The Access Group

Access My School Portal

My School Portal’s mission is to make school communication simple and keep user satisfaction high. Whether you’re a parent, guardian, student or staff member, our one-stop portal intelligently pulls together key data, providing a single view to
boost engagement.

Features

• Email and messaging exclusively featuring all school communications
• Online bookings and payments for any school activity
• Interactive forms for absence and more
• MIS data integration

Benefits

• MS Teams and Google assignment integration
• Partents evening management

£375 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Natalie.GilesGrant@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

622898494648200

Contact

Natalie Giles-Grant
01206322575
Natalie.GilesGrant@theaccessgroup.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: None
• System requirements: Internet Access via supported browsers (html5 enabled)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We use an automated ticket system to record customer case detail and an acknowledgement email is sent to the customer immediately upon receipt
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Via the online help portal widget
• Web chat accessibility testing: The webchat software is currently being widely used across multiple other divisions within the Access Group
• Onsite support: No
• Support levels: The Essential Success Plan is included as part of your Access subscription, and is there for you online anytime of the day or night with access to our Knowledge Base and Community. The Standard Success Plan is a more reactive service including telephone and email support, speedy response times and access to our lovely customer success teams. You’ll also get the chance to be involved with exciting product updates and webinars from our team of experts. The Standard Success plan is 15% of the annual software cost per annum. The premier Success Plan delivers a proactive service including your very own support contact and a customer success manager who will get you on the road to success and help you stay there. The Premier Success plan is 25% of the annual software cost per annum.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We believe wholeheartedly that the functionality that our software offers our customers is very important, but it is only half of the value equation - how the system is rolled out is critical if full value from your new investment is to be achieved. We also know that you may view new software implementations with some trepidation and many customers can find this period daunting. In fact for some customers, this may be the first software roll out they have managed. We recognise this and we have designed our implementation services to help ensure you have a great experience and are looked after along the way, so that the whole process is less daunting
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract required data via a range of reports.
• End-of-contract process: As per standard contract agreement data is retained for 28 days past contract end. All data is then securely deleted and removed from the system.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: My School Portal is a SaaS service that runs on a computer, tablet, or smartphone device with a browser and Internet connectivity.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: We use APIs throughout the product;however,we link to the following 3rd party APIs: iSAMSWCBS 3SYS ProgressoSchoolPostEtons APIVarious SSO: Apple, Google, Facebook, Firefly, MicrosoftGoogle ClassroomGoogle DocsMicrosoft OneDrive, SharePoint & TeamsPayment Providers: Opayo, PayPal, Stripe, WorldPayPlanet eStreamSOCSAll APIs are accessed over HTTPS as noted in the diagram below as “School / MIS Server”. The APIs which are hosted by clients typically employ an IP whitelisting system, at which point they whitelist our single access IP noted on the diagrams below as “MSP NAT Gateway”. They typically all have some form of credential equivalent to a username and password.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: My School Portal uses a load-balanced, multi-tenant service. The load balancer monitors the web servers continuously and will dynamically reassign requests if one of these servers crashes.

Analytics

• Service usage metrics: Yes
• Metrics types: We have some highlevel metrics (around the number of users, students who have had parents who haven't signed in) that can be accessed within the product in a school admin dashboard.
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: All reports can be exported to Excel, CSV or PDF
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Xls(x)
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Xls(x)
  • PDF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We will use commercially reasonable efforts to make the SaaS available 24 hours a day, seven days a week, except for unavailability during emergency or routine maintenance.
• Approach to resilience: We operate a dual active-passive environment and all hardware components are provided at N+2 level or greater. More details are available on request.
• Outage reporting: Users can subscribe to email alerts giving updates on scheduled maintenance and outages.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We operate role profile based Access Control - based on least privilege access. This applies to all our services
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 08/08/2020
• What the ISO/IEC 27001 doesn’t cover: Nothing is excluded from the Standard
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: All change management is undertaken in line with ISO27001:2013 using JIRA for audit purposes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Patched and audited by our patch management system. All non-critical OS patches are applied within one calendar month of release, first into pre-production and then into production, as part of the scheduled maintenance window. AV Updates - Signatures are updated hourly. / Rules are reviewed at minimum every 3 months. Logs are reviewed at minimum every 3 months. Access staff responsible for the maintenance of our hosting services subscribe to industry newsletters, belong to various security forums and we additionally receive notifications from our vendors.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have traffic monitoring and content based alerting which alerts on changes to the site and/or traffic flows implemented at infrastructure and application level. We proactively monitor third party suppliers (hardware, OS, application/web and database server software) vulnerability reporting and security fix availability. Any vulnerabilities found and fixes provided by third party suppliers are patched by our infrastructure team in a timescale appropriate for their level of severity. Any penetration test findings are fixed by Development in a timescale appropriate for their level of severity. Our infrastructure response is within 1 hour in the SLA period 8am-8pm Monday – Friday.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Access UK Limited is a Software author and provide associated services, including Hosting, Payroll Bureau and Payment services. We recognise that although we do not undertake manufacturing, our day to day operations will have impact on the environment at global, national, and local level. We are committed to the care of the environment and the prevention of pollution. •Access ensures that all our operations are carried out in with the minimum adverse effect on the environment but implementing many available resources and approved processes •We protect the environment by striving to prevent and minimise our contribution to pollution of land, air, and water •We keep wastage to a minimum and maximise the efficient use of materials and resources, and manage disposal of all waste in a responsible manner •We use energy, water, and natural resources wisely and prevent pollution by minimising waste, recycling whenever possible and properly disposing of waste that cannot be recycled. •Our management processes are developed to ensure that environmental factors are considered during planning and implementation •We raise employee awareness and encourage best practices for sustainability at work
• Equal opportunity:

  Equal opportunity

  We want everyone to feel at home at Access, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual; after all, if we were all the same it would be a pretty dull place. We love the fact that we’re all different. Having more diverse perspectives at work improves how we run our business, helps us support our customers, and when you think about it, it's just more fun. For us, this all starts with helping everyone feel part of the family and being at their best every day, making Access a place where everyone can love what they do and do what they love. We all have regular check-ins with our leaders, take part in monthly employee surveys, have lots of chances to share our views and ask for help, and with our own learning system, 'Access Shine', we really can make things even better each and every day. At Access we'll always hire the best candidate but we're continually looking for creative ways to increase the mix of diverse candidates into our recruitment process. On the basis that you ‘have to see it, to be it’, one thing we're doing is sharing more stories to celebrate the wonderful diverse range of talent we have at Access. It is important for us that our employees understand and reflect the customers and communities we support, and we want everyone to feel at home here, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual.
• Wellbeing:

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £375 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Natalie.GilesGrant@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.