Clarity Informatics Limited

Agilio Feedback

Clarity Feedback is a tried and tested solution to collate and report on peer, colleague, student, or patient feedback.

Features

• Digital feedback
• Remote access
• Colleague feedback
• Peer feedback
• Student feedback
• Patient feedback
• Benchmarking data

Benefits

• Time saving
• Trusted
• Accurate
• Reliable
• Scalable
• Expert

£17.50 a user a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

655011018825711

Contact

James Stephenson
01912875800
james.stephenson@agiliosoftware.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Customers are given advance notice of scheduled maintenance if it involves any downtime.
• System requirements: Modern web browsers as specified in the service description

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Typically respond within 2 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Support available 9-5 Monday to Friday/; No cost differential; We do not provide a technical account manager but have level 2 and 3 support available
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Online support and training for organisations.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Exportable content in agreed format for contract holders.; On the Customer’s request and at our standard daily rates, provide reasonable assistance with the migration of any Customer data to the Customer’s IT systems. Information held in Feedback is at all times owned by, and the sole responsibility of the customer.
• End-of-contract process: On the Customer’s request and at our standard daily rates, provide reasonable assistance with the migration of any Customer data to the Customer’s IT systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our service is constantly monitored to ensure that we have sufficient resources available to meet the needs of our users.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: In their preferred format.
• Data export formats:
  • CSV
  • ODF
• Data import formats: Other
• Other data import formats: Data entry manual

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our target availability is that the services are available on a 99.5% basis, measured each calendar month.; ; The SLA's are set out within our terms and conditions.
• Approach to resilience: Available on request aligned with the asset protection and resilience cloud security principle.
• Outage reporting: Public dashboard and email to contract holders.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: RBAC approach.; Reviewed at least every 6 months.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 05/08/2022
• What the ISO/IEC 27001 doesn’t cover: No exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: DSPT

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISMS 27001, DSPT, Cyber essentials plus. This includes board level responsibility and formal paths for asset ownership and risk management.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration and change management is operated within the ISO27001 framework. Asset registers are maintained by the information asset owner to ensure component assets and access to them are monitored and controlled on a constant basis. Changes are identified and planned with authorisation at the project, director or board levels dependant on the nature of the change to the service. Changes are planned and tested based on risk assessment, scope of change and criticality to the service. Fallback procedures, including procedures and responsibilities for aborting and recovering from unsuccessful changes and unforeseen events, are maintained to provide a "means of escape".
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Penetration testing at least every six months. ; Patching weekly for routine. ; Same day for urgent. ; Horizon scanning for potential threats.; Threats and vulnerabilities are reviewed prioritised action. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. Likely potential threats include both technological and regulatory sources. These are identified via a monitoring software, user feedback, security blogs, regulator advice, partner organisations etc. In addition we utilise antivirus software and firewalls to mitigate the risk.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Same day response to potential compromises and incidents.; Detailed domain and activity logs are retained. Logs are in place against each asset/component and alerts are generated for the relevant team dependent on the issue/asset to be analysed and assessed. Potential compromises are assessed immediately and escalated as required. Fixes can be deployed by the product team with as little delay as practicable and in a manner that reduces the need to take the service offline. We also utilise anti virus software and firewalls.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are managed following a pre defined process including -Monitoring, detecting, analysing and reporting of security incidents and events -Incident response planning and preparation -Handling of evidence -Assessment and decision on security incidents and security weaknesses -Escalation, controlled recovery from an incident and communication to both internal and external people and organisations -Security incidents of relevance to you will be reported in acceptable timescales and formats Users report incidents via the helpdesk or telephone. Incidents are recorded in the incident log including details of the incident, actions taken.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Wellbeing

  Wellbeing

  Our feedback software enables users to receive guidance and assistance regarding their academic progress.; This feedback can enable student growth, personal development, and enhance psychological wellbeing as they advance in their studies.; Academic supervisors can also use our feedback application to monitor student progress and support their approach to pastoral care in the university environment.

Pricing

• Price: £17.50 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at james.stephenson@agiliosoftware.com. Tell them what format you need. It will help if you say what assistive technology you use.