eGov Solutions LTD

Children in Need Personal Education Plan (CIN-PEP)

Children in Need Personal Education Plan. We offer a fully managed data collection & monitoring service for Local Authorities to help safeguard and improve the outcomes for Vulnerable Children. Cohorts include Children in Need (CIN), Child-Protection (CP) plans and Children with a EHCP. Extension to our cloud-based platform ePEP Online.

Features

• CIN PEP Cloud-based secure platform accessible 24/7.
• Young Persons secure portal (voice of the young person).
• Parent & Carers portal for shared vulnerability alerts and notifications.
• Impacted Tracker for educational measuring and funding progress.
• Online Case Management / Overall CIN Plan and Safeguard Record.
• Attainment Collection module including including academic flight paths.
• Attendance Collection and monitoring / Push-Pull database connectivity.
• Bespoke Report Builder & Analytic Dashboard for Real-time reporting.
• Developmental target recording including threshold alerts and notifications.
• On-going provision & discussion mapping for online supervision.

Benefits

• Secure online application to monitor educational outcomes for CIN.
• Young Persons secure environment for recording events and providing feedback.
• Improved attainment & attendance monitoring and data accountably.
• Enhancing communication and data sharing with supporting professionals.
• Automatic threshold and vulnerability alerts for improved safeguarding.
• Internal Virtual School Case Note facility for greater communication.
• Reduced administration with clearly defined rolls and responsibilities.
• Customisable privilege and control panel settings for total policy control.
• Individual school/provider attendance dashboard for clear report visualisation.
• Attendance collection and monitoring service reducing outsourced costs.

£19.50 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.daniels@egov.uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

571256689822302

Contact

Gary Daniels
0333 772 0944
gary.daniels@egov.uk.com

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: EPEP Online for Looked After Children also provided by eGOV Solutions.
• Cloud deployment model: Private cloud
• Service constraints: N/A
• System requirements:
  • Internet access
  • Connection through a current supported internet browser
  • Individual corporate email address

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24/7 - 365 days support log facility normally 60 minute resolution. ; ; Priority 1: The entire system is completely inaccessible - response within one to two business hours. ; ; Priority 2: Operation of the system is severely degraded, or major components are not operational and work cannot reasonably continue - response to within two business hours.; ; Priority 3: Certain non-essential features of the system are impaired while most major components remain functional. - response within 12 business hours. ; ; Priority 4: Change requests or issues that are cosmetic and/or have little or no impact of the Services. - response within 24 business hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each authority will be allocated with a individual relationship account manager, for first line support and specialist advice. We provided all our customers with the same high quality level of support and aftercare. EGOV Solutions Ltd offers both customer service and technical support via online training, termly webinars, online training videos, user documentation and dedicated telephone support. We also arrange and host regular National CIN workshops with other authorities using the service. This provides the opportunity to deploy developments and share best practice. Our technical team will take full responsibility for the configuration, maintenance, updates and support for the hosted CIN Cloud Platform. EGOV Solutions will provide onsite reviews every 6 months to guarantee customer satisfaction of our service/software.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: EGOV Solutions provides an initial kickstart meeting to discuss the clients requirements and demonstration. All professionals will be offered onsite training, access to video training as well as online training material. Professionals have access to user documentation, online webinars, and if necessary one2one training online with a dedicated eGOV support specialist. We will work closely with the Virtual School and key staff to bespoke the (Advisory) CIN PEP fields and features. Once the platform has been agreed we will provided a testing environment which is vital to establish a successful delivery. Every authority is allocated with a dedicated account manager for tweaking ongoing changers and to review each stage of rolling out the service to schools and social workers. User documentation and online training material can be easily distributed using our eGOV broadcast facility by Virtual School administrators. Our company experience and knowledge with rolling out cloud platforms will guarantee a successful and smooth transition from paper or different electronic application. We will also include ongoing Report Builder training for self bespoke reports and data mining. Administrators will be trained on how to use the Virtual School Dashboard looking for patterns in large cohorts and at a child individual level.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: All data is returned to the client by secure encrypted data transfer in a readable and useful format. On official request by the client we will hard delete all data and ensure this is destroyed in line with GDPR guidelines.
• End-of-contract process: End of contract life exit will be discussed and agreed with the client to ensure that all statutory obligations are undertaken. Depending on the level of additional work and timeframe required there may be additional charges made to cover the technical involvement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Scaleability of the eGOV platform has been designed and developed to fit mobile devices and smart devices. The service has also been developed as a direct APP with no differences to the service specification or requirements.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: CIN administration control panel allows users to maintain and manage their own account CORE details including password resets and the ability to change their rememberable duel layer security question. Users can also access the CIN PEP support log and broadcast facility.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The CIN PEP interface is tested with assistive technology for visual impairments (reversed colours, high contrast, grey-scale etc) as well as screen readers and Makaton keyboard compatibility. Our technical team have a suite of tools to identify accessibility issues as code is produced.
• API: Yes
• What users can and can't do using the API: Our technical team will provide documentation on how to connect to our eGOV API this will involve instructions on how to use the service and the rules of engagement. CORE data can be changed using our RESTful API with Laravel and PHP. We currently limit changes to the CORE data only for new children in and out of care.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The secure platform can be uniquely customised using the CIN PEP administration tools if you have access rights as a CIN administrator. We will provide training on how to make CIN PEP feature changes, add additional sections, change questions, modify lookup tables and drop down menus. We will work closely with the client to ensure we meet all requirements and expectations. Our technical will develop additional sections/forms and also adapt current modules on request. We have a broad range of standard features which we are continually developing with other authorities to ensure the application is accommodating for the changing environment. We offer bespoke self service reporting and Virtual School analytics using the CIN Report Builder, plus the option to request additional custom reports on request. The secure platform enables the Virtual Schools to communicate within the internal Case Note facility for each Child in Need. Notifications and alerts will automatically be sent to all supporting professionals on request.

Scaling

• Independence of resources: High redundancy, auto load balancing and scalable bandwidth on demand. We monitor server performance and ensure high redundancy to deliver a fast service for users 24/7. Automatic load balancing enables 100% speed and scaleability of service guarantee for all clients on our dedicated servers. Typical load times for reports are 2 to 3 seconds.

Analytics

• Service usage metrics: Yes
• Metrics types: System usage and performance statistics, database reporting including self service activity logs for user accountability, additional bespoke reports on request.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users have multiple options when exporting data out of VPEP from using our bespoke self report builder, historical VPEP data, attendance data, attainment collection data including documents and images. Exports can be filtered to different formats before downloaded i.e csv, xlsx and pdf.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • PDF
  • PNG
  • JPEG
  • DOCX
  • EXCEL
  • TSV
  • SPSS
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XLSX
  • TVS
  • HTML
  • ODS
  • XLS

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Egress secure email transfer.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We can guarantee a network connectivity SLA level of 99.9 % uptime/availability results in the following periods of allowed downtime/unavailability: Daily: 1m 26s Weekly: 10m 4s Monthly: 43m 49s Yearly: 8h 45m 56s. This is to allow for service security updates and full data backups scheduled from 00.01 every day. This allows us to guarantee 100% network connectivity and availability in normal day time and extended working hours. We will refund the client one months total costs if service is disrupted without a 3 minute response and resolution.
• Approach to resilience: The VPEP infrastructure is built on AWS Cloud which provides multiple physically separated and Isolated data centres providing high availability and highly redundant networking. Load balanced environment with scalable bandwidth on demand. All communications run inside our VPN that is protected by a strict system of Firewall rules. The backup system is managed in different ways: Hourly snapshots: copies of application servers and databases are automatically generated, creating a fast and secure restore point. The database failure system is fully automatic and does not require administrative intervention. Individual: a backup script is scheduled hourly to generate an individual file for each client, allowing quick access to restore or analyse data without affecting other clients.; The data is stored in the AWS S3 storage service with high levels of durability and availability. External: all backup files are mirrored on a storage service with a different data centre in the UK to guarantee 99.9% uptime and secure storage disaster recovery.
• Outage reporting: Outage reporting is automatically measured and monitored with the AWS data centre. Cloud performance, usage meters, availability alerts, triggers and notifications are immediately emailed to our internal technical team and actioned accordingly. We provide the client with access to their own performance dashboard and included them into alerts with a chosen designated security office.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: All users must authenticate and verify their individual email address and password. Once verified they need to complete specific characters from a memorable word at a ISO/IEC 27034 standard. Failed results will be blocked after 3 attempts and will be recored/alerted to the client and the CIN support team. The user would need to contact the national CIN help number 24/7 to request and lift restrictions with additional verification.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 12/10/2016
• What the ISO/IEC 27001 doesn’t cover: Cover does not extend outside of the hosted environment.
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 01/02/2020
• CSA STAR certification level: Level 3: CSA STAR Certification
• What the CSA STAR doesn’t cover: Cover does not extend outside of the hosted environment.
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials (Plus)
  • Business Continuity Management ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus accredited
• Information security policies and processes: We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities. Risks raised through internal and external audits are reviewed at management meetings by our information security manager and head of business. We design and implement a comprehensive suite of information security controls and other forms of risk management to address possible security risks to new and existing eGOV developments and services. We continually review and update our security policies inline with ISO/IEC 27001:2013 security management standards. We are ICO registered, Cyber Essentials Plus accredited following legislation: DATA Protection Act (2018)/GDPR, Freedom of Information Act 2000, The Computer Misuse Act (1990) and Business Continuity Management ISO 9001:2015 / 27001. ; ; Certification can be provided on request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes are checked before implementation by the technical team then the technical lead within a secure testing environment. Following the ITSM framework guidelines all version control, code changes are ticket logged, itemised and timestamped. All code branch changes are recorded and linked to each developer for accountability. Code is then automatically checked using GitLab CI/CD and then finally checked and signed off by senior level 3 developer before pushing to the live environment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We monitor a variety of sources including the National Vulnerabilities Database for new software vulnerabilities and vulnerability reports. The CIN application undergoes internally and/or externally conducted penetration testing. New vulnerabilities are risk assessed and deployed to the live environment accordingly. Security risks can be actioned in less than one hour.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We identify potential compromises and risks through using Anti-Virus software alerts configured to email triggers and notifications to our technical team and security officer. Technical availability is provided 24/7 365 day a year to ensure full detection protection is guaranteed. Once any compromise is detected a remedy is immediately implemented and timestamped, logged, followed by a risk assessment including the client.
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined processes for common events detailed within our company security procedures. Incidents are reported by telephone, secure email, live support log and are all automatically allocated with a unique ID. Technical support monitor and receive support ID alerts 24/7 and will set the level of priority agreed by the client. All security incidents are actioned immediately by our security officer. We follow legal guidelines for everything else, most common events are responded, resolved within 1 hour. Incident reports are provided and discussed with the client at each review meeting, the client can access this report within the portal.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  We increase the representation of disabled people in the contract workforce. We Support disabled people in developing new skills relevant to the contract including through training schemes that result in recognised qualifications. We Influence our staff, suppliers, customers and communities through the delivery of the contract to support disabled people. We also tackle workforce inequality in employment, supporting skills and pay in the contract workforce. We support work progression to help people, including those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract

  Wellbeing

  We support the health and wellbeing, including physical and mental health, in our contract workforce. We Influence staff, suppliers, customers and communities through the delivery of the contract to support health and wellbeing, including physical and mental health. We collaborate with users and communities in the code-sign and delivery of the contract to support strong integrated communities. We influence staff, suppliers, customers and communities through the delivery of the contract to support strong, integrated communities.

Pricing

• Price: £19.50 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: We offer a 6 week CIN PEP trial for prospective clients.; Onsite training if required and trial setup costs will be applicable.
• Link to free trial: https://epep.tv/epep-platform-free-trial/

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gary.daniels@egov.uk.com. Tell them what format you need. It will help if you say what assistive technology you use.