ePEP - Electronic Personal Education Plan (PEP for Success - P4S) ASSET for Electronic PEP
PEP for Success is a cloud-based electronic PEP solution. It's extremely easy to use for many different types of users with minimal training. It is intuitive, robust and very secure. Virtual Schools, Social Workers & Designated Teachers reports make life much easier with pre-populated fields & no requirement for repetition.
Features
- Secure Cloud-Based Software accessible 24/7
- Integration with 3rd Parties
- Suspensions alerts
- Trends in Attendance Patterns
Benefits
- Easy to read comprehensive reports
Pricing
£37.50 a unit a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
6 8 6 6 6 7 8 3 6 1 5 0 6 6 9
Contact
ASSET for Virtual Schools
James Beasley
Telephone: 02071838357
Email: virtualschools@assetforschools.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
-
- Public cloud
- Private cloud
- Service constraints
- Not Applicable
- System requirements
-
- Internet Access
- Login Credentials
- Email Access
- Supported Internet Browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Emails will be responded to within the hour during the working hours of 08:00-17:00. Emails are also checked out operating times and depending on the severity of support needed we will respond at the earliest opportunity. Clients will be provided a telephone number to call 24/7 for any critical issues and support that need to be resolved immediately.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- Chat tests are conducted each morning to ensure it is working efficiently.
- Onsite support
- Yes, at extra cost
- Support levels
- ASSET for Virtual Schools have support available from 08:00-17:00 through email, telephone and live chat services. All technical issues are reported as a ticket and are issued with a number which will be sent to the person who raised the issue. Frequent updates will be provided to the user through their preference, whether this will be an email or a phone call. Clients will be provided with a telephone number to call 24/7 for any critical issues and support to be resolved immediately. We have a dedicated team of specialists for technical support. 1st line of support will respond to queries regarding password queries, navigation and functionality and minor issues. 2nd line of support is for more complex issues, and resolving the issue may take longer than a phone call. 3rd line of support is for highly specific issues. All support that is within the scope of the agreement will be free of charge. There is a charge for help outside of the contract: 1st Line Support £200; 2nd Line Support £350; 3rd Line Support £650.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We provide onsite training, online training and also guidance notes are available to download when logged in to the website.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Upon the end of the contract, we will provide data as an SQL .Bak file and send via a secure FTP site.
- End-of-contract process
- The end of the contract will be discussed and tailored to meet the specification of the Local Authority. We will generally offer the Local Authority a global export in .sql format, which includes their entire data for the duration of the contract.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Our products are compatible with any mobile and tablet devices. The difference between the mobile and desktop is the menu style and the view is configured based on the device but the functionality remains the same between mobile and desktop service.
- Service interface
- No
- User support accessibility
- WCAG 2.1 AAA
- API
- Yes
- What users can and can't do using the API
-
API can be issued to the buyer with reading privileges for the following fields:
Pupil Characteristics
Contacts
Attendance
Suspensions
School Information - API documentation
- Yes
- API documentation formats
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Tailored homepage to match the brand of Local Authority. Bespoke reports to meet the requirements of the Local Authority and any additional reporting.
Scaling
- Independence of resources
- We monitor the performance and usage of our servers that are used to host resources. We can quickly increase the performance of the service depending on the user demand. We scale up the servers we use when necessary to ensure end-user satisfaction.
Analytics
- Service usage metrics
- Yes
- Metrics types
- We monitor the resources hosting the data through Microsoft Azure, these reports can be sent on request.
- Reporting types
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
- Data is exportable through the user interface of ASSET for Virtual Schools. A number of filters can be applied to the report which can be exported in .xlsx, .csv, .xlm, .pdf, .docx formats.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- XML
- Xlsx
- Docx
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- XML
- Xlsx
- Docx
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- ASSET for Virtual Schools guarantees 99% availability of the service. Our data centre of choice (Microsoft Azure) confirms 99.9% of the service. The Fabric Controller checks the hardware and software status of the host and guest machine instances. It detects a failure and enforces SLAs (service-level agreements) by automatically relocating the VM (virtual machine) instances to a different fault domain with zero downtime. The Fabric Controller replicates every request made against data in a storage account three times for local storage redundancy. These three replicas each reside in separate fault domains.
- Approach to resilience
-
The data centre used for this service is Microsoft Azure and is based in UK South which is based in London. ASSET is a cloud-based SSL protected software meaning it is secure, and there is no requirement to install or update, so there is no downtime. We have two backup London-based hosting servers and a backup domain to ensure continued service. We have various accreditations and checks performed to ensure we meet all legislation within our company and across our systems and software.
All Azure data centres meet or exceed Tier 4 requirements with redundant power feeds, backup generators, uninterruptable power supplies, redundant cooling, extensive physical security, etc. Inside the data centre, compute and storage resources are organised into fault domains; a fault domain is a group of nodes representing a physical unit of failure and can be considered nodes belonging to the same physical rack. The Azure Fabric Controller is responsible for provisioning and monitoring the condition of Azure compute instances. The Fabric Controller replicates every request made against data in a storage account three times. These three replicas each reside in separate fault domains. - Outage reporting
- We use Microsoft Azure data centres which are up to tier 4 standards. Azure has adopted ITIL standards and can provide availability reports, including traffic, hits, and requests. We will send Local Authorities Azure availability reports on a monthly basis. We will provide an explanation of any downtime that occurs, explaining our strategy to minimise any disruption for the Local Authority.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
ASSET for Virtual Schools restricts access by the defined user types within the software.
Accounts with administrative rights will have read and write access to all aspects of the site; they can also define access rights for other accounts. Restrictions can be defined by reports, read/write rights, and export rights. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 02/02/2024
- What the ISO/IEC 27001 doesn’t cover
- Not Applicable
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- Processes aligned with our ISO 27001 accreditation, we review our information security policies and processes bi-annually to ensure they are kept up to date with any changes in legislation and how we operate. Our policies are available upon request.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- Aligned with Information Technology Infrastructure Library guidelines, all changes are logged to record actions and decisions. All code changes are timestamped and are maintained associated with the developer. A senior developer reviews all code before submissions, any appropriate changes are also made. Developments are carried out in a local environment with test data before deploying to the live site.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
ASSET for Schools has an annual IT Health Check on our
systems, including a penetration test on our external IP
addresses. The IT Health test is Tiger Scheme approved which also tests our workstations. We are Cyber Essential Plus certified to ensure the security of your data. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- All workstations are projected by Norton Enterprise Business edition and are scanned on a daily basis. Smart firewall has bet set up and prohibits unauthorised connections. Any alerts or risks picked up by our antivirus software are quarantined and removed immediately.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Users can report incidents via email, phone calls, web and ticketing systems. Incidents are prioritised in by their importance.
Critical: PEP for Success website is entirely inaccessible - Response within two to four hours.
Major: PEP for Success website accessible but functionality severely impacted - Response within four hours.
Medium: Non-essential functionality of PEP for Success is impaired while most features and functionality remain working. - Response within 12 hours.
Minor: New implementation requests or issues that are frontend (cosmetic) and have little or no impact on the regular operation of the Services. - Response within 24 hours.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Fighting climate changeFighting climate change
ASSET promotes low/no paper usage. This is why all documents are available online for secure viewing, annotation, storing and sharing. However, we understand that sometimes, printing, note taking etc is inevitable. As a result, we promise for every equivalent to a tree we use in paper, we will replant.
We will suggest that any meetings unless completely necessary will be conducted virtually, this will help keep our carbon footprint to a minimum.
Pricing
- Price
- £37.50 a unit a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- A free trial is available with test data. You will be able to see all functionality of the service with a demo login. This is limited to 1 month; an extension can be negotiated.