The Access Group

Assemble Volunteer Management and Engagement

Assemble’s volunteer management Software as a Service supports the volunteer journey end-to-end with recruitment, rota scheduling, compliance, communication, and volunteer retention features. In use by NHS Hospital Trusts, Local Government, charities and non-profits, our process driven web and mobile application offers scalability, flexibility and increased productivity for teams.

Features

• Volunteer Applicant Tracking System for volunteer recruitment
• Flexible permissions library
• Real time data capture and analytics reporting
• Communication via Email, Internal Messaging, SMS, Push Notifications, News
• Expense Management: easily submit expense claims and keep audit trail
• Rich profiles that capture skills, qualifications, training and volunteer hours
• Document management for sharing documents and team collaboration
• Intuitive design for ease of navigation, searching and reporting
• Mobile application for Android and iOS
• Open API access to integrate with other systems

Benefits

• Increased volunteer engagement
• Feature rich platform to help keep data in one place
• Accurate reporting on volunteer activities
• Powerful tools to manage every step of the volunteer journey
• Consistent volunteer experience across the organisation
• Empower volunteers with their own self serve portal
• Tools that identify, manage and safeguard personal data you collect
• Keep volunteers in the loop with automatic notifications and alerts
• Save hours of scheduling with intuitive scheduling and communication tools
• GDPR compliant: know your data is always safe and accessible

£3 to £120 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

693550558565346

Contact

Access UK
01206322575
tendernotifications@theaccessgroup.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Assemble was built with API-first methodology (REST with JSON), meaning that all functionalities are available through our API which makes it possible to integrate the Assemble service with any modern software. Clients can leverage any of our existing integrations as part of their subscription.
• Cloud deployment model: Public cloud
• Service constraints: Assemble is created with continuous delivery (deployment) practice meaning that upgrades are usually happening in smaller increments. This reduces the need for downtimes for upgrades. However, downtimes for system maintenance/upgrade is sometimes unavoidable and wherever possible, Assemble will always give at least four weeks’ notice for any sort of planned maintenance. Depending on the risks, duration and complexity of any upgrades/maintenance, downtimes are usually planned for periods of least usage which is identified by analysing usage statistics of our systems. Any planned maintenance will be delivered to organisational administrators via email.
• System requirements:
  • An Internet Connection
  • Up to date, secure internet browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 09:00 – 17:30 Monday-Friday.; ; Urgent: 15min.; High: 1 hour .; Normal: 4 Hours.; Low: 8 Hours.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We take pride as a business in delivering high quality service from a team that is knowledgeable and responsive while offering a comprehensive SLA for all its customers.; ; In any client engagement, UK Support staff can easily be reached by phone or email. Users are also able to log and track tickets with our online helpdesk. Guides and documentation are also available, ensuring seamless self-service experiences. Support is included as part of the subscription.; ; Service Level Agreement Coverage:; ; 09:00 – 17:30 Monday-Friday.; ; Urgent: 15min.; High: 1 hour.; Normal: 4 Hours.; Low: 8 Hours.; ; 1. Severity Level Definitions:; ; ● Urgent: Production issue affecting all users system unavailability; ● High: Persistent issue affecting many users, major functionality is impacted, significant performance degradation; ● Normal: System performance issue or bug affecting some but not all users; ● Low: Inquiries about routine technical issues, login problems, information requests on application capabilities, navigation, and report generation; ; 2. 24/7 Urgent and High coverage includes weekends and holidays; Normal and Low coverage during core support hours only and excludes weekends and holidays.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We’ve helped organisations of all sizes and use cases make the switch and get meaningful results quickly. Our implementation methodology is based on 14 years of delivering successful project rollouts for clients including the Metropolitan Police to RSPCA. We’ve developed a tried and proven approach for delivering quality and on-time deployments regardless of where you are in your journey or the complexity of your organisation. Assemble Professional Services will be on hand throughout the implementation to provide assistance and guidance based on best practices we have developed working alongside our clients. Your Implementation Specialist will discuss and evaluate your current process and make recommendations, actionable advice and guidance on sector standard workflows and processes. Assemble provide - as part of any implementation- a comprehensive range of services which can include discovery, project management, configuration, consultation, testing, onsite training, and documentation.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Using Export tools - All data associated with the account can be exported into Excel or similar format and transferred securely over to the customer.
• End-of-contract process: Renewals can be initiated 90 days prior to the end of the contract term.; ; If a customer chooses to close their account or their subscription expires, Assemble will store customer data for 30 days (the retention period) to give customers time to extract the data or renew their subscription. All data associated with the account can be exported into Excel or similar format and transferred securely over to the customer.; ; After this 30 day period, Assemble will disable the account and commit to deleting all data under their control, including any encrypted file back-ups. Once this has been performed, Assemble will confirm in writing with the organisation contact that their details have been removed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • MacOS
  • Windows
  • Other
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The optional mobile application is built volunteer first and is an extension of the desktop application, in that everything a volunteer user can do via their desktop application will be mirrored in the Mobile App.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Users are also able to log and track; tickets with our online help desk. Guides and documentation are also available, ensuring seamless self-service experiences.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have worked extensively with our clients in providing assistive technology for the visually impaired. To help meet our goal of design for all, Assemble follows the internationally recognised best practices in Web Content Accessibility Guidelines (WCAG) 2.1 Level AA to the extent possible guaranteed for all public-facing pages and volunteer mobile app.
• API: Yes
• What users can and can't do using the API: Connect seamlessly with the products you already use to ensure you’re getting the most out of Assemble. Streamline your workflow and sync volunteer data – Assemble works well with third-party products, like CRM and elearning systems. Gain open access and build powerful integrations with our JSON-based REST APIs or Webhooks - detailed documentation is on hand. The Assemble API allows customers to create, read, update, delete.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The Assemble application allows a high-degree of configuration to suit each customer organisation's unique requirements, including:; ; - reflecting organisation workflows; - custom fields and attributes; - flexible hierarchy that supports an infinite number and level of teams; - flexible permissions library; - custom application forms; - look and feel to reflect organisational branding

Scaling

• Independence of resources: Assemble is built entirely on Amazon Web Services (AWS) infrastructure, utilising many of the advanced high availability and scaling features inherent in Amazon’s service provision.; The main application servers is based on Ubuntu Linux running Apache to serve requests. Each group of application servers are behind an Elastic Load Balancer and populated with an Auto-Scaling Group that spreads instances across all availability zones. This means that the application layer is resilient to failures in individual servers as well as larger scale incidents outside of our control.

Analytics

• Service usage metrics: Yes
• Metrics types: Authorised users have access to usage statistics how many users have logged in to the system.; ; Assemble publish realtime and historical SLA metrics on our public website.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Other
• Other data at rest protection approach: In terms of data at rest, all information is encrypted by utilising disk encryption where all the contents of the entire disk is encrypted. In addition, certain sensitive data itself is further encrypted which means that even if unauthorised access was gained to files/datastores, the information is encrypted and is only accessible via Assemble.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Built in export tools.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel (xls,xlsx)
  • JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We gurantee 99.95% uptime across our services. Our system status can be viewed here - https://goassemble.statuspage.io/.; If we don’t meet our 99.95% monthly uptime guarantee, once we calculate your "downime", we’ll refund you 5x whatever you paid us for that period of downtime. For example, if our uptime falls to 99.94% in a given month, that results in about 26 minutes of Downtime. We’ll give you service credits equivalent to 5x your organisations cost for that period of time. Service Credit can’t be exchanged for cash (monetary compensation); it is added as a credit on your account and, as always, we use any credits you have first, before charging you. Please see www.goassemble.com/sla for further details.
• Approach to resilience: Our service is designed across AWS’s highly scalable highly available infrastructure.; Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment and creating Disaster Recovery plans. We take a risk and impact based approach with continual improvement. Disaster recovery for Assemble utilises the latest cloud technologies to provide as much automatic failover, recovery and self-healing as possible. Any incident with even a small likelihood of happening has automatic procedures in place for the application to heal itself and extreme cases, with a minute chance of occurring, are detailed in the Disaster Recovery (DR) Plan which can be made available on request. The DR plan also contains descriptions, procedures and mitigations for cases where the automatic self-healing procedures are not initiated. In all cases, our DR plan has a Recovery Point Objective (RPO) of less than one hour, meaning data loss will be at an absolute minimum. Assemble’s Recovery Time Objective (RTO) is zero for all self-healing cases and even where manual intervention is required, it remains less than a few hours in all but the most extreme cases.
• Outage reporting: We report outages via Twitter and realtime publicly available status updates on our website -; https://goassemble.statuspage.io

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: 2-factor authentication can be enabled and enforced on users.
• Access restrictions in management interfaces and support channels: Assemble operate an Information Security Management system (ISMS) where policies map to ISO 27001:2013. As part of ISMS, Assemble has clearly defined Access Control policies (Annex A.9) including Information Systems Audit controls (Annex A.12.7.1). It must be pointed out that Assemble support users can only access data through the application and as with any modern software, this is fully logged and auditable by customers. Other than key personnel, no other users, including developers, have direct access to any data on Assemble.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: ISO 27001:2013 Certification was awarded by Alcumus ISOQAR
• ISO/IEC 27001 accreditation date: 30/01/2024
• What the ISO/IEC 27001 doesn’t cover: Nothing. Scope reads: The information security management system in relation to the organisations business, including: hosting, payroll services, financial & payment processing, screening, software; development and delivery, client data and infrastructure in ; accordance with the statement of applicability V2.2
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Information security is critical to our business, our robust Information Security Management System (ISMS) is designed to control information assets appropriately, assess risks and build a culture of security at Assemble. We have met the requirements of the GDPR and and hold an ISO 27001:2013 certification.
• Information security policies and processes: Information security is critical to our business, our robust Information Security Management System (ISMS) is designed to control information assets appropriately, assess risks and build a culture of security at Assemble.; ; As part of ISO 27001:2013 Assemble have a documented “Information Security Policy” and a set of subordinate security policies and controls relating to our management of data and information security. These are held within the ISMS.online platform.; We ensure everyone understands and adheres to our strict Information Security Policy. All staff will receive training on this policy. New joiners will receive training as part of the induction process. Further training will be provided at least every two years or whenever there is a substantial change in the law or our policy and procedure.; ; Completion of this training is compulsory.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: As part of our Information Security Management System (ISMS), we have implemented system development principles to ensure that whenever we introduce new systems, privacy and security requirements are considered at every stage.; As Assemble is an ever growing and changing application, robust change management is critical to maintaining high availability and our zero-downtime deployments. By utilising some of the latest methodologies, such as “infrastructure as code”, all changes made to infrastructure, software and configurations is inherently version controlled and managed. Code changes require peer review, QA, and approval by high-level staff before being applied to the main product.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management approach is comprehensively documented in our ISO 27001 information security management system and is available on request. We proactively monitor relevant communications services and have alerts sent to staff, who then have processes in place to address and respond to issues based on the severity of the threat. Depending on the nature of the vulnerability discovered and the availability of a fix (e.g. a patch) or other intervention (e.g. staff communication) can be deployed within minutes of being identified, dependent on the vulnerability. It is all evidenced in line with our ISMS.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Assemble utilises Amazon CloudWatch to constantly monitor our systems. CloudWatch collects monitoring and operational data in the form of logs, metrics and events, providing us with a unified view of resources, applications and services that run on AWS. We use CloudWatch to set alarms, visualise logs and metrics side by side, take automated actions, troubleshoot issues, and discover insights to optimize our applications, and ensure they are running smoothly.; Assemble also utilises Amazon WAF (Web Application Firewall) to monitor, detect and block repeated inappropriate access requests. Assemble’s intrusion detection techniques are regularly adjusted following manual reviews of logs.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As part of ISO 27001:2013, Assemble have clearly defined incident management procedures and use the ISMS.online platform to record and manage all security incidents. These policies are available to view on request.; ; With regards to data breaches, Under the GDPR, Assemble is required to report data breaches to the ICO within 72 hours. As part of our information security incident management procedure, appropriate communications will be made, including notifications to all affected parties without undue delay.; ; Our DPO has overall responsibility for investigating the breach.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Access UK Limited is a Software author and provide associated services, including Hosting, Payroll Bureau and Payment services. We recognise that although we do not undertake manufacturing, our day to day operations will have impact on the environment at global, national, and local level. We are committed to the care of the environment and the prevention of pollution. •Access ensures that all our operations are carried out in with the minimum adverse effect on the environment but implementing many available resources and approved processes •We protect the environment by striving to prevent and minimise our contribution to pollution of land, air, and water •We keep wastage to a minimum and maximise the efficient use of materials and resources, and manage disposal of all waste in a responsible manner •We use energy, water, and natural resources wisely and prevent pollution by minimising waste, recycling whenever possible and properly disposing of waste that cannot be recycled. •Our management processes are developed to ensure that environmental factors are considered during planning and implementation •We raise employee awareness and encourage best practices for sustainability at work

  Equal opportunity

  We want everyone to feel at home at Access, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual; after all, if we were all the same it would be a pretty dull place. We love the fact that we’re all different. Having more diverse perspectives at work improves how we run our business, helps us support our customers, and when you think about it, it's just more fun. For us, this all starts with helping everyone feel part of the family and being at their best every day, making Access a place where everyone can love what they do and do what they love. We all have regular check-ins with our leaders, take part in monthly employee surveys, have lots of chances to share our views and ask for help, and with our own learning system, 'Access Shine', we really can make things even better each and every day. At Access we'll always hire the best candidate but we're continually looking for creative ways to increase the mix of diverse candidates into our recruitment process. On the basis that you ‘have to see it, to be it’, one thing we're doing is sharing more stories to celebrate the wonderful diverse range of talent we have at Access. It is important for us that our employees understand and reflect the customers and communities we support, and we want everyone to feel at home here, knowing that they are valued for what they do, not who they are. We want people to feel that they truly belong here regardless of their age, gender, race, sexual orientation, or anything else that makes them individual.

  Wellbeing

  Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.

Pricing

• Price: £3 to £120 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotifications@theaccessgroup.com. Tell them what format you need. It will help if you say what assistive technology you use.