Welfare Call (LAC) Limited

Electronic Personal Education Plan (ePEP)

We provide a fully managed data collection and analysis service via our cloud-based solutions covering attendance/attainment monitoring, ePEPs and analytics dashboards to assist Local Authorities in improving outcomes for vulnerable cohorts. Our ePEP is proven to be user friendly and streamlined whilst improving both the quality and quantity of PEP’s


  • Cloud-based platform allowing secure, accessible and appropriate access 24/7
  • Set up and maintenance of children and stakeholders records
  • Various Quality Assurance models to suit VS requirements
  • Pupil premium and SMART target management tool
  • Inbuilt reporting suite and dashboards provides analysis of data
  • Automated notifications and alerts to key stakeholders
  • Facility to upload additional documents, audio and video files
  • Data pre-populated reducing input and ensuring accuracy
  • Support network available 52 weeks of the year
  • Exemplar ePEP templates promoting best practices for each cohort


  • Improved quality of Personal Education Plans
  • Reduced administration through outsourcing of data management
  • Improved completion rates for Personal Education Plans
  • Improved information sharing and better safeguarding
  • Bespoke forms to meet local requirements
  • Easy adoption of system for new users
  • Cloud-based platform allowing secure, accessible and appropriate access 24/7
  • Engaging the ‘Voice of the Child’ in the PEP
  • Improved reporting allowing statistical analysis.
  • Cyber Essentials, WCAG, AA compliant cloud-based solution


£1.07 a unit a week

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@welfarecall.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

6 8 4 9 5 2 2 0 3 4 0 8 7 8 5


Welfare Call (LAC) Limited Andrew Henderson
Telephone: 01226 716333
Email: bidmanagement@welfarecall.com

Service scope

Software add-on or extension
Cloud deployment model
Private cloud
Service constraints
Not applicable.
System requirements
  • Internet access
  • Connection through a current supported internet browser
  • Individual corporate email address

User support

Email or online ticketing support
Email or online ticketing
Support response times
Priority 1: The entire system is completely inaccessible - response within two to four business hours.

Priority 2: Operation of the system is severely degraded, or major components are not operational and work cannot reasonably continue - response to within four business hours.

Priority 3: Certain non-essential features of the system are impaired while most major components remain functional. - response within 12 business hours.

Priority 4: Change requests or issues that are cosmetic and/or have little or no impact on the normal operation of the Services. - response within 24 business hours.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We have the same level of support applied to all our customers. A dedicated team of support specialists is available as first line support. As a hosted provision our technical team take full responsibility for the configuration, maintenance, updates and support of the cloud service. Welfare Call will ensure the service/software is up and running through a thorough implementation programme. Reviews then take place at least every 6 months to ensure the service/software is fulfilling the necessary requirements of the client. There are a number of different support methods which are provided e.g. online training, user documentation, training videos, webinars, phone support etc and during the implementation programme onsite support may be provided. Any onsite support which is needed over and above this may incur an additional charge.
Support available to third parties

Onboarding and offboarding

Getting started
Onsite training, online training, user documentation, training videos, webinars, user workbooks are included in the start up process as well as access to a dedicated ePEP product specialist support team. Primary contacts are taken through the bespoke design of the ePEP forms and features. This can form a pilot stage of the process if required. Existing form designs can be reviewed to support the client's design decisions. Once finalised and signed off account details are distributed to additional client agents.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data is provided to the client by encrypted data transfer, or data is destroyed in line with GDPR and the contractual obligations as laid down in the contract with the client.
End-of-contract process
Contract exit options form part of each contract definition and are discussed with the client both at the start and end of the contract to ensure that all statutory obligations, valid at the time, can be accounted for. Depending on the level of additional work required there may be additional charges made to cover the effort of meeting the client's requirements.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
Extranet: A cloud-based customer portal allows the user to manage their account details, change security questions, review their access logs and use the built in secure messaging service to request support, provide data updates or access the help materials.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The interface is tested with assistive technology for visual impairments (reversed colours, high contrast, grey-scale etc) as well as screen readers. The development team have a suite of tools to identify accessibility issues as code is produced.
Customisation available
Description of customisation
Bespoke home page, customised data collection forms, customised personalised document formats, customised self service reporting and analytics and the option to request additional custom reports.


Independence of resources
We automatically monitor performance of our dedicated servers multiple times every hour including measuring typical page load times and comparing against a known baseline. The service performance/capacity can be increased as required.


Service usage metrics
Metrics types
Uptime, self service user login audit trail, bespoke reports on request.
Reporting types
  • Real-time dashboards
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Within the Secure Portal a number of reports and document generation options are available. Historical documents stored in the system can also be exported in their original format. Report data can be customised, filtered and controlled on screen before exporting in a number of formats including .csv and xlsx. Statistical data generated from the reports can also be exported in .csv and charts generated from the statistical data can be exported in various common image formats.
Data export formats
  • CSV
  • Other
Other data export formats
  • Png
  • Pdf
  • Jpg
  • Xlsx
  • Docx
Data import formats
  • CSV
  • Other
Other data import formats
Other formats are managed by our admin team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Secure email
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our data centres boast a rapid 3-minute response time from the 3rd line engineers and guarantees 100% uptime on network connectivity. This allows us to achieve very high rates of availability. Contracts are agreed taking into account client agent access times which typically extend well beyond the working day. Service affecting maintenance is scheduled for the early hours of the morning to minimise disruption from planned work. Service affecting issues in core business hours are prioritised and addressed immediately.
Approach to resilience
The service is run on a virtual platform to be independent of the underlying hardware. The service is configured for high availability with N+1 redundancy at all levels: dual redundant internet connections, dual load balanced firewall with DDOS mitigation service, dual power feeds with dual UPS and dual backup generators, mirrored storage arrays and dual compute provision.
This whole service is replicated in a separate data centre with live data updates keeping the services synchronised.
Backups are taken hourly and daily backups are stored offsite. The service is configured to keep a full audit log of core data allowing changes to be tracked and undone without reverting to the backup. Individual client data can be restored without affecting all clients.
Outage reporting
Performance and service availability are measured in the data centre, from our own internal monitoring solution and from independent 3rd parties. If performance drops below key trigger levels or if the service is not available emails are automatically sent to key senior staff and an event is logged. A dashboard is displayed in all technical offices showing trends and alerts. A dashboard is also available for clients to view availability.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
We use a multi factor authentication process. Clients can make this mandatory for all agents with access to their data. Options include one time partial password, partial secret phrase, and one time code using Google Authenticator
Access restrictions in management interfaces and support channels
Within the site there are four levels of access restrictions:
1. User Types, limiting the basic users interface.
2. Authority limiting to what services are available
3. Individual Permissions overriding a specific user to elements.
4. Authority settings limiting the authorities options
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
Administration activities by supplier staff via the portal are secured by username, password and 2 factor authentication.
System administration is controlled by username and password and Public Key Authentication over a secure link that is over an encrypted VPN

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
Other security governance standards
Cyber Essentials
Information security policies and processes
Information security policies and processes are continually reviewed and updated to deal with emerging threats, changing legislation and to account for the development of new and existing services. Our focus is currently on our move towards ISO 27001 accreditation. Development is in line with, but not limited to, the following legislation: The Data Protection Act (2018)/GDPR, The Computer Misuse Act (1990), Freedom of Information Act 2000, Business Continuity Management and ISO 27001 standard. If you have specific questions relating to aspects of our policies please contact us with details of your request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Following ITIL guidelines a ticket is logged for every change request to record all actions and decisions taken. A timestamped repository of code changes is maintained associated with each developer. Code is automatically checked before submission and changes are reviewed by a senior developer. Development is carried out in a separate development environment and undergoes testing prior to being made live. A secure code framework is used into which new functions are built ensuring new features and functionality automatically benefits from pre-tested security. NCSC and other guidelines are are referenced to ensure configuration changes follow best practice standards.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Code is developed within a secure framework. 3rd party CREST approved annual penetration test is carried out with monthly updates. Annual Cyber Essentials assessment is completed.
A subscriptions to the National Vulnerabilities Database creates actionable tickets for developers to check potential risks.
Automated software update checkers alert technicians to security updates. NIDS and HIDS solutions are used to identify issues.
Continual development and deployment practices allows a quick response to any issue found. Infrastructure patches/updates are applied within 14 days. Security issues can be actioned in less than an hour.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises are identified through our network and host Intrusion Detection services, Anti-Virus software and alerts configured in the firewalls.
If compromises are identified proactive action is taken to remedy the issue immediately followed by a risk assessment
Incident management type
Supplier-defined controls
Incident management approach
We have pre-defined processes for common events defined in our procedures. For everything else we have a set of guidelines to follow.
Users report incidents either via phone, email or secure messaging. Incidents can also be reported by our automatic monitoring services that will send alerts by email, by raising a ticket and by displaying an alert on the monitoring screens in our technical offices.
Incident reports are provided by secure email to a nominated contact agreed with the client.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Please contact us directly for further information.
Covid-19 recovery

Covid-19 recovery

During the Covid-19 outbreak we communicated directly with our customers daily and issued regular business continuity updates by email and also provided a status update via our website.

We continued to monitor service users via an adapted model to ensure business continuity.

Further details can be provided upon request.
Tackling economic inequality

Tackling economic inequality

Please contact us directly for further information.
Equal opportunity

Equal opportunity

Our vision is for the company to be a successful, caring and welcoming place for staff and service users to receive care and advice. We feel we achieve this by creating a supportive and inclusive environment where our staff can reach their full potential and care is provided in partnership with service users, without prejudice and discrimination. We are committed to a culture where respect and understanding is fostered and the diversity of people's backgrounds and circumstances will be positively valued. Our aim is to achieve equality of care experience by removing any potential discrimination in the way that our staff and service users are cared and treated by us, including: • people with disabilities • people of different sexual orientations • transgendered and transsexual people • people of different races • people on the grounds of their sex • people of faith and of no faith • people in relation to their age • people in relation to their social class or medical condition • people who work part-time • people who are married or in a civil partnership • women who are pregnant, have recently given birth or are breastfeeding To ensure this, we maintain a wide range of policies covering all aspects Equality, these include: • Equality and Diversity Policy • Ethical Recruitment Policy • Safeguarding Policy We also provide literature and information in a variety of languages, if required and our services are accessible to staff and service users with disabilities. Please contact us for further details.


Please contact us directly for further information.


£1.07 a unit a week
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidmanagement@welfarecall.com. Tell them what format you need. It will help if you say what assistive technology you use.