Orcuma Ltd

Multi agency CRM and Case management safer communities software

Provision of Orcuma's cloud based multi agency safer communities case management FIRsT software. Supporting public sector organisations and police crime commissioner's officers effectively capture and manage ASB, community safety, neighbourhood enforcement, housing, restorative justice, victim care and support, fire intelligence and integrated offender management to statutory and legal requirements.

Features

• Self service configuration capability and workflow engine.
• Inbuilt map screen for hotspot analysis.
• Document storage and management.
• Task management with inbuilt escalation management.
• Ease and speed of access and setup.
• Ease of data extraction and real time reporting capability.
• Role based access security configuration.
• Multi agency case access with manageable actions.
• Configurable APIs and Web services.
• Restorative Justice Council approved software supplier.

Benefits

• Facilitate multi-agency data sharing / collaboration approach.
• Holistic view of the customer and their interactions.
• Action and action escalation management.
• Proactively monitor caseload and processing bottle necks.
• Enables and supports a mobile, agile workforce.
• GDPR complaint software.
• Data looksups reduce key stokes/ duplication of data/effort.
• Hold multi-partner datasets for analysis / trend spotting.
• Manage / collaborate on cases effectively / efficiently 24/7.
• Full support and maintenance, disaster recovery and data backups.

£450.00 to £450.00 a user a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.mitchell@orcuma.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

718287733969285

Contact

Paul Mitchell
07958 988930
paul.mitchell@orcuma.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No constraints.
• System requirements:
  • Viewing external SSL-encrypted pages (https) is permitted.
  • No minimum required bandwidth, firewall, DNS or routing requirements.
  • Javascript must be enabled.
  • PDF viewer is required for the production of some reports.
  • MS Word 2003 upwards, Excel 2003 upwards.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: High priority - 1 hr,; Med priority - 4 hrs,; Low priority - 1 working day
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We use Zoho Desk to manage all our incidents and within this we user Zoho Assist. This allows our support staff to perform screen sharing to trouble the problem or they can do remote assist to "takeover" the PC and resolve the issue (if needs be).
• Web chat accessibility testing: None as we use commercial off the shelf Incident management software.
• Onsite support: Onsite support
• Support levels: The escalation of the incident will depend upon the priority/severity of an incident. We provide a standard Service Level Agreement.; ; Support provision is via a dedicated email address and telephone number linked to Zoho Desk for incident management and tracking / reporting.; ; 1st Line support – Orcuma helpdesk staff receive the incident details. Resolution can be given here using resolutions to known faults from our Orcuma FIRsT application for recording incidents. If resolution cannot be given in the initial interaction, the incident will be routed to 2nd Line support.; ; 2nd Line support is one of Orcuma implementation consultants for analysis and review. If resolution cannot be given to the incident, the incident will be routed to 3nd Line support, the technical team for investigation. It will remain with them until a fix is able to be provided to the incident.; ; All support levels are included in costings. All support provided by Orcuma Ltd staff.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Implementation workshops –Workshops held with key process owners. Orcuma configure a prototype FIRsT system from the output of these sessions. ; ; Workshop 1 - Understanding “as is” and “to be” processes, interactions with DCC applications and aligning to how Orcuma’s FIRsT software will support processes eg reporting, workflows, security model and outputs e.g. Emails, Texts. Orcuma’s FIRsT software configured to meet “to be” processes.; ; Workshop 2 - Demonstration/discussion based on initial configuration of FIRsT (interfaces just to be discussed). Output - Agreed FIRsT application configuration documented. Agreed scope of functionality, data fields, data migration and reports/performance management.; ; Configuration of Orcuma’s FIRsT software – Software configured based on output from workshops. Released for review in Test environment for sandpit” user testing.; ; Training is from the “to be” processes view so that staff know how to use FIRsT from the agreed operational processes. This is onsite training.; ; Orcuma will provide a generic user guide as a template - allowing for the creation of bespoke training documentation that can be used for the “train the trainer” sessions.; ; Orcuma will provide a generic system administrator user guide outlining the key functionality.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At contract end, authorisation to pass back client data must be received from a nominated client contact. The client's data data entered in FIRsT would be extract (into comma separated value format) and transferred back to them (by Orcuma staff) via an agreed method (secure export via FTP would be free but if Orcuma are required to migrate to another system, this would be chargeable). We would then expect written authorisation from the client that we are permitted to permanently destroy their data on FIRsT.
• End-of-contract process: Authorisation must be received from a nominated client contact that the contract is ending.; ; Their data (residing in our software) would be extracted (to comma separated value format) and transferred back to them via an agreed method (secure export via FTP would be free but if Orcuma are required to migrate to another system, this would be chargeable). ; ; We would then expect written authorisation from the client that we should permanently destroy all their data that is held by Orcuma.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: None
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Orcuma enable integration to FIRsT using APIs and Web Services. These are developed as and when needed by customers, and currently include functionality to create case and client records, retrieve statuses and create notes for cases. Each user would be given a unique API token and username/password to authenticate against the API or Web Service.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Customisation is in the form of different software configuration settings on our software or different reporting outputs/layouts, which may be required in order to support the client's specific operational processes. These will be discussed with the client prior to any implementation and will be tested in the Test environment to ensure appropriate to the requirements and have no impact across the software.; ; There may be a need to customise an element of the existing software code but this is controlled through our change control process and can only be requested and approved by the client's nominated key contact.; ; Only Orcuma staff or the client's system administrators can apply software configuration settings. Only applicable Orcuma staff can amend any coding / software forms / database elements.

Scaling

• Independence of resources: We only use Orcuma staff. This means that we are in control of their annual leave, their work load and their work load scheduling.; ; Using project planning during an implementation, we can schedule work packages for staff so we know their availability for that work plus capacity for any unscheduled work in that time.; ; This allows us to be able to react and assign appropriate resources to any unscheduled events, incidents or change request received by clients. Work is not assigned to any staff without checking their existing work packages first and the expected completion date of these.

Analytics

• Service usage metrics: Yes
• Metrics types: Uptime percentage over the previous calendar month and then over the previous 12 months.; ; Number of Incidents received (date received) and its category.; Number of Incidents closed (date closed) and its category.; Number of incidents escalated.; Number of incidents by staff.; ; Any bespoke report required to support contract management.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Users are required to login with a username and a "strong" password.; “2 factor” authentication over an SSL secure connection can be employed.; Three unsuccessful login attempts and the user’s account will be locked. ; No caching of any passwords. Passwords are "masked" and encrypted by a secure hashing algorithm which is unique to each user.; Auto “timeout” if inactive for 30 min.; Forced password reset every 60 calendar days.; Our servers are protected by Anti-Virus and malware software.; For day-to-day access by users, the user’s browser session is encrypted using an extended-validation Symantec SSL certificate.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export data sets from our software into comma separated value files. This is standard functionality.; ; Alternatively, we can extract their data, specific to their requirements, by using an appropriate SQL script.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: In our Service Level Agreement, we endeavour to provide a 99.7% uptime. There is no refund provision if this is not met.
• Approach to resilience: This is information available on request.
• Outage reporting: Email alerts are sent to our Technical Services Director with the outage time, description and estimated restoration time.; ; Emails are sent during the outage to ensure that we are aware of all actions being taken to resolve the outage.; ; We will email notification to key client contacts/users where any unplanned outage occurs during normal business hours as soon as we are made aware of these.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: The user’s browser session is encrypted using an extended-validation Symantec SSL certificate.; ; Username and "strong" password required. Two factor authentication can be employed.; ; We can also lock down access to the software by defined IP address(es).
• Access restrictions in management interfaces and support channels: Users need to be properly authenticated before being allowed to perform management activities, report faults or request changes to the service. ; ; We allow clients to manage their own user base. ; ; Users can report faults directly to our support desk but they must include our nominated client super user.; ; All requests to Orcuma for any type of management activities or change request must come through email. We have a nominated client super user for every client. They are responsible for emailing the change request and approving them. All change request approvals must be via email.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials PLUS
  • Information Assurance for Small and Medium Enterprises (IASME)
  • IBM Cloud ISO 27001
  • IASME - GDPR accredited

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials Plus and Information Assurance for Small and Medium Enterprises - GDPR accredited version.
• Information security policies and processes: We have a named company director who is responsible for our Information Security Management System as well as data protection. Information security is a standing agenda item at our board meetings as well as monthly director's meetings.; ; We have an up to date ISMS risk assessment (approved at board level along with all policies) and it has been reviewed in the last 6 months.; ; We also have policies for data protection, asset management register, access and physical management security, security incident management, disaster recovery and business continuity. These polices are distributed to all Orcuma employees on starting employment and again when updated. All staff are reminded of their information security responsibilities on a weekly basis verbally.; ; Our ISMS policies and data protection policy are all included in our employee's contracts and company disciplinary procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Orcuma will provide a standard change request template for completion. ; ; Review of the change request requirements and discuss potential configuration options with the client.; ; Change requests are logged and may have a system requirements document developed – outlining requirements, system areas affected, the procedure for backing out the change, development time and (potential) cost and penetration testing required. Goes back to client for approval or rejection. ; ; 2 weeks before implementation, an upgrade document will be issued detailing changes included in any upgrade and potential impact in the software. Orcuma may need to provide training sessions to key users.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: IBM Cloud (ISO27001 accredited) provide our hosting facilities. They provide automatic hardware upgrades and software patches to their anti malware, anti virus and firewall software packages. We are notified all our changes to our servers. They provide our vulnerability management process on our hosted environment.; ; Our Technical Director gets weekly regular electronic (email/Twitter) security briefings (and news articles) and will act accordingly and immediately (same calendar day) if a threat is perceived to our software. We perform regular (6 and 12 month) penetration testing using IBM's Appscan programme and will act the same day if a fix is required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Anti malware and Anti virus software are installed on our servers. Our hosted environment resides in a “DMZ” and controlled by Firewalls to prevent intrusion. ; ; Regular penetration testing also takes place.; ; There is a protective monitoring script that runs every 30 mins on the server identifying any changes to database structure or file system. We use NESSUS vulnerability scanner to identify any issues requiring attention on the server environment.; ; Three unsuccessful attempts to login to FIRsT and the user’s account will be locked. When users request a password, we are notified of this action to identify potential "brute-force" hacking attempts.
• Incident management type: Supplier-defined controls
• Incident management approach: We have a incident management SLA which stipulates response and resolution times and categorisation. We provide a support helpdesk via email, telephone and Zoho desk to log incidents.; ; All incidents are logged and tracked. Incidents are routed to the relevant person(s). Once fixed, they record the process/change on our Orcuma FIRsT environment. The fix will then be applied and the user informed. The user will be asked to confirm that the incident is resolved. If yes, the incident is changed to reflect that the fix has been confirmed. If not, the case can be re-opened and updated.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We have stated that Orcuma staff will be onsite when required. The proximity of where the directors reside and our office means that there will be no travel or subsistence costs to clients. Nor will Orcuma be increasing their carbon footprint on unnecessary, polluting transport.

Pricing

• Price: £450.00 to £450.00 a user a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Signing of our Non Disclosure Agreement for their organisation before accessing our software.; ; All functionality is included and the trial lasts 30 calendar days. Then the trial accounts are made inactive and locked.; ; Trial extensions can be granted by discussing with our support team.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at paul.mitchell@orcuma.com. Tell them what format you need. It will help if you say what assistive technology you use.