Civica UK Limited

Civica Microsoft Dynamics 365 Grant Management Service

Utilises the power of Dynamics 365 Customer Service and overlays an accelerator designed specifically for not-for-profit organisations. Our accelerator expertise, industry knowledge of grant management and design patterns allows us to quickly build your customised grant management solution. Offers simple ‘T-shirt’ sized implementation packages from PoC to large implementations.

Features

• Native GMS functionality including accounts, contacts communications, dashboards, reporting
• Part of Microsoft ecosystem: Office, SharePoint, PowerApps, Azure, Flow
• Configurable data model, business workflow/rules, Entities/Fields, Forms, Integrations, Reporting
• Portal for external users' applications, claims and reporting
• Non-profit Accelerator based on best practice, broad industry consultation
• Non-profit end-to-end focus: programme delivery and grant/award management
• Open source solutions, data samples, SDK extensions
• Civica extensive experience with Grants management systems Dynamics and agile
• Enterprise-grade environments with Dev UAT sandboxes and Production deployment

Benefits

• Leverage existing skills/investment to achieve high productivity with Microsoft ecosystem
• Constant improvements spanning accessibility, user experience and functionary
• Reduced cost for given Grants feature set
• Robust fully tested, scalable architecture with auditing, security model
• No vendor lock - wide adoption provides other potential partners/community
• Reduced implementation timeframe, well suited to agile, phased approach
• Reduced upfront design build effort
• Designed with non-profit sector to reflect best practices/industry data standards
• Higher quality via re-built entities/forms based on industry standard entities/relationships
• Complete flexibility enabling GMS to be tailored without custom development

£25,000 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@civica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

654552505709541

Contact

Civica UK Limited
+44 (0) 3333 214 914
g-cloud@civica.co.uk

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Dynamics 365 Customer Service and or Field Service
• Cloud deployment model: Public cloud
• Service constraints: Service is limited by constraints of underlying platform, Microsoft Dynamics 365 Customer Service and or Field Service.
• System requirements:
  • Supported browser, latest version of Chrome, Edge or Safari, IE
  • As Dynamics 365 Customer Service and Field Service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Civica offers three service levels: Core, Extended and Bespoke each with variable service hours ranging from 09:00 to 17:00 Monday to Friday excluding English public holidays to full 24x7x365. Our Core service response and resolution times depend on the severity of the incident and are as follows:; a) Priority Level 1 (Critical): 1-hour to respond, 1 day to resolve; b) Priority Level 2 (Major): 2-hours to respond, 2 days to resolve ; c) Priority Level 3 (Intermediate): 2-hours to respond, 8 days to resolve ; d) Priority Level 4 (Minor): 2-hours to respond, 20 days to resolve
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: 1) Core: 09:00 to 17:00 Mon-Fri excluding English Public holidays; suitable for most business-critical applications.; 2) Extended: 08:00 to 18:00 Mon-Fri excluding English Public holidays. ; 3) 24x7: full 24x7x365 support.; 4) Bespoke: customised set of service hours that meets unique business requirements.; ; Different business needs require flexibility in response and resolution times:; 1) Core: resolution times are P1: 1 day, P2: 2 days, P3: 8 days and P4: 20 days.; 2) Enhanced: resolution times are P1: 4 hours, P2: 8 hours, P3: 4 days and P4: 10 days.; 3) Bespoke: a customised set of response and resolution times that meets your unique business requirements.; ; Severity Levels for Incidents are defined as follows:; a) Priority Level 1 (Critical) - reported problem causes a halt to the client’s core business processes and no work-around is available.; b) Priority Level 2 (Major) - reported problem causes degradation of the client’s core business processes and no reasonable work-around exists.; c) Priority Level 3 (Intermediate) - reported problem impacts the client’s operational environment; it does not affect core business processes; a work-around is available.; d) Priority Level 4 (Minor) - a non-critical problem causing some disruption with little or no impact on client operation.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Our on-boarding process begins by providing visibility around implementation costs and clear easy to consume development bundles and associated development menu.; ; Where selected our discovery process helps you to lay out a clear project vision and scope by providing a vision document and actionable product backlog. We work with you to prioritise your backlog to ensure you meet your priorities within budget.; ; We adopt an interactive approach during implementation, involving key users so that their knowledge and skills develop over the course of the implementation. This is far superior to simply training at the projects end. We do also offer a 'train the trainer' service where we further upskill key users with foundation administration skills. Our aim is not to train completely, but to signpost resources with a view to support self assisted learning.
• Service documentation: Yes
• Documentation formats: Other
• Other documentation formats:
  • Word - template based discover output
  • Word - Customer specific customisations, where prioritised in backlog.
• End-of-contract data extraction: Users are able to extract data themselves into Excel format. Note that a user administrator will need to configure views to ensure all required fields are included in the view to be extracted.; ; Should it be required, we can also assist with data extraction on a time and materials basis.
• End-of-contract process: At the end of the contract, organisations may choose to stop paying the necessary licence fee and forfeit access to the system . Alternatively, users may continue to pay the licence fee component of the cost and continue to use the software.; ; Organisations may also choose to take the customisations we have provided as part of a development project and move them to a new installation of Dynamics 365 provisioned and supported by an alternative supplier.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Same UI is shared across both types of device, however you may wish to consider configuring to show less information per form for mobile intended audiences due to smaller screen size.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: There is an advanced UI through which users can access the platform and for administrators to configure it. Direct server access is not supported.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: The system works with common screen readers.
• API: Yes
• What users can and can't do using the API: Dynamics 365 comes with a fully features and well documented API. Documentation can be found here:; https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/developer/overview
• API documentation: No
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The platform is highly configurable, from the expected; Forms, workflows, business rules, Business Process flows, security model, dashboards and reports through to auditing, data relationships, system settings, knowledge management and Virtual agents. ; ; Configuration is achieved via an administration UI which does not require code and can be carried out by a suitably trained administrator. ; ; Where customers need to go beyond what is possible through configuration, for example to service a niche use case, the platform can also be extended via custom code. This takes the form of server side plugins written in C# and client side code written in JavaScript. Up to 80% of requirements can usually be written without code should the customer follow our discovery process.

Scaling

• Independence of resources: The Dynamics 365 platform is built for scalability and has technical controls in place to ensure the system remains responsive when under load including:; ; 2 minute default timeout to discourage designing long running processes.; ; Resource throttling, to limit resource usage and distribute evenly.; ; We also implement best practice design principles including:; ; Running workflow tasks Asynchronously to keep UI responses snappy.; ; Offloading intensive operations into the cloud using Azure services.; ; Designing forms and data appropriately so as not to slow response times unnecessarily.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Data is held in Microsoft's data centres is protected by Microsoft's strict physical access control. It employs Microsoft SQL Server cell level encryption to meet the compliance requirements associated with FIPS 140-2. Transparent Data Encryption (TDE) performs real-time encryption of data when written to disk (at rest).
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: There is existing out of the box functionality to export data from an existing view. The user simply needs to select the appropriate view,ensure it is configured with the field they wish to export and then export using the UI.; ; Should the user wish to export the whole database to another database and maintain referential integrity between records. This is a development activity, but the developer can be from the organisation, ourselves or a third party. We recommend using SQL Server Integration Services with a third party connector.
• Data export formats: Other
• Other data export formats:
  • Excel
  • From excel, CSV can be saved
  • To multiple database formats via webservices. E.g SQL Server
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Text (.txt)
  • Excel spreadsheet 2003 (.xml)
  • Excel workbook (.xlsx)
  • Compressed (.zip) files are supported.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As the Dynamics 365 platform is provided by Microsoft, Civica do not make a separate guarantee around availability. The availability of the system is defined by Microsoft's service level agreement, which is currently 99.95%
• Approach to resilience: Our system is based on Dynamics 365. This is hosted by Microsoft as an online SaaS offering. This is designed from the ground up as a high availability offering. Should a server fail, the system will automatically failover to a new server. In the case of the whole datacentre going down, the system will failover to an alternative datacentre within the UK.
• Outage reporting: Microsoft provide this facility through the Office 365 Admin Portal.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Out of the box Dynamics provides authentication via Token based claims authentication. We can, at additional cost implement 2-factor authentication or identity federation.
• Access restrictions in management interfaces and support channels: As often support issues contain data driven incidents, having access to the full set of data often provides more efficient support. Where this needs to be restricted, support agents can be given system cutomiser roles that do not allow access to data at all, but the full suite of administration functions.; ; We also recommend separating environments. Production data only needs to be contained in production to which access can be limited. With developers working in separate development environments.
• Access restriction testing frequency: Never
• Management access authentication:
  • Username or password
  • Other
• Description of management access authentication: By default, Dynamics uses token based authentication. We can at additional cost setup 2-factor authentication and identity federation.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 09/11/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Civica has a fully audited and tested Information Security Management System which underpins our ISO27001:2013 certificate. The policies and procedures have been independently audited and practices are audited by external auditors. New staff are inducted into the ISMS when they start; other staff are regularly reminded about their responsibilities and managers are required to ensure that their staff adhere to the policies. Staff are advised when policies are updated. The senior management of the company owns the ISMS and the Information Security Management Representative delivers day-to-day management of the system. All staff are reminded that they are individually responsible for security. The data security theme is delivered through staff / team meetings, training sessions, shared documents and via email. Continuous improvement in the delivery of security is encouraged. Risk assessments are regularly carried out and the competency of the delivery of the ISMS is measured though internal auditing and management review.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All significant, non-routine changes to Organisational information processing facilities (hardware and software) are subject to change control. A procedure (from our ISMS) ensures that segregation of duties in in place for the requesting, authorizing and implementation of a change. All changes should be applied first to a test platform, and a "recover position" is defined for each change. Changes are tracked and documented within the company. At all times the security of our infrastructure and customer data are at the forefront of any consideration of a change request and our Compliance Manager manages this process.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have a qualitative approach to risk management. This covers (a) the categorisation of assets across six major headings including information assets (and these include client data), software assets (these include application software) and physical assets (these include networks); (b) the identification of assets within each category at a level appropriate to risk assessment; and (c) the assessment of possible threats to and vulnerabilities of each asset and its likelihood and impact on the business either directly or indirectly. The risk assessment is carried out at least annually and is reviewed when changes are processed through the Change Control process.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Daily checklists are in place to monitor malicious activities like failed login attempts, attempts to access the system from an unknown IP etc. We also have automatic monitoring tools in place to warn of issues. The Infrastructure Team analyses and understands any incidents and to identify appropriate actions to contain it and to implement contingency plans. A request will then be made to take appropriate actions to recover from the incident, and to implement contingency plans.
• Incident management type: Supplier-defined controls
• Incident management approach: There is a specific procedure for responding to security event in our ISMS. We are committed to sharing information about any such breaches; most of our customers specify their requirements for notification times to be detailed in contractual arrangements. Our starting point is to alert the customer as soon as is possible after such a breach has been confirmed.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Civica’s Environment and Social Governance team provides clear focus for the ongoing development and implementation of our environmental policy, which is supported by our ISO 14001 environmental standard. We are committed to working with our staff, customers, suppliers and partners to recognise and reduce the impact we all have on the environment. This goes hand-in-hand with optimising our services to support environmental and community initiatives.; ; Through the delivery our services, we support fighting climate change by:; - Helping employees improve their own environmental footprint at work. Initiatives include: environmental policy training; Single use plastic reduction; electric vehicle salary sacrifice; cycle to work scheme; solar panel and LED lighting installation; tree planting scheme, offsetting carbon emissions. We also encourage and advise employees on positive activity at home and in their personal lives.; - Working with suppliers to deliver environmentally sound processes and incorporate sustainable criteria into product/service specifications.; - Operating socially responsible purchasing, considering sustainable procurement, environmental and social effects and reduced consumption. ; - Selecting suppliers, goods and services that demonstrate environmentally sustainable, socially responsible and ethically sound standards.; - Leading by example/raising awareness with customers via activities such as: reducing our single use plastic consumption by 70% within the next 5 years; prioritising use of green energy in our facilities; promoting recycling through our ‘Zero to Landfill’ and ‘Zero Print’ schemes; working towards carbon neutrality with workforces and facilities to reduce carbon consumption over the next 10-years.; - Working with customers to develop innovative software-based services that reduce property/power requirements.; - Meeting/exceeding environmental legislation through ISO audits.; ; We have a Carbon Reduction Plan in place and a commitment to achieve Net Zero by 2040 at the latest. We are reviewing our energy mix and the materials we use, and working with partners to plant a Civica Forest.
• Covid-19 recovery:

  Covid-19 recovery

  In the spring of 2020, Civica were an early signatory to the C-19 Business Pledge. We focused on safeguarding our people and communities and ensuring the successful ongoing provision of our business-critical software and services. Supporting customers: Alongside business as usual for our customers, we have worked hard to support the national and local level response through practical, innovative and updated software capability. We have delivered a range of new capabilities quickly, such as those listed below, and continue to provide system advice, configuration and data insights to ensure effective action. - COVID-19 App (the first of its kind in the UK and Ireland) was developed and launched with the Northern Ireland Department of Health, and helped reduce the pressure on the 111 helpline. - Developed local track and trace solution for London Borough of Redbridge, enabling it to support localised contact tracing/escalations. - Community Helper software - built on the iCasework platform to help local authorities co-ordinate rapid support for vulnerable people while minimising safeguarding risks. - Our Trac e-recruitment software was used to help NHS recruiters get the right candidates into posts quickly and fast-track DBS checks. - Supporting social housing tenants - assisted teams to re-focus resources and provide vital support to tenants. - Supporting Revenues and Benefits teams - software solutions for the two largest UK government measures, Business Rates Grant fund and the Council Tax Hardship fund. Supporting employees: We proactively provide guidance and support for our people, from keeping remote workers engaged, to our mental health champions and free-to-access Employee Assistance programme. We have adopted a blended working model enabling colleagues to work safely and flexibly at various locations and hub offices, enhanced how we communicate, and continue to look for new ways to share ideas and inspiration.
• Tackling economic inequality:

  Tackling economic inequality

  Create opportunities for entrepreneurship and help organisations to grow:; Civica is committed to working with its customers to deliver value into the community by supporting young people, developing skills and mentoring businesses to attract inward investment and growth that brings with it employment and skills.; ; We support innovation through our NorthStar innovation lab, a company-wide initiative focused on enhanced client outcomes by applying fresh ideas on data, automation and new technologies. We work with our customers to co-create public services that are fit for today and for the future. Our Civica NorthStar innovation lab creates physical and virtual opportunities for us to jointly explore trends and technologies.; ; Create employment and training opportunities:; Civica is a member of the 5% Club, and aims to have 5% of its UK work force as either apprentices, graduates or work experience students by the end of 2025. We employ apprentices and graduates into a number of different disciplines and locations, with a focus on ensuring they are long term employees of Civica.; ; Support educational attainment:; Learning and development is at the core of the Civica Quality Management Framework. We believe in investing in our people and are proud of our Investors in People Gold accreditation and in being a top rated Glassdoor Employer.; ; We run our own Civica Academy for employee development and skills enhancement, which delivered over 220,000 hours of training during 2021. We provide our own apprenticeship programme (team leader level 3) for our aspiring and current managers that are considered stars of the future.; ; We are working on building some new apprenticeship standards such as the UX degree apprenticeship. This will benefit not only Civica’s Digital Team but all companies and customers that need UX talent.
• Equal opportunity:

  Equal opportunity

  Civica is a 2022 Financial Times Diversity Leader and is ‘Gold’ Investors in People accredited, demonstrating our commitment to promoting equal opportunity by tackling inequality in employment, skills and pay in our workforce. We proactively implement equal opportunities for employment and personal development among diverse groups and local areas, and ensure rights for all staff are always protected. This is led by our Group Diversity and Inclusion (D&I) team, championed by our CEO who is also our Chief Diversity Sponsor. The strategy and policy manages:; - Interview training, focusing on unconscious bias/equal opportunity.; - Anonymising CVs and ensuring interview panels represent minority groups.; - Using a decoder to ensure job advertisements use gender and culturally neutral language.; - Attracting/recruiting from minority backgrounds/disadvantaged groups across the organisation, especially into under-represented areas.; - Advertising vacancies in a wide variety of places and diversity/disability portals (including; BME jobs, Disability jobs and LGBT job sites), to increase gender diversity and ethnicity.; - Company-wide Diversity & Inclusion network, including affinity groups relating to under-represented groups.; - Mandatory Diversity & Inclusion training for all staff. ; - Pay equity reviews addressing inequality and UK gender pay gap.; - Flexible Working to encourage higher uptake for women, working parents and disabled groups.; - Partner with a social innovator company to help recruit and support employees with Autism Spectrum Disorder.; ; We gather and analyse data on our performance from regular surveys such as ENPS, IIP, Pulse survey, employee engagement surveys.; ; Our D&I team monitor the take-up, use and effectiveness of our measures, such as the number of new recruits from minority backgrounds, women, parents and diverse groups, and provide statistics for our Annual Review on performance against targets. For example, we report on the number of people attending training sessions and the split of male to female attendees.
• Wellbeing:

  Wellbeing

  Civica actively promote a mentally healthy workplace and workforce through our 40+ Mental Health Champions (MHC) and our ‘Health and Wellbeing’ policy, encouraging a flexible and realistic work/life balance. We integrate mental health and general wellbeing in all that we do from recruitment and ‘First Impressions’ to appraisals and strategic management.; ; Our ‘Health and Wellbeing’ policy and programme for all employees provide a foundation to support both the mental and physical health of our staff. Examples include:; - Employee Assistance Programme and online Wellbeing Hub, which provides 24/7 access to websites, e-mail, phone and face-to-face counselling on all personal issues.; - Aviva DigiCare+ Workplace App providing external mental health consultancy.; - Mental Health Champions who support colleagues’ wellbeing in the workplace.; - RedArc Personal nurse service.; - Management Coaching - managers are trained in GROW (Goals, Reality, Options and Will) and in being Health and Wellbeing Advisors, supporting employees with mental/physical health needs.; - Health assessments/advice aimed at improving physical health.; - Cycle to Work scheme to aid physical and mental health.; - Weekly fruit drop for offices, encouraging a healthier diet.; - We provide free eye tests for all VDU users, encourage staff to take advantage of NHS flu vaccinations services, and support people wishing to use the NHS Stop Smoking Service.; ; We also support our customers’ and communities’ physical and mental wellbeing through: Employee ‘Donate-a-Day’ to local charities; Local events organised through “Charity Champions”; Directors providing guidance to local community health and wellbeing projects; Supporting social housing tenants to re-focus resources and provide vital support to tenants.; ; Suppliers/subcontractors are subject to Civica’s Sub-contractor Selection Process as defined in our ISO9001 Quality Management System, which includes criteria for assessing health and wellbeing policies and their promotion.

Pricing

• Price: £25,000 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at g-cloud@civica.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.