Shelton Development Services Limited

SDS ProVal

ProVal is the leading Development Viability Software for Social Housing Providers in the UK with over 250+ Housing Association and Local Authority Customers

Features

• Real-time reporting
• Customisable inputs for bespoke data capture
• Customisable functions for bespoke calculations
• Off-line editing and saving
• Real-time errors and warnings on data input
• Remote Browser Access

Benefits

• Real-time results for quick appraisals including NPV, IRR, payback
• Multiple tenures in single appraisal
• Colour-coded tenures for easy identification including templates
• Granular results for best site optimisation
• Easy search options to find an appraisal
• Immediate notification of errors
• Collaborate quickly with colleagues
• Sensitivity analysis to rapidly compare options
• Consolidate schemes for portfolio analysis
• Industry standard 'out the box' reports

£1,500 to £5,000 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ricky.prota@s-d-s.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

601001589851322

Contact

Ricardo Prota
07944849302
ricky.prota@s-d-s.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: ProVal can be a standalone service, however we do include an interface to allow customers to move appraisal data into SDS Sequel (our project management tool) so that you can reduce the data entry to Sequel and allow actual vs budget comparisons from Sequel.
• Cloud deployment model: Private cloud
• Service constraints: SDS may need to apply updates when changes in government legislation take place. Downtime is approximately 2-3hrs but only when such changes take place which around 2 times per year
• System requirements: Internet Browser Access Required with an standard PC or Mac.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: First Response is 4 hours from ticket being submitted.; ; Support is provided in accordance with the terms of our standard Support SLA included within our terms and conditions document; ; Support opening hours:; ; Monday – Friday; ; 9am – 5pm
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: Onsite support
• Support levels: All support is local; we do not use third-party agencies or remote call centres.; Support is provided in accordance with the terms of our standard Support Agreement and encompasses:; Internet and Teams (online conferencing applications); Email queries where you'll deal with an experienced member of our team; Screen-to-screen access to provide support directly onto your machine; Tutorials and real-time demonstrations over the web; Reviews of your work to check for possible errors (chargeable); Application updates to meet changes in business practices; Face to face; Annual regional user meetings; Cloud installations and a Solution architect managing the Infrastructure; ; Priority; 1; ; Urgent request for support, help,; assistance, development, advice; ; 4 hour; response; 5 day fix; ; 4 hour response ; 4 week fix; ; Priority; 2; ; Moderate request for support, help,; assistance, development or advice; ; Same day; response; 10 day fix; ; Same day; response; 6 week fix; ; Priority; 3; ; Low request for support, help,; assistance, development or advice; ; Next day; response; 15 day fix; ; Next day response; 8 week fix; ; Priority; 4; ; Feature request Programmed and; scheduled by; agreement with; SDS and the; Customer
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Full Training and implementation is part of the package. The training is currently delivered over Teams by one of our accredited trainers for each customer in an online classroom setting. ; ; The ProVal course consists of the following modules:; ADMIN: This module covers a wide range of topics, such as: Overview and familiarisation of ProVal LS; Explanation of administrator settings, scheme and unit defaults; adding users; creating global settings and defaults; creating the project folder tree; setting user security & permissions; ; ; END USER: This is a hands-on interactive course. Users will learn how to complete a basic appraisal from start to finish and how to interpret the results.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: A copy of the database will be downloaded and provided to the customer.
• End-of-contract process: Once the customer has confirmed receipt of the required database and has what they need we will follow our secure deletion of data policy.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: ProVal is a highly configurable application with bespoke reporting features. A wide range of development assumptions can be created to ensure a consistent appraisal approach across schemes, along with templates for your most common unit types. The configuration process will be covered as part of our training programme, but there are also options to for SDS to configure the software to the specifications of the user. Please note we do not allow customers to customise the underlying software code / functionality in a bespoke way, however, we do of course collect feature requests and other feedback from users, and these are managed in the product feature pipeline.

Scaling

• Independence of resources: Each company will have their own server. Any strain can be identified and resourced accordingly.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users can export data through reporting outputs which can be saved and copied to their local machine.
• Data export formats:
  • CSV
  • Other
• Other data export formats: CSV, EXCEL, PDF, HTML
• Data import formats:
  • CSV
  • Other
• Other data import formats: CSV, EXCEL, PDF, HTML

Data-in-transit protection

• Data protection between buyer and supplier networks: Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Our SLA is guaranteed at 99.99% up time.
• Approach to resilience: We use AWS servers which will be set up to high standards of resilience. Further information is available on request.
• Outage reporting: We will be notified if there is an outage via an email and SMS alert, and will let the customer know straight away (also via email).

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access within the software is based on roles. Users are given access to a particular role or security level which then determines their ability to access the different features or data in the software. Access to support channels is managed via our FreshDesk support system, which contains all our customer contact and purchase information.
• Access restriction testing frequency: Less than once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation
• ISO/IEC 27001 accreditation date: 22/11/2022
• What the ISO/IEC 27001 doesn’t cover: SDS conforms to ISO 27001
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All staff are organised into teams with level of access to information based on their requirements in their roles. Network drives and other information sources are centrally administrated and our Software IT director takes responsibility for maintenance and security of IT systems. Software code is stored in secure locations and the development of our software follows a standard approach, with each coding change being recorded in the case management system, following an agreed process of requirement, coding, code review and testing. All our staff are trained on GDPR regulations and we document their responsibilities with regards to data and privacy in our staff handbook

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All code is recorded using a branch methodology, with each change being subject to a our secure development process. Changes to software must go through a multistage process including design, review and testing ahead of the change being merged into the master branch code
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our software team use AWS Inspector to monitor for potential security risks, all operating systems and software versions are kept up to date and we use anti virus software protection as appropriate. All our records systems are online and we do not generally use physical storage.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: If our security is compromised we would assess the potential impact at the SLT level before enacting our Business continuity plan.. Measures appropriate to the scale of the incident would be determined at the time, and we are aware of (and comply with) our statutory obligations under GDRP to notify users and the ICO.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: If and when our security is compromised we would assess the potential impact at SLT level and execute our disaster recovery or BCP. Measures appropriate to the scale of the incident would be determined at the time, and we are aware of (and comply with) our statutory obligations under GDRP to notify users and the ICO.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  SDS software is at its core a software product designed to build affordable housing for vulnerable persons who need it most. Organisations with a social purpose buy ProVal to address the housing crisis and thus tackle inequality

  Equal opportunity

  SDS is committed to providing equal employment opportunities to all employees and applicants without regard to race,colour,religion,sex, national origin,age,disability, or any other protected status.

Pricing

• Price: £1,500 to £5,000 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ricky.prota@s-d-s.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.