Welfare Call (LAC) Limited

Electronic Personal Education Plan (ePEP)

We provide a fully managed data collection and analysis service via our cloud-based solutions covering attendance/attainment monitoring, ePEPs and analytics dashboards to assist Local Authorities in improving outcomes for vulnerable cohorts. Our ePEP is proven to be user friendly and streamlined whilst improving both the quality and quantity of PEP’s

Features

• Cloud-based platform allowing secure, accessible and appropriate access 24/7
• Set up and maintenance of children and stakeholders records
• Various Quality Assurance models to suit VS requirements
• Pupil premium and SMART target management tool
• Inbuilt reporting suite and dashboards provides analysis of data
• Automated notifications and alerts to key stakeholders
• Facility to upload additional documents, audio and video files
• Data pre-populated reducing input and ensuring accuracy
• Support network available 52 weeks of the year
• Exemplar ePEP templates promoting best practices for each cohort

Benefits

• Improved quality of Personal Education Plans
• Reduced administration through outsourcing of data management
• Improved completion rates for Personal Education Plans
• Improved information sharing and better safeguarding
• Bespoke forms to meet local requirements
• Easy adoption of system for new users
• Cloud-based platform allowing secure, accessible and appropriate access 24/7
• Engaging the ‘Voice of the Child’ in the PEP
• Improved reporting allowing statistical analysis.
• Cyber Essentials, WCAG, AA compliant cloud-based solution

£1.07 a unit a week

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@welfarecall.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

684952203408785

Contact

Andrew Henderson
01226 716333
bidmanagement@welfarecall.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Not applicable.
• System requirements:
  • Internet access
  • Connection through a current supported internet browser
  • Individual corporate email address

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1: The entire system is completely inaccessible - response within two to four business hours. ; ; Priority 2: Operation of the system is severely degraded, or major components are not operational and work cannot reasonably continue - response to within four business hours.; ; Priority 3: Certain non-essential features of the system are impaired while most major components remain functional. - response within 12 business hours. ; ; Priority 4: Change requests or issues that are cosmetic and/or have little or no impact on the normal operation of the Services. - response within 24 business hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We have the same level of support applied to all our customers. A dedicated team of support specialists is available as first line support. As a hosted provision our technical team take full responsibility for the configuration, maintenance, updates and support of the cloud service. Welfare Call will ensure the service/software is up and running through a thorough implementation programme. Reviews then take place at least every 6 months to ensure the service/software is fulfilling the necessary requirements of the client. There are a number of different support methods which are provided e.g. online training, user documentation, training videos, webinars, phone support etc and during the implementation programme onsite support may be provided. Any onsite support which is needed over and above this may incur an additional charge.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training, online training, user documentation, training videos, webinars, user workbooks are included in the start up process as well as access to a dedicated ePEP product specialist support team. Primary contacts are taken through the bespoke design of the ePEP forms and features. This can form a pilot stage of the process if required. Existing form designs can be reviewed to support the client's design decisions. Once finalised and signed off account details are distributed to additional client agents.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is provided to the client by encrypted data transfer, or data is destroyed in line with GDPR and the contractual obligations as laid down in the contract with the client.
• End-of-contract process: Contract exit options form part of each contract definition and are discussed with the client both at the start and end of the contract to ensure that all statutory obligations, valid at the time, can be accounted for. Depending on the level of additional work required there may be additional charges made to cover the effort of meeting the client's requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Extranet: A cloud-based customer portal allows the user to manage their account details, change security questions, review their access logs and use the built in secure messaging service to request support, provide data updates or access the help materials.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The interface is tested with assistive technology for visual impairments (reversed colours, high contrast, grey-scale etc) as well as screen readers. The development team have a suite of tools to identify accessibility issues as code is produced.
• API: No
• Customisation available: Yes
• Description of customisation: Bespoke home page, customised data collection forms, customised personalised document formats, customised self service reporting and analytics and the option to request additional custom reports.

Scaling

• Independence of resources: We automatically monitor performance of our dedicated servers multiple times every hour including measuring typical page load times and comparing against a known baseline. The service performance/capacity can be increased as required.

Analytics

• Service usage metrics: Yes
• Metrics types: Uptime, self service user login audit trail, bespoke reports on request.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Within the Secure Portal a number of reports and document generation options are available. Historical documents stored in the system can also be exported in their original format. Report data can be customised, filtered and controlled on screen before exporting in a number of formats including .csv and xlsx. Statistical data generated from the reports can also be exported in .csv and charts generated from the statistical data can be exported in various common image formats.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Png
  • Pdf
  • Jpg
  • Xlsx
  • Docx
• Data import formats:
  • CSV
  • Other
• Other data import formats: Other formats are managed by our admin team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Secure email
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our data centres boast a rapid 3-minute response time from the 3rd line engineers and guarantees 100% uptime on network connectivity. This allows us to achieve very high rates of availability. Contracts are agreed taking into account client agent access times which typically extend well beyond the working day. Service affecting maintenance is scheduled for the early hours of the morning to minimise disruption from planned work. Service affecting issues in core business hours are prioritised and addressed immediately.
• Approach to resilience: The service is run on a virtual platform to be independent of the underlying hardware. The service is configured for high availability with N+1 redundancy at all levels: dual redundant internet connections, dual load balanced firewall with DDOS mitigation service, dual power feeds with dual UPS and dual backup generators, mirrored storage arrays and dual compute provision. ; This whole service is replicated in a separate data centre with live data updates keeping the services synchronised. ; Backups are taken hourly and daily backups are stored offsite. The service is configured to keep a full audit log of core data allowing changes to be tracked and undone without reverting to the backup. Individual client data can be restored without affecting all clients.
• Outage reporting: Performance and service availability are measured in the data centre, from our own internal monitoring solution and from independent 3rd parties. If performance drops below key trigger levels or if the service is not available emails are automatically sent to key senior staff and an event is logged. A dashboard is displayed in all technical offices showing trends and alerts. A dashboard is also available for clients to view availability.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: We use a multi factor authentication process. Clients can make this mandatory for all agents with access to their data. Options include one time partial password, partial secret phrase, and one time code using Google Authenticator
• Access restrictions in management interfaces and support channels: Within the site there are four levels of access restrictions:; 1. User Types, limiting the basic users interface.; 2. Authority limiting to what services are available; 3. Individual Permissions overriding a specific user to elements.; 4. Authority settings limiting the authorities options
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Description of management access authentication: Administration activities by supplier staff via the portal are secured by username, password and 2 factor authentication. ; System administration is controlled by username and password and Public Key Authentication over a secure link that is over an encrypted VPN

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: Information security policies and processes are continually reviewed and updated to deal with emerging threats, changing legislation and to account for the development of new and existing services. Our focus is currently on our move towards ISO 27001 accreditation. Development is in line with, but not limited to, the following legislation: The Data Protection Act (2018)/GDPR, The Computer Misuse Act (1990), Freedom of Information Act 2000, Business Continuity Management and ISO 27001 standard. If you have specific questions relating to aspects of our policies please contact us with details of your request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Following ITIL guidelines a ticket is logged for every change request to record all actions and decisions taken. A timestamped repository of code changes is maintained associated with each developer. Code is automatically checked before submission and changes are reviewed by a senior developer. Development is carried out in a separate development environment and undergoes testing prior to being made live. A secure code framework is used into which new functions are built ensuring new features and functionality automatically benefits from pre-tested security. NCSC and other guidelines are are referenced to ensure configuration changes follow best practice standards.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Code is developed within a secure framework. 3rd party CREST approved annual penetration test is carried out with monthly updates. Annual Cyber Essentials assessment is completed.; A subscriptions to the National Vulnerabilities Database creates actionable tickets for developers to check potential risks.; Automated software update checkers alert technicians to security updates. NIDS and HIDS solutions are used to identify issues.; Continual development and deployment practices allows a quick response to any issue found. Infrastructure patches/updates are applied within 14 days. Security issues can be actioned in less than an hour.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified through our network and host Intrusion Detection services, Anti-Virus software and alerts configured in the firewalls.; If compromises are identified proactive action is taken to remedy the issue immediately followed by a risk assessment
• Incident management type: Supplier-defined controls
• Incident management approach: We have pre-defined processes for common events defined in our procedures. For everything else we have a set of guidelines to follow.; Users report incidents either via phone, email or secure messaging. Incidents can also be reported by our automatic monitoring services that will send alerts by email, by raising a ticket and by displaying an alert on the monitoring screens in our technical offices.; Incident reports are provided by secure email to a nominated contact agreed with the client.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Please contact us directly for further information.
• Covid-19 recovery:

  Covid-19 recovery

  During the Covid-19 outbreak we communicated directly with our customers daily and issued regular business continuity updates by email and also provided a status update via our website. ; ; We continued to monitor service users via an adapted model to ensure business continuity.; ; Further details can be provided upon request.
• Tackling economic inequality:

  Tackling economic inequality

  Please contact us directly for further information.
• Equal opportunity:

  Equal opportunity

  Our vision is for the company to be a successful, caring and welcoming place for staff and service users to receive care and advice. We feel we achieve this by creating a supportive and inclusive environment where our staff can reach their full potential and care is provided in partnership with service users, without prejudice and discrimination. We are committed to a culture where respect and understanding is fostered and the diversity of people's backgrounds and circumstances will be positively valued. Our aim is to achieve equality of care experience by removing any potential discrimination in the way that our staff and service users are cared and treated by us, including: • people with disabilities • people of different sexual orientations • transgendered and transsexual people • people of different races • people on the grounds of their sex • people of faith and of no faith • people in relation to their age • people in relation to their social class or medical condition • people who work part-time • people who are married or in a civil partnership • women who are pregnant, have recently given birth or are breastfeeding To ensure this, we maintain a wide range of policies covering all aspects Equality, these include: • Equality and Diversity Policy • Ethical Recruitment Policy • Safeguarding Policy We also provide literature and information in a variety of languages, if required and our services are accessible to staff and service users with disabilities. Please contact us for further details.
• Wellbeing:

  Wellbeing

  Please contact us directly for further information.

Pricing

• Price: £1.07 a unit a week
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@welfarecall.com. Tell them what format you need. It will help if you say what assistive technology you use.