Victim and Witness Support, Care and Advice case management software
Our Case Management Software is a comprehensive solution designed to assist organisations dedicated to supporting victims and witnesses of crime. Built with a deep understanding of the complex needs of these individuals, our software streamlines processes, enhances communication, and ensures sensitive information is handled securely and efficiently.
Features
- Self service configuration capability and workflow engine.
- Email and SMS with bespoke automated or manual templates.
- Document storage and management.
- Create actions, generate action emails, receive responses and escalate actions.
- Customisable data capture forms ensure that relevant information is gathered.
- Monitor progress and outcomes with intuitive Power BI dashboard reporting.
- Role based access security configuration.
- Inbuilt victim and witness portal for secure messaging and documents.
- Configurable APIs and Web services.
- Generate letter templates with system data manually or automated.
Benefits
- APIs / Web services to integrate Police data.
- Robust security measures and data encryption.
- Streamline case management workflows and reduce administrative burdens.
- Ensure compliance with Victim Code principles.
- Facilitate collaboration and coordination among multi-disciplinary teams.
- GDPR complaint software - CE+ and IASME Level 2.
- Data-driven insights to improve service delivery, allocate resources effectively.
- Manage / collaborate on cases effectively / efficiently 24/7.
- Full support and maintenance, disaster recovery and data backups.
- Empower case workers to deliver effective assistance and advocacy.
Pricing
£450.00 to £450.00 a user a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 2 8 4 8 3 3 5 4 5 7 3 3 1 3
Contact
Orcuma Ltd
Paul Mitchell
Telephone: 07958 988930
Email: paul.mitchell@orcuma.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No constraints.
- System requirements
-
- Viewing external SSL-encrypted pages (https) is permitted.
- No minimum required bandwidth, firewall, DNS or routing requirements.
- Javascript must be enabled.
- PDF viewer is required for the production of some reports.
- MS Word 2003 upwards, Excel 2003 upwards.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
High priority - 1 hr,
Med priority - 4 hrs,
Low priority - 1 working day - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- We use Zoho Desk to manage all our incidents and within this we user Zoho Assist. This allows our support staff to perform screen sharing to trouble the problem or they can do remote assist to "takeover" the PC and resolve the issue (if needs be).
- Web chat accessibility testing
- None as we use commercial off the shelf Incident management software.
- Onsite support
- Onsite support
- Support levels
-
The escalation of the incident will depend upon the priority/severity of an incident. We provide a standard Service Level Agreement.
Support provision is via a dedicated email address and telephone number linked to Zoho Desk for incident management and tracking / reporting.
1st Line support – Orcuma helpdesk staff receive the incident details. Resolution can be given here using resolutions to known faults from our Orcuma FIRsT application for recording incidents. If resolution cannot be given in the initial interaction, the incident will be routed to 2nd Line support.
2nd Line support is one of Orcuma implementation consultants for analysis and review. If resolution cannot be given to the incident, the incident will be routed to 3nd Line support, the technical team for investigation. It will remain with them until a fix is able to be provided to the incident.
All support levels are included in costings. All support provided by Orcuma Ltd staff. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
-
Implementation workshops –Workshops held with key process owners. Orcuma configure a prototype FIRsT system from the output of these sessions.
Workshop 1 - Understanding “as is” and “to be” processes, interactions with DCC applications and aligning to how Orcuma’s FIRsT software will support processes eg reporting, workflows, security model and outputs e.g. Emails, Texts. Orcuma’s FIRsT software configured to meet “to be” processes.
Workshop 2 - Demonstration/discussion based on initial configuration of FIRsT (interfaces just to be discussed). Output - Agreed FIRsT application configuration documented. Agreed scope of functionality, data fields, data migration and reports/performance management.
Configuration of Orcuma’s FIRsT software – Software configured based on output from workshops. Released for review in Test environment for sandpit” user testing.
Training is from the “to be” processes view so that staff know how to use FIRsT from the agreed operational processes. This is onsite training.
Orcuma will provide a generic user guide as a template - allowing for the creation of bespoke training documentation that can be used for the “train the trainer” sessions.
Orcuma will provide a generic system administrator user guide outlining the key functionality. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- At contract end, authorisation to pass back client data must be received from a nominated client contact. The client's data data entered in FIRsT would be extract (into comma separated value format) and transferred back to them (by Orcuma staff) via an agreed method (secure export via FTP would be free but if Orcuma are required to migrate to another system, this would be chargeable). We would then expect written authorisation from the client that we are permitted to permanently destroy their data on FIRsT.
- End-of-contract process
-
Authorisation must be received from a nominated client contact that the contract is ending.
Their data (residing in our software) would be extracted (to comma separated value format) and transferred back to them via an agreed method (secure export via FTP would be free but if Orcuma are required to migrate to another system, this would be chargeable).
We would then expect written authorisation from the client that we should permanently destroy all their data that is held by Orcuma.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- None
- Service interface
- No
- User support accessibility
- WCAG 2.1 A
- API
- Yes
- What users can and can't do using the API
- Orcuma enable integration to FIRsT using APIs and Web Services. These are developed as and when needed by customers, and currently include functionality to create case and client records, retrieve statuses and create notes for cases. Each user would be given a unique API token and username/password to authenticate against the API or Web Service.
- API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Customisation is in the form of different software configuration settings on our software or different reporting outputs/layouts, which may be required in order to support the client's specific operational processes. These will be discussed with the client prior to any implementation and will be tested in the Test environment to ensure appropriate to the requirements and have no impact across the software.
There may be a need to customise an element of the existing software code but this is controlled through our change control process and can only be requested and approved by the client's nominated key contact.
Only Orcuma staff or the client's system administrators can apply software configuration settings. Only applicable Orcuma staff can amend any coding / software forms / database elements.
Scaling
- Independence of resources
-
We only use Orcuma staff. This means that we are in control of their annual leave, their work load and their work load scheduling.
Using project planning during an implementation, we can schedule work packages for staff so we know their availability for that work plus capacity for any unscheduled work in that time.
This allows us to be able to react and assign appropriate resources to any unscheduled events, incidents or change request received by clients. Work is not assigned to any staff without checking their existing work packages first and the expected completion date of these.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Uptime percentage over the previous calendar month and then over the previous 12 months.
Number of Incidents received (date received) and its category.
Number of Incidents closed (date closed) and its category.
Number of incidents escalated.
Number of incidents by staff.
Any bespoke report required to support contract management. - Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
-
Users are required to login with a username and a "strong" password.
“2 factor” authentication over an SSL secure connection can be employed.
Three unsuccessful login attempts and the user’s account will be locked.
No caching of any passwords. Passwords are "masked" and encrypted by a secure hashing algorithm which is unique to each user.
Auto “timeout” if inactive for 30 min.
Forced password reset every 60 calendar days.
Our servers are protected by Anti-Virus and malware software.
For day-to-day access by users, the user’s browser session is encrypted using an extended-validation Symantec SSL certificate. - Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
-
Users can export data sets from our software into comma separated value files. This is standard functionality.
Alternatively, we can extract their data, specific to their requirements, by using an appropriate SQL script. - Data export formats
- CSV
- Data import formats
- CSV
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- In our Service Level Agreement, we endeavour to provide a 99.7% uptime. There is no refund provision if this is not met.
- Approach to resilience
- This is information available on request.
- Outage reporting
-
Email alerts are sent to our Technical Services Director with the outage time, description and estimated restoration time.
Emails are sent during the outage to ensure that we are aware of all actions being taken to resolve the outage.
We will email notification to key client contacts/users where any unplanned outage occurs during normal business hours as soon as we are made aware of these.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Other
- Other user authentication
-
The user’s browser session is encrypted using an extended-validation Symantec SSL certificate.
Username and "strong" password required. Two factor authentication can be employed.
We can also lock down access to the software by defined IP address(es). - Access restrictions in management interfaces and support channels
-
Users need to be properly authenticated before being allowed to perform management activities, report faults or request changes to the service.
We allow clients to manage their own user base.
Users can report faults directly to our support desk but they must include our nominated client super user.
All requests to Orcuma for any type of management activities or change request must come through email. We have a nominated client super user for every client. They are responsible for emailing the change request and approving them. All change request approvals must be via email. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- Cyber Essentials PLUS
- Information Assurance for Small and Medium Enterprises (IASME)
- IASME - Level 2 GDPR accredited
- IBM Cloud ISO 27001
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
-
Cyber Essentials Plus.
Information Assurance for Small and Medium Enterprises Level 2 - GDPR accredited version.
Registered ICO organisation.
Police Industry charter registered.
Restorative Justice Council approved. - Information security policies and processes
-
We have a named company director who is responsible for our Information Security Management System as well as data protection. Information security is a standing agenda item at our board meetings as well as monthly director's meetings.
We have an up to date ISMS risk assessment (approved at board level along with all policies) and it has been reviewed in the last 6 months.
We also have policies for data protection, asset management register, access and physical management security, security incident management, disaster recovery and business continuity. These polices are distributed to all Orcuma employees on starting employment and again when updated. All staff are reminded of their information security responsibilities on a weekly basis verbally.
Our ISMS policies and data protection policy are all included in our employee's contracts and company disciplinary procedures.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Orcuma will provide a standard change request template for completion.
Review of the change request requirements and discuss potential configuration options with the client.
Change requests are logged and may have a system requirements document developed – outlining requirements, system areas affected, the procedure for backing out the change, development time and (potential) cost and penetration testing required. Goes back to client for approval or rejection.
2 weeks before implementation, an upgrade document will be issued detailing changes included in any upgrade and potential impact in the software. Orcuma may need to provide training sessions to key users. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
IBM Cloud (ISO27001 accredited) provide our hosting facilities. They provide automatic hardware upgrades and software patches to their anti malware, anti virus and firewall software packages. We are notified all our changes to our servers. They provide our vulnerability management process on our hosted environment.
Our Technical Director gets weekly regular electronic (email/Twitter) security briefings (and news articles) and will act accordingly and immediately (same calendar day) if a threat is perceived to our software. We perform regular (6 and 12 month) penetration testing using IBM's Appscan programme and will act the same day if a fix is required. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Anti malware and Anti virus software are installed on our servers. Our hosted environment resides in a “DMZ” and controlled by Firewalls to prevent intrusion.
Regular penetration testing also takes place.
There is a protective monitoring script that runs every 30 mins on the server identifying any changes to database structure or file system. We use NESSUS vulnerability scanner to identify any issues requiring attention on the server environment.
Three unsuccessful attempts to login to FIRsT and the user’s account will be locked. When users request a password, we are notified of this action to identify potential "brute-force" hacking attempts. - Incident management type
- Supplier-defined controls
- Incident management approach
-
We have a incident management SLA which stipulates response and resolution times and categorisation. We provide a support helpdesk via email, telephone and Zoho desk to log incidents.
All incidents are logged and tracked. Incidents are routed to the relevant person(s). Once fixed, they record the process/change on our Orcuma FIRsT environment. The fix will then be applied and the user informed. The user will be asked to confirm that the incident is resolved. If yes, the incident is changed to reflect that the fix has been confirmed. If not, the case can be re-opened and updated.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Wellbeing
Fighting climate change
Deliver additional environmental benefits in the performance of the contract including working towards net zero greenhouse gas emissions.
Influence staff, suppliers, customers and communities through the delivery of the contract to support environmental protection and improvement.Covid-19 recovery
Support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.
Support the physical and mental health of people affected by COVID-19, including reducing the demand on health and care services.
Improve workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.Wellbeing
Demonstrate collaboration with users and communities in the codesign and delivery of the contract to support strong integrated communities.
Influence staff, suppliers, customers and communities through the delivery of the contract to support strong, integrated communities.
Demonstrate action to support the health and wellbeing, including physical and mental health, in the contract workforce.
Pricing
- Price
- £450.00 to £450.00 a user a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
-
Signing of our Non Disclosure Agreement for their organisation before accessing our software.
All functionality is included and the trial lasts 30 calendar days. Then the trial accounts are made inactive and locked.
Trial extensions can be granted by discussing with our support team.