Skip to main content

Help us improve the Digital Marketplace - send your feedback

Hanlon Software Solutions

Hanlon (SR) Case Management

Modular CRM to track client interventions addressing barriers to progression and helping jobseekers into employment, education and training. Employer engagement and vacancy management. Management of business support, grants, and loans. Community benefit, social value and Section106 monitoring. Manage student work experience programmes. Programme funding management. Programme performance reporting and analysis.

Features

  • Web enabled, multi-provider employability tracking system
  • Customer registration and e-signature. ESF and GDPR compliant
  • Customer assessment, profiling and progression analysis
  • Customer referral, intervention tracking and outcomes analysis
  • Virtual labour market. Employer engagement, vacancy management and skills matching
  • Business enquires tracking and impact analysis
  • Real-time, flexible reporting using embedded pivot grids. Statutory reporting
  • Public facing web portal, Employability and business development content management
  • Community benefit and Section 106 tracking and reporting
  • On-line student work experience management

Benefits

  • Connects customers, businesses, service providers to everyone's mutual benefit
  • Co-ordinate customer services across multiple providers saving time and money.
  • Single customer registration reduces frustration and potential errors
  • Holistic customer record enables providers to work more collaboratively
  • Achieves positive customer outcomes more quickly through safe data sharing
  • Bulk email, messaging, mail-merge and SMS for easy contact management.
  • Single, shared business record reduces un-necessary, repeated contact
  • Centralised, real-time reporting. Quick, easy and comprehensive
  • Flexible, simple reporting meets statutory requirements saving time and effort
  • Highly configurable data framework fits any programme, value for money

Pricing

£95.00 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kevin.hanlon@hanlons.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

5 6 0 7 9 4 3 0 2 2 1 7 6 5 5

Contact

Hanlon Software Solutions Kevin Hanlon
Telephone: 0115 9590077
Email: kevin.hanlon@hanlons.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
No
System requirements
  • Broadband, 5G, 4G or 3G internet connectivity
  • System administrators require Remote Desktop Connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response within 1 hour during office hours. Response at weekends is next working day unless special arrangements are agreed.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Onsite support
Support levels
All customers can access the following support functions:

activation of user licences;
access to a helpdesk via email and phone for advice and problem resolution;
remote, on-line support and user training;
help with data management, including bulk data updates and development of ad-hoc reports as and when required;
regular site visits to check on system usage, share best practice, discuss issues and deliver refresher training if necessary;
development and release of new software builds containing bug fixes, enhancements and modifications to meet the requirements of new and existing programmes.

We aim to release at least four new software builds per year. Interim builds may also be released as and when required.

We do not set a limit on the number of helpdesk calls or emails per customer.

All of the above is included in the annual hosting, support and maintenance charge which is based on 17.5% of the system and software module charges or £2,150, whichever is the lower.

Service Level Agreements are available covering our response framework and fault resolution
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide any or all of the following, depending on which are most appropriate to meet the requirements of the customer:

online, context sensitive help on the web forms within the application;
digital user manuals, including a quick guide;
onsite train the trainer;
onsite user training based on user roles - there is a training session for each module in the application - each session lasts a maximum of 4 hours and users can select, or be advised, which sessions are most appropriate for them based on their user role;
remote, online training.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
At the outset we agree an exit plan with our customers that includes options for data extraction. These include:

supply of a copy of all data in csv format. The data is structured with master records, for instance client core data, with separate spreadsheets for sub records such as activities and outcomes, linked on the unique master ID, such as Client ID;

continuation of storage of the database on our servers for analysis and reporting purposes only, subject to compliance with GDPR.

Users can select whichever option suits their purposes best. Their decision is generally based upon the length of time beyond the contract end date that they have to report to funders. For ESF programmes, this could be up to 7 years. We have incorporated data redaction facilities in to the application to enable extended reporting periods in order to remain compliant with GDPR.
End-of-contract process
Customers generally purchase the Hanlon service to meet the requirements of a specific funded programme that has an end date. The end date of the contract for the Hanlon service is generally set to coincide with the end date of the programme. At this point the customer may decide that they have no further need of the service and request their data to be returned. However, many customers decide that the service meets the requirements of other programmes that they are running and therefore seek a contract extension with Hanlon so that they can continue to use the service. Many organisations have used the Hanlon service for over 10 years which has proved to be very cost effective for them.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Web pages within the Hanlon application are developed using Bootstrap 4 and are designed to be responsive. The layout of each page adjusts to fit the size of the user's screen, so the same page renders correctly on both PC / laptop monitors and mobile devices, such as tablets and mobile phones
Service interface
Yes
User support accessibility
WCAG 2.1 A
Description of service interface
The service interface is configurable depending on the user's role. Users access various elements of the solution via a side panel, menus and breadcrumb navigation control. Useful tools are permanently available on a ribbon at the top of each web page. Tabs are used to navigate to sub elements within each page.
Accessibility standards
WCAG 2.1 A
Accessibility testing
We use Powermapper to test our web pages against level AA of the WCAG 2.1 accessibility standard.
API
Yes
What users can and can't do using the API
Users can read data from the system (API v1). Users have read access only and cannot make any changes via the API. Authentication is handled by Hanlon's using generated tokens which can be redacted as required.

The API can be used to export client, enterprise and vacancy data to external systems. In development is a facility to manage the importation of data from external systems.
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customisation of the application is achieved by configuring settings and content within the system. Options include:

amend the data framework to capture the data users require on activities, interventions, outcomes, demographics, barriers to progression, support needs, aspirations and skills - to name just a few;

design the content and layout of client registration forms and assessments;

design employer and opportunity registration forms;

customise business profile options such as sector, size, accreditations and locations;

create personalised user dashboards;

design the content and layout of user reports.

Administrative tools are available within the web and windows sections of the application. The tools enable users to customise the application as described above.

Users are assigned to system roles. Roles can be created with prescribed functionality. System administration is one of the elements of functionality that can be assigned to specified users.

Scaling

Independence of resources
We have built redundancy into our network to ensure applications are not adversely affected by high usage.
Network monitoring software alerts our support team to high CPU / memory usage.
Also, processor intensive functionality, such as real-time embedded pivot grid reports, are firstly queued and then allocated a maximum percentage of server memory rather than being allowed to overload the server.
Long running operations, such as GDPR redactions/deletions are handled by web services.
We closely monitor memory and disc usage and our network can be easily expanded if required.

Analytics

Service usage metrics
Yes
Metrics types
History of user log ins.
Date and user who created records in the database.
Email send logs.
Document send logs.
Record search and loading times.
Report and query processing times.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There are two methods to export data:
1. Every type of data within the system is reportable and all reports are exportable. Users can apply criteria to data for reporting purposes so that only the data they wish to see comes back and they can also create their own report layouts. Each report is exportable in a number of formats, such as .PDF, .DOCX and .XLSX.
2. At no additional cost our support team will create ad hoc data extracts to users' specifications. This option is included in our support service
Data export formats
  • CSV
  • ODF
  • Other
Other data export formats
  • PDF
  • DOCX
  • XLSX
  • HTML
Data import formats
  • CSV
  • Other
Other data import formats
SQL

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We aim to provide 99.95% service availability. The only exception is planned maintenance scheduled in advance and usually conducted out of normal working hours.

In the unlikely event of us failing to meet the above SLA (in any one month rolling period) the customer will be eligible for a credit. We'll refund 1 day's service fee for every hour that connectivity has been unavailable over the specified SLA, up to a maximum value of one month’s service.
Approach to resilience
Our data centre has 1Gbps fibre optic backbone supplied and managed by GTT Communication and there is a separate 100Mbps backup line.

The data centre contains multiple web servers and SQL servers and clients can be moved on to any of these if required.

There are primary and secondary kit options at every potential point of failure.

There is an onsite backup to removable disc facility. Backups are scheduled to run automatically every evening. They operate on a fortnightly schedule, with the current week's backup discs held in a fire-proof safe onsite and the previous week's discs stored securely offsite by Iron Mountain. In addition, we upload all data to UK based MS Azure cloud service overnight.
Outage reporting
Service outages are reported by email and a message/notification is also displayed on the web site.

We are in the process of making an outage dashboard available externally.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
MS Asp.Net Identity authentication framework is used to manage access to the web application. Active Directory is used for the Windows (RDP) application.
Two factor authentication is available on request.
Password changes require an access code sent directly from the system via email.
User based privileges manage user access to certain parts of the application based upon the user role.
Security settings are used to manage access to:
specific cohorts of clients, enterprises and vacancies;
specific information on client profiles, interventions and action plans;
documents and document types
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
14/01/2011
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our information security policies are detailed in our ISMS (Information Security Management System) and constitute the main element of our ISO27001 certification, first achieved in 2011 and most recently re-assessed in November 2021.

Policies cover all elements of information security, including: risk framework, all aspects of assets, patch control, usage policies, staff (recruitment, induction, on-going training and leavers), data handling, documents, physical security, business continuity / disaster recovery.

Our system administrator creates a schedule of security compliance checks at the start of each year and produces a report for the operations director each month.

Our information security policies are reviewed each quarter and updated as necessary.

Staff are trained on their information security responsibilities as part of their induction and undergo refresher training regularly thereafter.

Posters are displayed throughout the offices reminding staff of their responsibilities.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Firstly, Team Foundation Server (TFS) is used to manage the cycle of build development, testing and roll out. TFS allows us to assess and document data security risks associated with each new build.

Both new software developments and infrastructure enhancements are subject to risk analysis prior to implementation. The three elements of
Confidentiality, Integrity and Availability are assessed. The risk plan assesses likelihood and potential impact for each scenario with options for mitigation, before arriving at a decision on whether to proceed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Firstly, within our BCM we maintain a risk register with impact assessments.

The application is hosted on secure servers behind a Sophos XG 125W firewall.

Atera RMM network monitoring software is deployed on our servers. This reports any issues to our system administrator.

Virus protection on all servers and devices is managed by Bit Defender Gravity Zone Advanced .

Application and network penetration testing is carried out regularly by our own team and once per year by an external, fully accredited company.

Security patches are deployed as soon as they are available, or at least once per week.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring software is deployed on servers and stand alone machines. An email is automatically sent to the system administrator if potential compromises are identified.

We also perform our own internal tests on a monthly basis. Application testing leading up to the release of a new software build is far more intensive.

External penetration testing is also used to identify potential compromises.

The response to an incident is dependent on its nature, but all would be treated as a priority.

We have a documented Business Continuity Plan available to staff, that provides guidance on how to deal with incidents.
Incident management type
Supplier-defined controls
Incident management approach
Some incidents are emailed directly by the application to a Helpdesk folder. Users can also report incidents to our Support folder.

Each incident is logged on our ISMS and assigned a status, priority and a support team member.

Users are notified that the incident has been logged and provided with a resolution date/time.

The operations director checks the incident log continuously and ensures deadlines are being met. One of the business KPIs is the response time for incident resolution.

Incident reports are provided on request. We are developing a feature on our web site to allow users to download reports.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

We are very aware of our responsibilities regarding climate change and our impact on the environment. We have implemented policies to reduce our impact, including:

Recycling office waste
Purchasing ethically produced goods and equipment where possible
Reducing staff travel, especially by car, whenever possible
Covid-19 recovery

Covid-19 recovery

We were able to ride out the pandemic without the need to access government support funds.

During this time we contributed to the economic recovery by developing the C-19 Jobs portal and making it available to Local Authorities free of charge. This was used to match local residents to local jobs. It is also used to help manage the Kickstart programme.

The business has continued to grow during this period and in the last 9 months we have been able to create for 4 new jobs.
Tackling economic inequality

Tackling economic inequality

One of the main objectives of the systems we have developed is tackling economic inequality. Our systems are used by Local Authorities and Third Sector organisations throughout the UK to deliver employability and health & well-being services in some of the most economically and socially deprived areas. Our systems help them to collaborate and focus their services where they are needed most and to report on their achievements to satisfy funding monitoring requirements.
Equal opportunity

Equal opportunity

We operate an equal opportunities policy and we hold the Committed to Equality (C2E) accreditation.

Pricing

Price
£95.00 a user a year
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Users can experience the current system build containing demonstration data for up to four users and for up to four weeks. They have unlimited access to the support / helpdesk during this time.
Link to free trial
https://hanlondemo.hanlonsonline.co.uk

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kevin.hanlon@hanlons.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.