say what assistive technology you use.