Arbor Education Partners Ltd.

Arbor Management Information System for Secondary Schools

Arbor MIS is the hassle-free way for secondary schools to get work done. With Arbor you can easily manage your school's essential daily admin, record important student information, create intuitive reports and act on everything important, fast - so you and your staff can focus on what matters most.

Features

• Statutory records and reporting for primaries, secondaries, and special schools
• Progress Tracking: formative tracking and summative reporting against any curriculum
• Parent/Student Portals: real-time views of performance, homework, attendance & more
• SMS, App, letters and Email: personalise templates and automate communications
• Classroom Management: create flexible seating plans, manage behaviour, and more
• Behaviour: Record, reward and report on behaviour
• Interventions: linked to performance, so that impact can be tracked
• Examinations: Fully compliant exam management that automates repetitive tasks
• Extra-curricular: Easily schedule activities & link to consents and payments
• Group Analytics and MIS: take action across a group

Benefits

• Track behaviour, attendance, progress & more from one integrated platform
• Get simple, smart, at-a-glance overviews of key performance measures
• Codify school policies and help teachers apply them consistently
• 92% of users report that Arbor saves them time
• 81% say Arbor improves their analysis and understanding of data
• 92% say Arbor has transformed the way their school works
• Automate your tasks and communications using intuitive templates
• Improve behaviour with better monitoring and communication
• Improve parental engagement with online portals and the Arbor App
• Group MIS allows remote leadership to view performance and act

£1,500 to £25,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@arbor-education.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

568800202080950

Contact

Phillippa De'Ath
0208 050 1028
bids@arbor-education.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
• Service constraints: We recommend users work in the Chrome or Microsoft Edge browsers, with a minimum internet bandwidth of 2MB, but there are no known hardware constraints.
• System requirements:
  • Recommended browser: Chrome or Microsoft Edge
  • Recommended internet bandwidth: 2MB

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We aim to respond to users as quickly as possible when queries come in. Our email and phone lines are staffed 8-5, Monday-Friday by a team of experienced analysts. ; ; Our Service Level Agreement (the maximum time we would ever expect to take) for responding to urgent queries is 1 working hour, rising to 24 for low priority queries.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: We have a dedicated engineering team that works specifically on front-end user experience and managing our accessibility of Arbor for our users, including the support areas of the site. They have tested a number of assistive technologies with the site over the past year of development such as keyboard controls and colourblind browser settings.
• Onsite support: Onsite support
• Support levels: Secondary schools have a dedicated Project Manager who will support their migration, training and needs at key points through their first term. They will run kick-off calls, provide instructions, and help you run your data checks and practice migrations, in addition to the usual email and phone support. After your MIS is fully embedded in the school, your Project Manager will hand you over to your Account Manager who will look after you for the rest of your time with Arbor. ; ; Project Management is priced at £2,500, which is a one off cost for implementation. Account Management is included in the licence for the rest of your contract.; ; Further in-person training can be provided for up to £650 per day. Further training and options are outlined in our Pricing document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: When secondary schools sign up to Arbor, they’ll be scheduled to meet their Project Manager via web conference to plan their data migration, training and implementation. Your Project Manager will run a practice migration with you to check your data is behaving as expected prior to the final migration. Data migration instructions will be sent to the school depending on their current MIS, usually on a Friday afternoon following final registration. Pre-Launch webinar training will be provided. ; ; Thereafter, for the first term we will check in with you regularly to understand the project status, implementation and answer any questions. Further Post-Launch training is usually provided once users have got going, for more detailed system areas such as custom report building, progress tracking or Trust-wide administration for MATs. ; ; You will have access to our online learning as soon as you sign, and when any user logs in for the first time the system intelligently gives them a tour of the site and the key features they'll need. All help documentation can be accessed online via the application, and is also searchable without logging in to Arbor. Documentation includes videos, product gifs and written instructions.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Searchable Help Centre website
  • Video introductions & guides
  • Live webinars with a library of prior webinars
  • In-app walkthroughs and information
• End-of-contract data extraction: Data processed in Arbor will always be owned by the school. Data can be removed from Arbor in the following ways:; ; • As reports using the Custom Report Writer which can then be exported in Excel, CSV, PDF, Word or XML.; • As Common Transfer Files (CTFs) containing all basic student data.; • As downloaded files that match their upload format e.g. pictures added to profiles, PDFs added to medical records.; • Through an Arbor Standard Migration Export, which exports all essential data in .csv format.; • Using Arbor’s full open RESTful API, all fields in Arbor can be exported to another MIS or similar application - full detail of the Arbor API can be found at https://developers.arbor-education.com.
• End-of-contract process: The Arbor standard license agreement covers support, hosting, upgrades, maintenance, and software license for the selected tier of MIS. It is a rolling 12 month contract. ; ; Should the institution wish to fully terminate their service after the Initial Licence Period for that service, including the deletion of all historic data processed by the service, free or otherwise, it must give 30 days’ notice in writing to Arbor’s registered address that complete deletion of data is required. There will then be a 60 day countdown period during which time the institution can extract their data, before the MIS is switched off.; ; Access to an Arbor site will cease on the contract end date. After the contract end date we are no longer the appointed Data Processor, and in line with the General Data Protection Regulation (EU) 2016/679, the data will be permanently deleted after 30 days.; ; If the institution have not extracted their data after the contract end date, they can request access to export their data for a further 48 hours. This is possible up to 30 days after the end date, after which time data is permanently deleted. There is an administration fee of £500 (+VAT) for this extension.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The Arbor Parent App allows parents to access their Parent Portal on Android or iOS, so they can make payments, receive push notifications from the school, arrange clubs, trips and parents evenings, update their children's data, and more. ; ; The MIS user interface is also reactive meaning it can be accessed through the browser of a phone or tablet as you would do on a computer. This allows e.g. students to access their Student Portal from their phone, or teachers to view class information and seating plans to take the register.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Our user interface is clear and accessible, with colour coding and all displays carefully considered to ensure a consistent user experience across the site. Graphs, callouts, and slideovers break up the screen to introduce significant information in engaging ways, according to a standard set of design guidelines. ; ; By creating a consistent and attractive user experience, we can guarantee the meaning of each component is clear and memorable. Experienced users can guess how to find and use data on any page, even if they have not been to that particular area of the site before.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Arbor is used by over 80 special and alternative provision schools across the country, and by students, parents, and staff experiencing a range of special needs and disabilities. We regularly collect feedback from all users, including schools and users with additional needs. Accordingly, our interface is customisable through browser-based accessibility controls. We recommend Google Chrome for the best range of accessibility controls and plugins, such as their high contrast, colourblind, and greyscale modes.
• API: Yes
• What users can and can't do using the API: Arbor's full REST and GraphQL APIs allow you to integrate your app and reach our entire network of schools with your product or service. Integrating with Arbor is completely free, and we provide full developer documentation and Software Developer Kits to help you get started. Once we’ve vetted an app, they can become an Arbor approved partner. We can migrate app data from a previous MIS to sync with Arbor, maintaining historic data records.; ; The Developer Portal is the first place to find answers to technical queries relating to Arbor’s open, REST and GraphQL APIs. We also partner with Wonde, Groupcall and Zinet to maintain a simpler interface to the API to allow app developers to read and write to the Arbor database. ; ; There are no operating system or database constraints, but Arbor reserves the right to rescind access by third parties if the API is misused. Access to the API is granted by school administrators only; no third party will be able to access a school's Arbor-stored data unless we have been given the explicit, written consent of the data controller in that school.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Arbor is a highly customisable system which will be set up to match school priorities. During implementation, we will work with you on each of our customisable features to make sure their languages and processes work best for you and your goals. Schools using our Core MIS will also be able to have any modules from our higher value packages in their system for a set fee, allowing them to mix and match the right MIS for them.; ; Workflows: customisable for behaviour, progress tracking and intervention management; ; Curriculum: any curriculum can be imported and tracked against; ; Assessment frameworks: can be set up in limitless ways; ; Custom Report builder: any data fields can be pulled into custom reports that can be read within the application or exported to Excel, Word, Google Docs, XML or Excel/GDoc live feed. ; ; Users can customise based on role: usually school administrators will set up and push out workflows or assessment features to their own schools.

Scaling

• Independence of resources: 1. Architecture is housed in a private firewalled network, within which we operate a strict single-tenanted database model. ; ; 2. Dynamically-sized worker pool ; Amazon EC2 instance optimised for high memory and data storage.; ; 3. Massively Parallel Analytics Engine; The dynamic worker pool is combined with a job server to allow large, complex querying of datasets, with results returned in real-time.; ; 4. Dynamically-sized web instance pool; Amazon instance optimised for high CPU power analytics.; ; 5.Elastic load balancer; Uses Amazon’s Elastic Load Balancer to reroute traffic across multiple instances.

Analytics

• Service usage metrics: Yes
• Metrics types: Feature usage: ; - Monitored by Arbor support analysts to evaluate training needs.; - Monitored by Product Managers to identify feature adoption issues and to improve usability. ; ; Guardian usage:; - Adoption metrics are available to Arbor school administrators to identify engaged parents and to automate follow ups to those who have not used the system.; ; Staff usage:; - The 'Users and Security' feature shows MIS login history in the past thirty days, the last login date of each user, and the access permissions users have.; - Each staff page has a 'System Engagement' section that shows their individual service usage.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported from Arbor as: ; • CTF (common transfer files); • XML (e.g. for Census) ; • Excel; • Word; • .csv ; • via the API ; • via secure Live Feed (e.g. to Microsoft PowerBI; • as pre-built extracts (e.g. for London Grid for Learning); ; All of our features have suggested exports designed around their function; for example, a student's full record can be downloaded as a PDF from a single button on their profile page.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • CTF
  • ATF
  • Read from the Arbor API
  • Word
  • PDF
  • XML
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • CTF
  • ATF
  • Excel
  • XML
  • Write back to the Arbor API

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: From our standard terms and conditions: ; ; We will use our reasonable endeavours to maximise uptime, and ensure that the System is available least 99% of the time during each year, excluding (i) any of our or our subcontractors' maintenance downtime, (ii) a failure between the Institution's computer(s) and the internet; (iii) factors outside of our reasonable control; (iv) the Institution's action or inaction, or any action or inaction of the Users or the Institution's other suppliers.; ; No refunds are provided if this level is not met.
• Approach to resilience: Our datacentre, hosted by Amazon Web Services in London, is resilient and certified ISO 27001, ISO 27017 and ISO 27018 compliant. ; ; Architecture is housed in a private firewalled network to reduce external access and increase security. Instances are recycled daily to reduce the risk of data being compromised; servers are patched continuously to reduce security vulnerabilities.; ; Further information is available on request.
• Outage reporting: By email alerts to Arbor users, or our online status page.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: System Access: Access is granted to various business systems based on defined Access Control Policy. We conduct regular Access Control reviews. We maintain a test/demo system that minimises the need for support access to production systems.; ; Server Access: We adopt a Development and Cryptographic Policy which restricts server access to production servers only to DevOps engineers, using SSH keys managed via an LDAP server which are additionally password protected.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 24/03/2021
• What the ISO/IEC 27001 doesn’t cover: The certification covers all Arbor services and locations. Accreditation was first gained in 2017 via LRQA - it is renewed annually.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • IASME & Cyber Essentials
  • DfE Cloud Suppliers Checklist
  • Annual penetration tests

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: • IASME & Cyber Essentials certification; • DfE Cloud Suppliers Checklist
• Information security policies and processes: Arbor protects the data we store with a comprehensive Information Security Management System, audited annually for our ISO27001 certification. This system is governed by an Information Security Management Committee consisting of senior management across various business areas.; ; Arbor senior management actively supports information security within the organisation through clear direction, demonstrated commitment, and acknowledgment of information security responsibilities. The committee is ultimately responsible for:; •Reviewing and approving information security policy and objectives; •Providing clear direction and visible management support for security initiatives ; •Providing the resources needed for information security ; •Initiating programmes to maintain information security awareness; •Adopting a best-practice approach to information risk management and ensuring implementation of appropriate information security controls; •Promoting the regular review and continual improvement of information security; ; Physical security is maintained by formal inspections, risk assessments, and access control at every Arbor office. Access to Arbor locations is restricted with secure keys, CCTV, 24/7 security personnel and secure perimeter doors. ; ; Data security is maintained by our staff’s awareness training, personal vigilance, and a number of digital safeguards including regular password changes and two-factor authentication. Data is stored centrally rather than on any one device, making it easy to give and revoke permissions to different users.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All systems are configured using SaltStack. No changes are ever made to live server configurations (we operate with immutable servers). Salt allows us to define the end state of the system declaratively in salt state files which are version controlled. This means that any changes to the configuration of servers leave an audit trail. It also means that all configuration can be tested in our staging environment and repeated deterministically. All changes are assessed by the Head of Technical Security Operations before being approved.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Assessing: We run a monthly Security Committee to assess potential threats to our services. In addition, there is a quarterly Management Information Security Review to ensure effectiveness of the information security management system. A dedicated DevOps team subscribes to relevant security briefings and assesses the risk on a daily basis. We commission external penetration tests at least once per year.; ; Patching: All systems are configured to download and install security updates nightly, and the installed updates are checked via a centralized log.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring: All changes to any data records are kept in an Audit Log. All errors are logged to a centralized error reporting system and investigated by relevant engineering teams. All user activity, page requests, system and server logs are aggregated in a centralized log. All services are continually monitored into a centralized system.; ; Identification: Automatic alerts are sent to DevOps/engineers whenever breaches/errors are identified.; ; Response: Incidents are assessed and classified. Serious incidents are reported to the CTO and our Incident Response Policy is followed to completion (48 hours). Minor incidents are resolved by individual teams (14 days).
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The security incident response plan aligns with the SANS Identification step and is about making use of a robust detection and reporting capability. Early visibility of incidents facilitates quick decision making and rapid action. Potential security incidents can be detected and reported from a number of different sources, such as:; Arbor employees.; Arbor customers.; Arbor business partners.; Other external sources such as Law Enforcement Agencies.; System logs.; ; For non-system reporting our support line can be contacted to report a perceived security event or security weakness.; ; Security related incidents are centrally recorded using an Incident Log.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We set environmental objectives based on the significant environmental aspects identified within the business, and allocate sufficient management resources to ensure effective implementation of the policy. ; ; In particular, we will:; ; • Comply with all relevant existing environmental legislation and other requirements; • Minimise travel - all internal and external meetings are assumed to be virtual as a default; • Reduce harmful emissions wherever practicable - our data centre is committed to becoming carbo neutral through renewable energy supplies; • Seek to reduce consumption of materials in our operations and promote recycling and the use of recycled goods in all office locations; • Manage energy and water usage wisely in all our operations; • Incorporate environmental considerations into the procurement of goods and services; ; Arbor is committed to the prevention of pollution and will work to minimise the impact of its operations through a continuous improvement program. We perform periodic audits of our activities to ensure compliance with company requirements, legislation and policy requirements.; ; Having such a large degree of information available to the right users in live web pages instead of in reporting systems reduces the desktop processing power needed and also discourages printing, leading most Arbor schools to save on paper and help the environment as well.
• Covid-19 recovery:

  Covid-19 recovery

  Arbor has significantly contributed to Covid-19 recovery in our schools and will continue to do so. From the beginning of the pandemic, when we developed a reporting dashboard within a week to automatically collate the data required for the government's submission form, to now where our tools are helping schools to uncover and close progress gaps. Schools work better when they have access to a shared workspace - something that’s become all the more important in a post-Covid world. ; ; In our customers own words:; ; "I dread to think what we'd have done without Arbor. From a systems development perspective, it was impressive. Compared to our old MIS, it’s so refreshing to see that constantly evolving product and genuine commitment to getting things done quickly if it can make a really big impact. We’ve carried on things like virtual parents evenings - I couldn’t believe how easy it was to integrate Arbor to a third party. It's great to think, there's probably a better way to do this and Arbor can help. Our experience has been that Arbor listen. You never, never thought that before - there was no point asking for anything from our old MIS. You can't really knock it. "; – Deputy Headteacher at Droitwich Spa High School; ; We also have helped to minimise transmission by moving to a virtual-first policy with all of our training and meetings, which of course also helps with travel costs and carbon emissions.
• Tackling economic inequality:

  Tackling economic inequality

  Arbor contributes to the UK economy by creating on average over 65 new jobs a year in England. We contribute to further quality job creation in the growing area of cloud software engineering and support through our partner ecosystem of 136 partner companies including many small businesses (SMEs). ; ; We are committed to closing gaps of economic inequality with both our product and our internal processes. Our software is designed to help time-strapped schools identify gaps in learning across their student body and provide a quality education for their students to found future careers on. Our hiring process internally has no specific degree requirements, instead being based on aptitude and experience. We are also beginning an internship program this summer to give students real projects and experience in a SAAS environment.
• Equal opportunity:

  Equal opportunity

  Arbor is proud of its majority-female management team, but know we can always do more to improve access. The MIS Division CEO leads the Equality and Diversity committee, made up of employees from all different areas of the company, and we conduct diversity surveys regularly to better understand how we can improve diversity of background and mind across all teams and levels of employment. The results of these surveys are covered in company-wide meetings and published on our Careers site to keep us accountable.; ; The committee provides open sessions for all employees on social issues like disability, sexuality and gender, race, and career status. They are also responsible for running projects to keep our software accessible and equitable to every person whose data it manages, for example in our recent improvements to keyboard navigation and color blindness compatibility.
• Wellbeing:

  Wellbeing

  Arbor has a Wellbeing Committee internally that runs regular wellbeing events and surveys to manage stress and make sure our employees feel valued. We encourage schools to do the same, and provide tools for checking in on staff wellbeing such as the performance review module that helps them to set clear goals for their career, and the cover module that shows administrators which teachers have born the brunt of absences for the term before they assign them any more. We know these tools work too, as 92% of users tell us that Arbor helps them to save time in comparison with their previous system.

Pricing

• Price: £1,500 to £25,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer free usage for schools with existing MIS licences who need to move before their current licence expires, to ensure that they don't pay for two systems at once. This is referred to in their contract as a free prep period and covers the Arbor Core package.
• Link to free trial: https://login.arbor.sc/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bids@arbor-education.com. Tell them what format you need. It will help if you say what assistive technology you use.