RM Education Ltd

RM Unify

RM Unify is a true single sign on identity and access management service. It delivers an App Library, Launch Pad and Management Console to users through any browser, on any device. There are full network integration options for MIS and AD user management and provisioning. Onboarding/offboarding section details exit plan.

Features

• User provisioning from CSV, AD and or MIS
• Network provisioning from MIS
• Desktop and web single sign on
• Full SSO for either M365, Google Workspace or both simultaneously
• One click Launch Pad provisioning from the App Library
• User password management
• MIS sync to AD for rich user data
• Parent account provisioning
• App Library featuring 'safe for education' Apps
• Microsoft 365 group, Teams & Google Classroom Provisioning

Benefits

• Anytime, anywhere learning. Access everything though the web
• Always up to date. No local software installs.
• Flexible and scalable. School, Multi-Academy Trust, School District
• True Single Sign On. Platforms (Microsoft and Google) and apps
• Time saving. Automated user provisioning, de-provisioning and management
• Cost saving. App, Device and Platform management
• Data Security and Management. App data share reporting.
• Customisable for school, user, group and individual
• Network Management. AD Synch and desktop SSO
• Ever evolving and growing. Dynamic roadmap and development.

£0 to £1,495 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@rm.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

617193157561191

Contact

RM Education Ltd
08450 700300
tendersteam@rm.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: RM Unify integrates with a large number of 3rd party apps by design enabling SSO functionality and general user management. RM Unify provides IAM to a number of RM products including RM SafetyNet, RM SafetyNet Go, RM Finance, RM Integris and RM Parent Portal.
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Help desk is manned 8am - 6pm Mon - Fri excluding Bank Holidays; ; Support tickets are responded to within 4 hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Included in a network support contract
• Web chat accessibility testing: N/A
• Onsite support: Yes, at extra cost
• Support levels: Basic - access to online RM Knowledge Library only. Cost - free.; Premium - all the above. Cost - £745 (<500 users) - £1495 (>500 users) annually.; Up to third-line level support, with a remote access service provided by RM to resolve issues where appropriate (Premium only).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User have access to a support portal to reach quick start guides and technical help. In addition users have access to video guides to key features via a dedicated app in the App Library called the RM Training Academy.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: RM Unify acts as a data conduit and not a data producer. The service is an Identity and Access Management platform used to integrate data sources (AD and MISs) and third party online services. As such, it is not a content creation platform holding customer data. The limited data that is held, which is primarily identity data, is available for export by CSV (with the exception of user passwords, on security grounds).
• End-of-contract process: Due to the lack of data in the service there is no off-boarding service built into the standard contract. Support channels however are designed to assist customers in such circumstances.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Once logged into RM Unify, there are launch pads for each user and for the whole school community to assign personalised and communal learning resources. There is an app library with over 200 apps that can be installed to users launchpads. There is a management console for administrators to provision and manage users.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Our site has been tested through a third-party (Shaw Trust). Testing included both automated evaluation tools and manual testing by an experienced pan-disabled testing team including ; · Keyboard Only User ; · Voice Activation User ; · Screen Reader User ; · Low Vision User ; · Colour Blind User ; · Deaf or Hard of Hearing User ; · Learning Difficulties User. ; We also test in-house using JAWS screen reader. RM Unify implements the WAI-ARIA specification to support assistive technologies.
• API: Yes
• What users can and can't do using the API: The service has numerous APIs allowing third parties to extend our platform as required by customers. The service supports a variety of data sources from local and cloud hosted MIS (Management Information Systems) and customers are free to integrate their own. Third party services can be used to extend the platform, by leveraging data and SSO APIs. The API documentation at http://dev.rmunify.com describes the technical integration required complete with examples in multiple languages. All third party integration is validated by RM and data sharing consent is sought from end user administrators for customers that choose to use these integrations.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: -The Launch Pad is customisable by role e.g. student, teacher, non-teacher. Further customisation options include groups. ; - Admins can personalise their Launch Pad with images, themes and messages. Organisations can have their own unique URL e.g https://yourschoolname.rmunify.com.; - Admins can choose from a range of username formats when provisioning users.; - The login screen can be branded.; - There are a number of user provisioning methods to choose from including sourcing from a CSV, Active Directory, a school MIS or direct from the UI. ; - In addition to a Super Admin role, users can be permissioned as Password or Launchpad admins.

Scaling

• Independence of resources: The service is hosted on elastic public cloud, provided by Microsoft. This allows RM to scale our service in response to increasing and decreasing traffic to ensure a consistent user experience. We continually monitor the latency of common user journeys and scale appropriately to meet user performance expectations.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: The service is an Identity and Access Management platform used to integrate data sources (AD and MISs) and third party online services. As such, it is not a content creation platform holding customer data. The limited data that is held, which is primarily identity data, is available for export by CSV (with the exception of user passwords, on security grounds).
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: RM Unify aims for availability of 99.9% within agreed service periods.
• Approach to resilience: The service is hosted in Microsoft Azure Platform as a Service, a highly resilient base on top of which RM Unify is built. The Azure platform provides high availability guarantees, automated security patching, health monitoring and self-healing services. ; ; Our service is 'cloud native' and deployed as a set of independent fault tolerant services, multiple instances of which run concurrently on Azure. The load is balanced between these multiple instances providing high availability in the event of hardware or software failure. Any repeatedly failing instances are automatically taken out of circulation and a healthy node takes its place.
• Outage reporting: RM publishes the service status of RM Unify at http://status.rmunify.com; ; Customers can subscribe to email or RSS alerts via the status page, providing updates of software patching, deployment and service performance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: The management functions are restricted to users using role-based access control. On signing up to the service, a single Admin user is created to perform the onboarding of their organisational end users - typically the students and staff of the education institution. Once complete, the Admin can identify the other staff that need the Admin permissions and delegate permissions to these users.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Certification Europe
• ISO/IEC 27001 accreditation date: 04/06/2014 - Date of initial accreditation. 12/06/2020 - Date of last renewal.
• What the ISO/IEC 27001 doesn’t cover: Commercial functions.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: RM has the following security policies:; RM Group Security Policy.; Acceptable Usage Policy and Security Guidelines ("AUP").; Backup Policy.; Data Classification and Handling.; Data Protection.; CCTV Policy & Guidelines.; Cryptographic Policy.; Incident Reporting Management & Forensic Readiness.; Legislative Compliance (Security) Policy.; Physical Access.; Protective Monitoring.; Vulnerability Management Policy.; ; All staff are required to read and acknowledge the AUP on an annual basis, as well as having security clauses in their contracts.; ; All staff must complete information security training when they join RM and annually thereafter.; ; Core functions, e.g. IT and HR, are subject to regular internal and external audit.; There is a network of Local Security Officers and the Group Security and Business Continuity Committee monitors compliance with polices.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The development and operations of RM Unify is governed by ISO 27001:2013 processes, which document our change process. All software changes are communicated to customers proactively through the service status, and fully documented for end users via a blog for customer facing features.; ; As a cloud service developed according to an agile methodology, changes are made to the service with predictable frequency, usually every 4 weeks. Throughout this cycle, infosec evaluation takes place and appropriate actions and mitigations are made.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The service is automatically security patched for OS and web server vulnerabilities monthly, mitigating many threats. In addition RM uses ; CHECK certified third parties to annually perform a deep web application security test covering vulnerability scanning, service configuration and the software itself and quarterly IP address scanning for potential vulnerabilities. For high-stake areas of functionality additional independent peer review is sought from our security partner.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The service itself is build on top of Microsoft Azure Platform as a Service and as such all compute nodes (VMs) are rebuilt from scratch with every software release. This brings a number of benefits, one of which being the removal of any Advanced Persistent Threats (APTs). RM Ops monitor traffic from web server logs to identify traffic anomalies and identify threats to the service.
• Incident management type: Supplier-defined controls
• Incident management approach: All security incidents are reported on an internal logging system. The log records nature and impact of incident, as well as potential preventative measures. All reported incidents are reviewed by senior management and evaluated at either divisional or Group security forums. Major security incidents would be managed according to a defined major incident management process.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  When Di Booth joined RM to support us looking at our sustainability agenda, she was amazed by how much had already been done. Our New Product Development team were already introducing alternatives to virgin plastics that have a smaller ecological footprint and are bio- or waste-based. We have already reduced our carbon impact by 67% since we stopped our manufacturing business in 2014. In Harrier Park, our purpose-built new site in Nottinghamshire, we are installing solar power which will also result in a further 13% carbon reduction.; After seeing what was already in place, we brought together people in the business who are passionate about the environment to help create an environmental management and sustainable procurement management system that will seek certification to ISO 14001 in 2022. Through this we have developed an ambitious action plan that includes initiatives such as our RM Resources Quality and Procurement Team focusing on packaging on 36,000 products to reduce packaging to an absolute minimum and only use recyclable materials, RM ESI researching how we can make our software lower carbon in use and Software Product Development trialing a new offsetting approach to their own carbon impacts which if successful will be offered to our customers. We are also working with HP on their Take Back Service where HP take back old devices from customer schools and give a credit so that they can be recycled. As a result, in the last year schools have received over £100,000 in credits.; ; Working with our Executive, we have now also launched a Sustainable Development Governance Panel and Monique Louis, the Managing Director of RM Resources, appointed as Chair. The Panel reviews our progress against plans, objectives and targets, carries out the management review of the management system, develops new strategies and reports to the Executive quarterly.
• Equal opportunity:

  Equal opportunity

  Here at RM, our purpose is to enrich the lives of learners worldwide. We are committed to reflecting the diversity of the customers and learners we serve, encouraging and supporting our people to be their true selves, to grow and thrive at work. ; We are to creating an inclusive and flexible workplace where all our employees can be themselves and succeed on merit. Without diversity of thought, we cannot continue to innovate and grow. ; Earlier this year we completed a D&I audit, to help us understand how diverse and inclusive RM is today and to promote a culture of valuing diversity and inclusion where our employees could bring their whole selves to work. In response to the audit findings, employee volunteers from our D&I Advocates group have created a number of new employee networks to provide peer support and represent marginalised groups in RM by building communities that provide a safe space to be honest about the challenges they face in the workplace. The groups are led by employees who are part of the identity/identities the network represents, and they are used to not only provide peer support to marginalised employees but also to take group ideas, solutions and concerns to improve policies and practices and implement changes to the organisational culture.; ; Understanding that there are groups in society that are disadvantaged for reasons beyond their control and wanting to do something to address the inequality in our society is an important part of building a diverse and inclusive organisation.; ; Alongside the Women’s Network other networks are starting to grow, including a LBGTQIA network, the People of the Global Majority Network, and the Neurodiversity Network which is chaired by your bid lead Kevin Brooks.

Pricing

• Price: £0 to £1,495 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: RM Unify Basic is a free service offering restricted functionality for an indefinite period. We also have an RM Unify Premium 3 month free trial for access to almost all of the features, excluding federation to Office 365 and G Suite and Network Provisioning. More details here: https://www.rm.com/products/rm-unify/rm-unify-free-trial
• Link to free trial: https://rmunify.com/signup

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendersteam@rm.com. Tell them what format you need. It will help if you say what assistive technology you use.