DIGITAL CO-PRODUCTION LIMITED

Place-based Directory of Services.

Solution for aggregating multiple sources, de-duplicating and verifying accuracy of local service information. Compliant with Open Referral (HSDS3.0) data standard.

Includes API for data in / out, Service Finder tools for Professionals, Citizens / Carers, Commissioning insight reporting and webpage links generator.

Features

• Can POST and GET data through OR compliant APIs
• Can import data from a spreadsheet
• Can enter data through a user interface
• Can assure and de-duplicate services
• Separate Service Finder tools for Citizens/Carers and Professionals
• Report on demand (searches) and supply (gaps in provision)
• Maintain updates to any webpage - maintaining accurate relevant links

Benefits

• All organisations and volunteers contribute to service information collection
• Co-ordinates data collection to make it more efficient
• Ensures service information accuracy can be trusted
• Frontline staff research more productive with single source of truth
• Allows any application to access any data they need
• Prevents duplication of service information causing confusion
• Citizens and carers can "self-care" and access local support

£32,000 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@digitalcoproduction.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

721514093586992

Contact

Ian Singleton
07747560429
ian@digitalcoproduction.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Neuro-Development Pathway Management
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: None other than a browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: As part of ticket submission, the user indicates their priority for resolution of the issue. The options; ; Business critical. Represents a complete loss of service or a significant feature that is completely unavailable, and no workaround exists. Does not include development issues / problems in test environments. Target resolution time - 2 hours; ; Degraded service. Includes intermittent issues and reduced quality of service. A workaround may be available. Does not include development / test environments. Target resolution time - 48 hours; ; General issue. Includes product questions and development issues. Respond within 24 hours with estimate of resolution.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: No
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The ticketing system is part of the product costs. Response is within 2 hours or 2 or 7 days depending on the type of incident.; ; There is implementation support provided - also within the product cost. ; The support will deliver the training - both for local administrators and train the trainer user training), identify and set up the different teams that will use the various modules. This is all on-site support.; ; We can provide additional support covering implementation or engaging with other local partners. This is charged at rates that are identified in the SFIA templates; these equate to an average of £550 per day.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: We provide 5 x half day on-site implementation support. This support will cover definition of the taxonomies to be used, training local administrators, training people locally to provide wider train-the-trainer where necessary, a set of engagement workshops across local partners, ; We will also configure the local reporting that is requested.; ; We support / help inform the local decision on the approach to "assurance" in terms of the frequency of the checks and the level of detail that the checks include. We will provide sets of procedures that reflect the local decisions taken.; ; There are also online training manuals available.; ; Additional on-line or face-to-face meetings can be organised. These will be charged at a discounted rate of £550 per day.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The data is always available through APIs, thus there is no requirement for any particular data extraction at contract end. However where requested, a copy of the API data, alongside the records of the taxonomy lists at that time will be made available in an agreed format at contract end.; ; Reporting data will also be made available at the end of the contract.
• End-of-contract process: Access to the different modules will be disabled to a schedule agreed with the client. ; Indicatively, this may be as follows:; The "service finder" access is disabled on the day the contract ends. ; ; Access to the Directory User Interface and to the OR Transformer will also be disabled on the day that the contract ends.; ; Access to the API will remain open for one month to allow the client to capture the information as necessary. The information cannot be updated through the User Interface from the day that the contract ends.; ; The system can be kept open at a pro-rata monthly rate.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: It is the same software that is just responsive.; Some elements are designed with mobile in mind first and others with desktop in mind.
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: Common user design patterns have been used to promote familiarity and ease of use. Colour and themes are prioritised to identify calls to action, alerts and information notices whilst adhering to accessibility contrasts standards. Where icons are used tooltips are provided to explain their context.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The software is undergoing a program of work to invest in aria-labels for HTML standard bootstrap tags in our effort to constantly improve our accessibility and access via screen readers. This work is being tested with our product user group, which includes the needs of users who use assistive technology.
• API: Yes
• What users can and can't do using the API: The software supplies RESTful APIs and PHP that are fully functional, allowing both the read and write of application data. The RESTful API allows users with an authorised API key to access service data through GET, POST, PUT DELETE methods.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Access to management configuration is controlled by role. Administrators have the ability to set up new assurers and collectors and the drop-down elements.

Scaling

• Independence of resources: We maintain multiple scalable hosting resources whilst monitoring service performance. We are also able to temporarily disable or block users that may be abusing the service beyond the terms of reasonable usage.

Analytics

• Service usage metrics: Yes
• Metrics types: Reporting covers both; 1 Demand (what is searched) - which is broken down by local teams, allowing insight into what type of support is being searched in different local wards / geographies ; 2 Supply (what is available) - to identify any gaps in provision across different types of need / support in different local areas
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: Data at rest is encrypted using an industry standard AES-256 encryption algorithm
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Use the APIs which includes a CSV and Json formats
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Infrastructurally, we leverage AWS’s IAM role restrictions and access keys to grant appropriate access

Availability and resilience

• Guaranteed availability: The application is a hosted by AWS and provides a 99.99% availability guarantee. It is, therefore, expected that the application will be available 24/7 but if the software does go down then it will be a priority for us to get it back as soon as possible. ; The performance should ensure that a frontline worker can use the software without causing frustrations.; If a client experiences inadequate performance or availability and can produce evidence to this end then they may exit their subscription at the end of that month.
• Approach to resilience: We use the AWS best practice for data redundancy including point-in-time backup and restore and by horizontally scaling resources. We also leverage a micro-service architecture.
• Outage reporting: Our infrastructure provides near-real-time email reports to our service support team who investigate and resolve any outages.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Access to system management interfaces is restricted to individual static IP addresses accessible from our offices or via AWS IAM role restriction and access keys (for home workers).
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our security governance is administered and operated by our Data Protection Officer and our assigned board member. Collectively they ensure that Digital CoProduction adheres to the Cybersecurity plan and mitigates any identified risks
• Information security policies and processes: We provide an Information Security policy, available upon request. Our assigned Data Protection Officer ensures enforced user access control via Google cloud and workspace and promotes systemwide use of cloud-based tools, for asset and content management. Our Data Protection Officer also conducts regular security reviews across Digital CoProduction.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration changes are tested on DEV systems. Once passed these changes are deployed into a STAGING host, then checked and undergo a step by step Quality Assurance testing process and finally after customer approval to LIVE. Further Quality assurance checks are carried out within LIVE before being made available to the customer.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are identified through internal development and testing and also AWS continually monitor, alert and patch our infrastructure
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Potential compromises are identified through internal development and testing, supplier notification or customer notification through our support system; The potential compromise is assessed to identify if there actually has been a compromise, and if so the severity. Remedial action is considered on a case-by-case basis; Potential compromises are logged as urgent priority.
• Incident management type: Supplier-defined controls
• Incident management approach: An incident can be reported via our support portal and then will be identified by our service desk team. The service desk team will analyse the incident and gather as much information as possible from log files, investigations etc. Following an incident, a report will be compiled and shared with the customer and any further actions clearly identified. All incidents are reviewed and discussed by our Security governance team on a quarterly basis in accordance with our security governance plan and risk tables.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Equal opportunity
  • Wellbeing

  Equal opportunity

  As part of the set-up, local Voluntary, Community, Faith and Social Enterprise providers (VCFSE), are provided advice on their legal obligation to ensure equal access for all local people. ; ; Guidance is provided on how these VCFSE providers can create reasonable adjustments for people with additional needs or a disability to make their services more accessible. ; ; We will run an online workshop for leaders across the local VCFSE to attend.

  Wellbeing

  The purpose of the Place Based Directory of Services (PBDoS) is to ensure that there is easier access for local people to accurate information about all local support.; ; This provides a core building block for local people to be able to self-serve to access local support to help maintain their own wellbeing.

Pricing

• Price: £32,000 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: 1 month free access to the system for one email domain and max of 10 users.; The data is test data only but can be transferred into the live version as part of the implementation.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@digitalcoproduction.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.