PEOPLE PLACES LIVES LIMITED

PPL Web Portal, with CMS and Directory of Services

The portal is a standalone content-managed web solution, with information content, and a range of directories, creating an effective, non-transactional website. Typically used for health and social care and Local Authority websites, PPL's Portal offering is in use in more than 40 Local Authorities.

Features

• Content managed portal for information and guidance
• Powerful, results as you type search engine
• Specific support for Adults social care & Public Health
• Specific support for Families and SEND Local Offer
• Responsive, supports all devices
• Pre-authored content
• Support for co-design of the look and feel
• "My Community" feature encouraging users to explore local services
• "Equipment House" feature to select appropriate equipment and adaptations

Benefits

• An affordable entry package into Adult Social Care online
• Easily extended to incorporate modules such as eMarketplace
• Deployed for more than 35 Local Authorities

£17,500 an instance a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@peopleplaceslives.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

663367053583155

Contact

Claire Hewitt
03300 582 690
sales@peopleplaceslives.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Public Partnerships' digital platform
• Cloud deployment model: Private cloud
• Service constraints: Not applicable
• System requirements:
  • Application is hosted on the PPL Cloud
  • Users require a browser (see browser list below)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Issues are responded to during working hours, according to priority: - Priority 1 - 15 minutes, Priority 2 - 30 minutes, Priority 3-5 - 60 minutes. ; ; While our team respond to system issues outside of working hours, our team typically only respond directly to customer tickets during working hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support services are agreed with clients on a case by case basis, dependent on requirements. All clients are provided with a named Account Manager and Support Manager who will manage the commercial relationship and support on behalf of the customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: PPL will provider onsite training, online training, online system documentation and electronic copies of training documentation for unlimited reproduction. ; ; Some support contracts provide full user support, in addition to technical support.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Many elements of data can be exported from the system directly in CSV/XLS/PDF format. PPL can also provide a CSV/XLS/PDF of any other client data held by PPL on the solution.
• End-of-contract process: As standard, PPL will include an exit meeting, one day's handover and decommission and destroy client data. We would be happy to tailor this process, according to requirements and would quote accordingly.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The service is built using responsive technologies that will work across all popular devices. The service will therefore automatically display differently on mobile devices using appropriate reformatting and functionality.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is delivered via a web browser. The interface has been developed to be responsive (works across PCs, mobiles and tablets), accessible (complies with WCAG AA Accessibility standards) and cross-browser compatible (works across most popular web browsers). The interface is very intuitive and has undergone extensive usability testing, plus there is no requirement for users to download any code or plug-ins.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The interface has been tested extensively with users of assistive technology, including our lead accessibility tester, who is disabled and uses assistive technology on a daily basis.
• API: Yes
• What users can and can't do using the API: Extract and exchange data between systems. Subject to separate commercial agreements.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Almost all elements of our service can be customised, including features, service levels and support arrangements. Please contact us to clarify your requirements, after which we will issue a quotation for the service specified.

Scaling

• Independence of resources: The PPL cloud make use of resource management within the virtualisation platform to allocate dedicated resource to each virtual resource within the cloud. These resource are actively monitored by the PPL technical team and managed to ensure smooth demand management.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics are provided through a combination of anonymous user data from Google Analytics and application/server generated information, such as uptime and transaction value.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Many data elements can be exported directly from the system in CSV/XSLX/PDF format against the particular function on the system. In addition, bespoke export feeds can be created and provided via e-mail/ftp/sftp or other secure mechanism, as required by the client.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • XML
  • XSL/XSLX
  • PDF
  • JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • XML
  • XLS/XLSX
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.95% availability is standard, SLAs are tailored to each customer and appropriate service credits are issued based on the SLA targets meeting availability.
• Approach to resilience: Datacentre resilience information is available on request
• Outage reporting: Our service is monitored 24x7 by an automated monitoring service, which generates SMS and email alerts to our Service Support team. Customers can opt into service alerts, on request.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are typically only accessible internally by PPL within our network. Where clients need access to the management interface directly, it will typically require a secure IP restricted access and other security measures agreed with the client (e.g. certificates or VPN). Access to the interface is by secure username and strong encrypted password or via integration with 3rd party identity solutions e.g. ADFS/ForgeRock/WS02. The support tools are restricted based on agreed personnel who can raise support tickets and have a secure username and password to access.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
• Description of management access authentication: Access to management and administration areas is governed by various security options, which are discussed and agreed with our clients.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International plc
• ISO/IEC 27001 accreditation date: 12/02/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: PPL have a dedicated corporate Information Security team and a CISO responsible for monitoring and managing security across the organisation. Within each business unit, a dedicated security expert provides local management and control. PPL implement mandatory annual training via eLearning tools to ensure staff are ware of all key security policies. A range of tools including SCCM are used to monitor and audit all devices on the network (both local office and hosting infrastructure). As part of our standards compliance, security controls are audited by a number of external auditors and clients on a regular basis.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The purpose of the PPL change control process is that any requested changes are understood and that their impact is recognised by all of the parties affected by the change. ; ; The main Components of the change control process are:; • Documented channel through which a change is requested; • Change impact analysis; • Change Advisory Board (CAB) to assess change and recommend action; • Prioritisation and scheduling of the change, relative to other changes; • The development / implementation of the change, including testing, ; • Updating of records to incorporate the change; • Management reporting (throughout)
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: All threats are reviewed by the corporate security team and reviewed with the business unit security experts. This will also include review and advice with the vendor, if appropriate. Information on threats from 3rd party services PPL subscribes with, vendor notification and other public sources. Patches are deployed on a severity basis as soon as relevant testing is complete or in line with vendor recommendations. Critical patches will be deployed immediately where a known active exploit is identified.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: PPL have a number of hardware and 3rd party solutions that monitor both the internal and external elements of the network and advise on possible threats. Audit logs are maintained at hardware and software level for internal analysis and by 3rd party services, which actively advise on potential issues. All potential threats are reviewed by the corporate security team and reviewed with the business unit security experts. This will also include review and advice with the vendor, if appropriate. Patches are deployed on a severity basis as soon as relevant testing is complete or in line with vendor recommendations.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: PPL operate an ITIL based incident management process with documented procedures for common incidents. Users can report incidents through our online customer service portal. They can also monitor the status of the incident through the portal and receive e-mail/SMS updates. Incident reports are provided through the portal as part of closing each incident.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  Covid-19 forced PPL employees to work from home, but this proved to be beneficial on an individual level as well as a company level. Since restrictions have been lifted, we have chosen to remain a work from home company, with just 1 monthly optional office day. This sharp reduction in travel to the office has helped PPL drastically reduce its carbon footprint. Furthermore, we ask people to carpool to the office where possible, further reducing our carbon footprint (the 5 members of the Projects team come in together, resulting in 5x less emissions within their team, for example). ; Another key fixture of operations prior to the pandemic was travel across the country to local councils to demonstrate our products and hold progress meetings. This travel no longer occurs, as we can host these meeting on Microsoft Teams. This accounts for another large reduction in carbon emissions. ; Since the pandemic hit and we focused more on working online, we have also become a virtually paper-free company.
• Covid-19 recovery:

  Covid-19 recovery

  From the start of the pandemic, PPL has been responsive to our clients’ need to keep their residents, businesses and staff informed about the pandemic and its effect on local services. In addition to delivering covid-specific web applications to monitor PPE, covid rates and other criteria in care homes, we were also proactive in maintaining the relevant Covid-19 advice on our clients’ solutions. This included pop-ups where necessary, as well as whole pages dedicated to tackling Covid-19, explaining restrictions, etc. ; As the country slowly got back to being normal, this information has the potential to keep people safer, and allows health and social care users to make more informed choices about how to meet their care needs while staying safe.
• Tackling economic inequality:

  Tackling economic inequality

  Our solutions are designed to support and promote the providers of health and social care services. This includes Personal Assistants, Micro-Providers, Community and Voluntary Organisations, and SMEs - putting them on a level playing field with larger organisations who are can more readily afford marketing tools and websites. By providing a platform for organisations such as these, we help put PAs and organization to find new employment and business within those areas, reducing economic inequality and helping to bolster the local economies. ; ; One of the largest negative economic impacts of Covid-19 was a large increase in unemployment, including young adults who were graduating that summer or had graduated recently. Since the relaxation of restrictions mid-2021, we have employed 2 young people (under 25) who had found themselves in flux prior to joining PPL as a direct result of Covid-19. We also hired another young adult directly after graduating University. For a company with fewer than 40 employees, this was a substantial commitment to helping reduce youth unemployment which had occurred due to the pandemic.
• Equal opportunity:

  Equal opportunity

  Public Partnerships is an equal opportunity employer. We strongly believe that our company benefits from a diverse workforce and use a number of initiatives to support that, including recruitment of young people and apprentices, as well as individuals with disabilities, via supported employment services.
• Wellbeing:

  Wellbeing

  PPLs digital solutions are designed to support health and well being initiatives in local populations. Our G-Cloud services therefore directly support the wellbeing across the UK.; ; PPL has always been committed to the wellbeing of its staff. In the last two years, we have furthered our efforts to improve the wellbeing of our colleagues. We introduced an extra day of holiday per year, and over the summer months, we run "Family and friends Friday" - a 10-week period where employees can finish at lunchtime on a Friday afternoon should they have nothing urgent outstanding. ; We use an online Personal Development tool, where employees can post weekly updates including sections to share highlights of their week, issues they are facing, and a ‘how am I feeling?’ section, all of which can only be seen by their manager.; We have all-company meetings three times a week, which include a section where we discuss issues, no matter how small, regarding work. This has helped us to develop a collaborative environment, where everyone is willing to help with any issue, to ensure no individual gets too snowed under with work, to try and minimize negative impacts on the mental health of employees.

Pricing

• Price: £17,500 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@peopleplaceslives.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.