Hanlon (SR) Case Management
Modular CRM to track client interventions addressing barriers to progression and helping jobseekers into employment, education and training. Employer engagement and vacancy management. Management of business support, grants, and loans. Community benefit, social value and Section106 monitoring. Manage student work experience programmes. Programme funding management. Programme performance reporting and analysis.
Features
- Web enabled, multi-provider employability tracking system
- Customer registration and e-signature. ESF and GDPR compliant
- Customer assessment, profiling and progression analysis
- Customer referral, intervention tracking and outcomes analysis
- Virtual labour market. Employer engagement, vacancy management and skills matching
- Business enquires tracking and impact analysis
- Real-time, flexible reporting using embedded pivot grids. Statutory reporting
- Public facing web portal, Employability and business development content management
- Community benefit and Section 106 tracking and reporting
- On-line student work experience management
Benefits
- Connects customers, businesses, service providers to everyone's mutual benefit
- Co-ordinate customer services across multiple providers saving time and money.
- Single customer registration reduces frustration and potential errors
- Holistic customer record enables providers to work more collaboratively
- Achieves positive customer outcomes more quickly through safe data sharing
- Bulk email, messaging, mail-merge and SMS for easy contact management.
- Single, shared business record reduces un-necessary, repeated contact
- Centralised, real-time reporting. Quick, easy and comprehensive
- Flexible, simple reporting meets statutory requirements saving time and effort
- Highly configurable data framework fits any programme, value for money
Pricing
£95.00 a user a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 6 0 7 9 4 3 0 2 2 1 7 6 5 5
Contact
Hanlon Software Solutions
Kevin Hanlon
Telephone: 0115 9590077
Email: kevin.hanlon@hanlons.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- No
- System requirements
-
- Broadband, 5G, 4G or 3G internet connectivity
- System administrators require Remote Desktop Connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Response within 1 hour during office hours. Response at weekends is next working day unless special arrangements are agreed.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Onsite support
- Support levels
-
All customers can access the following support functions:
activation of user licences;
access to a helpdesk via email and phone for advice and problem resolution;
remote, on-line support and user training;
help with data management, including bulk data updates and development of ad-hoc reports as and when required;
regular site visits to check on system usage, share best practice, discuss issues and deliver refresher training if necessary;
development and release of new software builds containing bug fixes, enhancements and modifications to meet the requirements of new and existing programmes.
We aim to release at least four new software builds per year. Interim builds may also be released as and when required.
We do not set a limit on the number of helpdesk calls or emails per customer.
All of the above is included in the annual hosting, support and maintenance charge which is based on 17.5% of the system and software module charges or £2,150, whichever is the lower.
Service Level Agreements are available covering our response framework and fault resolution - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide any or all of the following, depending on which are most appropriate to meet the requirements of the customer:
online, context sensitive help on the web forms within the application;
digital user manuals, including a quick guide;
onsite train the trainer;
onsite user training based on user roles - there is a training session for each module in the application - each session lasts a maximum of 4 hours and users can select, or be advised, which sessions are most appropriate for them based on their user role;
remote, online training. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
-
At the outset we agree an exit plan with our customers that includes options for data extraction. These include:
supply of a copy of all data in csv format. The data is structured with master records, for instance client core data, with separate spreadsheets for sub records such as activities and outcomes, linked on the unique master ID, such as Client ID;
continuation of storage of the database on our servers for analysis and reporting purposes only, subject to compliance with GDPR.
Users can select whichever option suits their purposes best. Their decision is generally based upon the length of time beyond the contract end date that they have to report to funders. For ESF programmes, this could be up to 7 years. We have incorporated data redaction facilities in to the application to enable extended reporting periods in order to remain compliant with GDPR. - End-of-contract process
- Customers generally purchase the Hanlon service to meet the requirements of a specific funded programme that has an end date. The end date of the contract for the Hanlon service is generally set to coincide with the end date of the programme. At this point the customer may decide that they have no further need of the service and request their data to be returned. However, many customers decide that the service meets the requirements of other programmes that they are running and therefore seek a contract extension with Hanlon so that they can continue to use the service. Many organisations have used the Hanlon service for over 10 years which has proved to be very cost effective for them.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Web pages within the Hanlon application are developed using Bootstrap 4 and are designed to be responsive. The layout of each page adjusts to fit the size of the user's screen, so the same page renders correctly on both PC / laptop monitors and mobile devices, such as tablets and mobile phones
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 A
- Description of service interface
- The service interface is configurable depending on the user's role. Users access various elements of the solution via a side panel, menus and breadcrumb navigation control. Useful tools are permanently available on a ribbon at the top of each web page. Tabs are used to navigate to sub elements within each page.
- Accessibility standards
- WCAG 2.1 A
- Accessibility testing
- We use Powermapper to test our web pages against level AA of the WCAG 2.1 accessibility standard.
- API
- Yes
- What users can and can't do using the API
-
Users can read data from the system (API v1). Users have read access only and cannot make any changes via the API. Authentication is handled by Hanlon's using generated tokens which can be redacted as required.
The API can be used to export client, enterprise and vacancy data to external systems. In development is a facility to manage the importation of data from external systems. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Customisation of the application is achieved by configuring settings and content within the system. Options include:
amend the data framework to capture the data users require on activities, interventions, outcomes, demographics, barriers to progression, support needs, aspirations and skills - to name just a few;
design the content and layout of client registration forms and assessments;
design employer and opportunity registration forms;
customise business profile options such as sector, size, accreditations and locations;
create personalised user dashboards;
design the content and layout of user reports.
Administrative tools are available within the web and windows sections of the application. The tools enable users to customise the application as described above.
Users are assigned to system roles. Roles can be created with prescribed functionality. System administration is one of the elements of functionality that can be assigned to specified users.
Scaling
- Independence of resources
-
We have built redundancy into our network to ensure applications are not adversely affected by high usage.
Network monitoring software alerts our support team to high CPU / memory usage.
Also, processor intensive functionality, such as real-time embedded pivot grid reports, are firstly queued and then allocated a maximum percentage of server memory rather than being allowed to overload the server.
Long running operations, such as GDPR redactions/deletions are handled by web services.
We closely monitor memory and disc usage and our network can be easily expanded if required.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
History of user log ins.
Date and user who created records in the database.
Email send logs.
Document send logs.
Record search and loading times.
Report and query processing times. - Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
There are two methods to export data:
1. Every type of data within the system is reportable and all reports are exportable. Users can apply criteria to data for reporting purposes so that only the data they wish to see comes back and they can also create their own report layouts. Each report is exportable in a number of formats, such as .PDF, .DOCX and .XLSX.
2. At no additional cost our support team will create ad hoc data extracts to users' specifications. This option is included in our support service - Data export formats
-
- CSV
- ODF
- Other
- Other data export formats
-
- DOCX
- XLSX
- HTML
- Data import formats
-
- CSV
- Other
- Other data import formats
- SQL
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We aim to provide 99.95% service availability. The only exception is planned maintenance scheduled in advance and usually conducted out of normal working hours.
In the unlikely event of us failing to meet the above SLA (in any one month rolling period) the customer will be eligible for a credit. We'll refund 1 day's service fee for every hour that connectivity has been unavailable over the specified SLA, up to a maximum value of one month’s service. - Approach to resilience
-
Our data centre has 1Gbps fibre optic backbone supplied and managed by GTT Communication and there is a separate 100Mbps backup line.
The data centre contains multiple web servers and SQL servers and clients can be moved on to any of these if required.
There are primary and secondary kit options at every potential point of failure.
There is an onsite backup to removable disc facility. Backups are scheduled to run automatically every evening. They operate on a fortnightly schedule, with the current week's backup discs held in a fire-proof safe onsite and the previous week's discs stored securely offsite by Iron Mountain. In addition, we upload all data to UK based MS Azure cloud service overnight. - Outage reporting
-
Service outages are reported by email and a message/notification is also displayed on the web site.
We are in the process of making an outage dashboard available externally.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
MS Asp.Net Identity authentication framework is used to manage access to the web application. Active Directory is used for the Windows (RDP) application.
Two factor authentication is available on request.
Password changes require an access code sent directly from the system via email.
User based privileges manage user access to certain parts of the application based upon the user role.
Security settings are used to manage access to:
specific cohorts of clients, enterprises and vacancies;
specific information on client profiles, interventions and action plans;
documents and document types - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 14/01/2011
- What the ISO/IEC 27001 doesn’t cover
- N/a
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Our information security policies are detailed in our ISMS (Information Security Management System) and constitute the main element of our ISO27001 certification, first achieved in 2011 and most recently re-assessed in November 2021.
Policies cover all elements of information security, including: risk framework, all aspects of assets, patch control, usage policies, staff (recruitment, induction, on-going training and leavers), data handling, documents, physical security, business continuity / disaster recovery.
Our system administrator creates a schedule of security compliance checks at the start of each year and produces a report for the operations director each month.
Our information security policies are reviewed each quarter and updated as necessary.
Staff are trained on their information security responsibilities as part of their induction and undergo refresher training regularly thereafter.
Posters are displayed throughout the offices reminding staff of their responsibilities.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Firstly, Team Foundation Server (TFS) is used to manage the cycle of build development, testing and roll out. TFS allows us to assess and document data security risks associated with each new build.
Both new software developments and infrastructure enhancements are subject to risk analysis prior to implementation. The three elements of
Confidentiality, Integrity and Availability are assessed. The risk plan assesses likelihood and potential impact for each scenario with options for mitigation, before arriving at a decision on whether to proceed. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Firstly, within our BCM we maintain a risk register with impact assessments.
The application is hosted on secure servers behind a Sophos XG 125W firewall.
Atera RMM network monitoring software is deployed on our servers. This reports any issues to our system administrator.
Virus protection on all servers and devices is managed by Bit Defender Gravity Zone Advanced .
Application and network penetration testing is carried out regularly by our own team and once per year by an external, fully accredited company.
Security patches are deployed as soon as they are available, or at least once per week. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Monitoring software is deployed on servers and stand alone machines. An email is automatically sent to the system administrator if potential compromises are identified.
We also perform our own internal tests on a monthly basis. Application testing leading up to the release of a new software build is far more intensive.
External penetration testing is also used to identify potential compromises.
The response to an incident is dependent on its nature, but all would be treated as a priority.
We have a documented Business Continuity Plan available to staff, that provides guidance on how to deal with incidents. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Some incidents are emailed directly by the application to a Helpdesk folder. Users can also report incidents to our Support folder.
Each incident is logged on our ISMS and assigned a status, priority and a support team member.
Users are notified that the incident has been logged and provided with a resolution date/time.
The operations director checks the incident log continuously and ensures deadlines are being met. One of the business KPIs is the response time for incident resolution.
Incident reports are provided on request. We are developing a feature on our web site to allow users to download reports.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
We are very aware of our responsibilities regarding climate change and our impact on the environment. We have implemented policies to reduce our impact, including:
Recycling office waste
Purchasing ethically produced goods and equipment where possible
Reducing staff travel, especially by car, whenever possible - Covid-19 recovery
-
Covid-19 recovery
We were able to ride out the pandemic without the need to access government support funds.
During this time we contributed to the economic recovery by developing the C-19 Jobs portal and making it available to Local Authorities free of charge. This was used to match local residents to local jobs. It is also used to help manage the Kickstart programme.
The business has continued to grow during this period and in the last 9 months we have been able to create for 4 new jobs. - Tackling economic inequality
-
Tackling economic inequality
One of the main objectives of the systems we have developed is tackling economic inequality. Our systems are used by Local Authorities and Third Sector organisations throughout the UK to deliver employability and health & well-being services in some of the most economically and socially deprived areas. Our systems help them to collaborate and focus their services where they are needed most and to report on their achievements to satisfy funding monitoring requirements. - Equal opportunity
-
Equal opportunity
We operate an equal opportunities policy and we hold the Committed to Equality (C2E) accreditation.
Pricing
- Price
- £95.00 a user a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Users can experience the current system build containing demonstration data for up to four users and for up to four weeks. They have unlimited access to the support / helpdesk during this time.
- Link to free trial
- https://hanlondemo.hanlonsonline.co.uk