CaseworkerGov

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Whilst there is no limit to the file size able to be uploaded to the system, there is a 20MB limit on files sent via email out of the system. There are no other service constraints.
System requirements: Internet or mobile data connection

Up to date, modern web browser

User support

Email or online ticketing support: Email or online ticketing
Support response times: All support requests are triaged for urgency. Users can expect an initial acknowledgment within 2 - 4 hours when a support enquiry is placed within office hours (9-5pm Monday to Friday).
User can manage status and priority of support tickets: No
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: Our support team is contactable via email and telephone from Monday to Friday between 0900 and 1700 (excl. public holidays), as part of your subscription cost. Onsite training is also available at additional cost charged by the day. We can also provide resources and train your IT team to deal with simple enquiries if you prefer that model.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: During the setup process, we run discovery sessions to fully understand the users' requirements in order to ensure the application is appropriately deployed. Following setup, we provide optional onsite training at additional cost. Alternatively there are tutorial videos available via our YouTube channel, along with an end-to-end manual.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: All user data can be extracted upon request which will be provided in a secure format.
End-of-contract process: All data added to the system will be extracted and provided to the customer in a secure machine readable format.

Using the service

Web browser interface: Yes
Supported browsers: Microsoft Edge

Firefox

Chrome

Safari

Opera
Application to install: No
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Full service on all devices.
Service interface: Yes
User support accessibility: WCAG 2.1 A
Description of service interface: CaseworkerGov is a web based application with a web based user interface.
Accessibility standards: WCAG 2.1 A
Accessibility testing: As well as internal testing we also have a range of end users that use assistive technologies including screen readers with the application.
API: Yes
What users can and can't do using the API: Our API allows third party systems to integrate easily with CaseworkerGov. Using the API (having requested an API key) an authorised user can
- Create a record including constituent and case records
- Lookup records and retrieve data
- Trigger automations
API documentation: Yes
API documentation formats: HTML

Other
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: As part of our discovery and setup process each installation of CaseworkerGov is customised to an organisation with amongst other things workflows, automations, language, additional database/UI fields, letterheads, signatures/scanned signatures, sending outgoing email addresses, fonts, case types and categories. A full admin interface also exists that allows appropriately authorised end / admin users to modify all aspects of an installation's configuration

Scaling

Independence of resources: The underlying Google Cloud infrastructure on which CaseworkerGov is hosted allows for a range of scaling options for a CaseworkerGov installation from automatic to manual intervention.

CaseworkerGov servers are constantly monitored by automatic systems for metrics such as CPU, memory and network usage. Alerts are set to notify Elected Technologies engineers in the event that any of these metrics are approaching upper bounds and automatic scaling begins.

Data storage, both file and database is automatically scaled by the Google Cloud infrastructure meaning that a single user cannot impact on storage availability of another.

Analytics

Service usage metrics: Yes
Metrics types: Custom reports provided by our internal support function if required.
Reporting types: Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Other security clearance
Government security clearance: None

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)
User control over data storage and processing locations: Yes
Datacentre security standards: Managed by a third party
Penetration testing frequency: At least once a year
Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: There are functions in the system that allow certain data to be exported by end users and we would be able to assist for further requests.
Data export formats: CSV

Other
Data import formats: CSV

Other
Other data import formats: XLS

SQL

Data-in-transit protection

Data protection between buyer and supplier networks: TLS (version 1.2 or above)
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability: The CaseworkerGov terms of service includes a Service Level Agreement with a 99% uptime commitment and a mechanism for the claim of service credits in the event that this SLA is not met.

If ELECTED TECHNOLOGIES does not meet the CaseworkerGov SLA, THE CUSTOMER will be eligible to receive the Service Credits described below.

Service Credit: means the following:
Monthly Uptime Percentage / Days of Service added to the end of
the Service Term
< 99.0 % - >= 98.0% / 3 days
< 98% - > 94% / 7 days
< 94% / 15 days.

Additional information is available on request.
Approach to resilience: Google’s underlying Cloud Platform infrastructure protects the CaseworkerGov service from a large range of typical downtime causes such as network connectivity issues (Google Data centres include multiple redundant network links) and physical hardware failure. Google Cloud provides automatic and transparent VM migration allowing virtual machine workloads to be automatically and transparently transferred from one piece of physical compute hardware to another without downtime. Google’s underlying storage systems automatically chunk and replicate data across physical storage to ensure physical hardware failures or events do not result in inability to access data or loss of data.

Elected Technologies’ approach to application updates regarding the CaseworkerGov service works to SRE (Site Reliability Engineering) principles and managed availability budgets. Regardless of testing results new code is only deployed to production if the team considers there to be an appropriate availability budget remaining within the SLA. This approach ensures that new code that despite testing could introduce an issue into the application is not deployed if it is likely to mean that the SLA is breached. Additionally the new code rollout process requires that any deployment of new code has a rollback plan in the event of an instability being introduced.
Outage reporting: Alerts are issued for service outages by email.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Username or password
Access restrictions in management interfaces and support channels: Administrator accounts are available via username and password, accompanied by two-factor authentication.
Access restriction testing frequency: At least once a year
Management access authentication: 2-factor authentication

Username or password

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: Between 1 month and 6 months
Access to supplier activity audit information: Users have access to real-time audit information
How long supplier audit data is stored for: At least 12 months
How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: No
Cyber essentials plus: No
Other security certifications: No

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: The CaseworkerGov service is delivered under Elected Technologies’ Security Policy which provides a framework for the operation of Elected Technologies Service and business. Under the policy, the CEO of Elected Technologies has responsibility for security of all Elected Technologies Services, ensuring reporting to the Board of associated risks and meeting regulatory and legal requirements.

The underlying Google Cloud Platform services and data centres used to deliver CaseworkerGov have the following certifications:
ISO 27001:2013
ISO 27017:2015
ISO 27018:2014
Information security policies and processes: The CaseworkerGov service is delivered under Elected Technologies’ Security Policy which provides a framework for the operation of Elected Technologies Service and business. Under the policy, the CEO of Elected Technologies has responsibility for security of all Elected Technologies Services, ensuring reporting to the Board of associated risks and meeting regulatory and legal requirements.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: All configuration or code changes within the CaseworkerGov service must go through our Change Request and Approval Process with a pre-defined list of questions to be answered.

All requests are logged into a central document, with approval by a member of the senior management team required. The date and time and the member of staff who made the change is also logged. Under Elected Technologies’ policies a senior manager cannot approve their own changes.

All code changes and their authors are tracked within our code repositories and reviewed by the service owner before being released to the Master branch.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Elected Technologies follows the NCSC’s guidance on vulnerability Management and utilises the OpenVAS Vulnerability Assessment System to regularly scan its Virtual Machines for vulnerabilities.

Identified vulnerabilities are triaged based on OpenVas’ identification of their severity (low, medium, high) and are recorded as either “fix”, “acknowledge” or “investigate” by the vulnerability assessment team on the basis of their impact on the service and the data stored within the service.

Patch management is primarily handled automatically within the CaseworkerGov Virtual Machine however application of any patches outside of this are applied based on the NCSC guidance on patching.
Protective monitoring type: Supplier-defined controls
Protective monitoring approach: Elected Technologies actively monitors a number of metrics on the virtual compute and other Google Cloud Platform infrastructure used by the CaseworkerGov service that could signify unusual or malicious activity. These metrics include but are not limited to inbound and outbound network traffic, CPU utilisation, memory usage and number of active connections. Any movement of these metrics out of normal bounds results in an automated alert to Elected Technologies technical staff and manual investigation.

Failed login attempts to a CaseworkerGov installation using the CaseworkerGov built in authentication flow are also logged and automated notifications sent to Elected Technologies technical staff.
Incident management type: Supplier-defined controls
Incident management approach: Elected Technologies’ incident management policy covers a security event that may affect confidentiality, integrity or availability of the CaseworkerGov service or data held on it. The policy is structured around the NIST guideline NIST SP 800-61 on handling incidents and specifies courses of action, procedures for notification, escalation, mitigation and documentation required.

Security incidents or vulnerabilities identified by external organisations can be reported to any publicly listed contact detail for Elected Technologies.

All security related points of contact are to be immediately forwarded to the Head of Technology and the CEO for handling by the Incident Management Policy.

Secure development

Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Elected Technologies utilises underlying Cloud technologies that are carbon neutral. Our cloud technology provider on which all CaseworkerGov services run aims to run all data centres on carbon free energy by 2030.

Tackling economic inequality

As a small business Elected Technologies is committed to the local community and improving employment opportunities including for the young. We are a committed employer of apprentices and a large number of our staff have progressed through an apprenticeship route into more senior roles.

Equal opportunity

Elected Technologies is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, gender, pregnancy and maternity, marital or civil partnership status, gender reassignment, disability, neurodiversity, religion or beliefs, age or sexual orientation. We actively assess and halt any unfair and discriminatory practices found within Elected Technologies and we encourage full contribution from our diverse workforce. We are committed to actively opposing all forms of discrimination. We also aim to provide services that do not discriminate against our clients and customers in the means by which they can access the services and goods supplied by us. Elected Technologies believes that all employees and clients are entitled to be treated with respect and dignity.

Wellbeing

Elected Technologies aims to create and promote a workplace environment that supports and promotes the mental wellbeing of all employees, and we strive to develop a culture based on trust, support and mutual respect within the workplace. We provide support and assistance for employees experiencing mental health difficulties, and we positively encourage the employment of people who have experienced mental health problems by providing fair and non-discriminatory recruitment and selection procedures. We also recognise that workplace stress is a health and safety issue, and acknowledge the importance of identifying and reducing workplace stressors.

Pricing

Price: £50 to £300 a licence a year
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

CaseworkerGov

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents