GREEN REWARDS LIMITED

Jump Lite

Jump delivers customised resident, student and employee engagement platforms focused on sustainability, helping universities, NHS Trusts, and councils inspire climate action and meet ESG goals. We use our gamified rewards platform technology and engaging sustainability communications programmes to encourage behaviour change, creating a culture of sustainable action and improving well-being.

Features

• Bespoke, incentive-based action reporting web platform
• Mobile app for flexible use and mobile notifications
• Fully managed digital communications with dedicated managers
• Impact tracking through Performance Management Dashboard
• Leaderboard to foster competition around sustainable actions
• Carbon Calculator​ for both work and home activities
• Activity Feed to share sustainable actions on the platform
• Integration with apps like Strava, Fitbit, Teams, Slack, and Yammer
• Track impact against Sustainable Development Goals

Benefits

• Incentivise staff for performing sustainable actions
• Log and track sustainable actions
• Report energy savings from sustainable actions
• Save time on digital communications around sustainability
• Calculate carbon emissions from home and work actions
• Empower staff to make sustainable choices
• Engage staff with Net Zero strategy

£9,250 to £53,350 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josh.cleall@teamjump.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

729899650525734

Contact

Josh Cleall
02073265055
josh.cleall@teamjump.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Hybrid cloud
• Service constraints: None known
• System requirements:
  • Up to date desktop browswer
  • Up to date mobile browser
  • Android OS 12+
  • IOS 14+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2 working days.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We provide a high level of support to enable you to engage your people in sustainability with minimal input required from yourselves. Your assigned Programmes and Communications Manager will work with you from the beginning and throughout the delivery to run a programme that meets your needs. This means that they will add regular activities, send out a monthly members newsletter, run annual engagement campaigns and do all the work required to maintain the desktop platform and mobile application. ; ; Every quarter, you will meet with your Programmes and Communications manager to review programme performance and discuss opportunities to develop the programme in line with your goals and targets. In addition, our team are easily contactable any working day via email or telephone to quickly support. ; ; We will support you with communications and promotion including providing customised communications materials and providing advice on effective promotion strategies. ; ; In addition, every working day, members can email or phone our customer support team with any questions or issues they are experiencing, removing any burden from you. Our team also fully manage the monthly member reward process, from contacting the winners to ensuring they successfully receive their chosen reward.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Users can sign up directly to the platform and engage with our service straight away. We provide additional support via methods such as:; Online explainer video; In person events; Communications toolkit to help you promote internally; Dedicated programme manager to help support promotion ; Online launch webinar; User journey documentation
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: We are able to provide all data in a .csv file format.
• End-of-contract process: At the end of the contract we communication with users who have signed up to the service to let them know it is coming to a close. Once the service has ended we suspend the website and mobile application. Data is made available if the client wants to port to another service. This is all included in our costs.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All the services provided on the desktop service can be accessed via the mobile service. There is no reduction in service for mobile access.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: Yes
• Description of customisation: Our programmes are customisable, enabling you to have a programme that is on-brand with your organisation and tailored to meet your needs. ; ; Your assigned Communications and Programmes Manager will collaborate closely with you during both the design and delivery of the programme to ensure it meets your needs. Areas of the programme customised to you include: ; ; Programme name, logo and imagery. ; ; Mobile application, including the name as it appears on the App Store. ; ; Activities, to educated and motivate your staff to take the actions that will progress you towards your organisational goals. ; ; Reward options, value and frequency ; ; Team competition setup including frequency and rewards options and value

Scaling

• Independence of resources: We use load balancers, multiple cloud servers and advanced technical infrastructure to ensure independence of resources. Each client has an allotted server 'silo' which keeps their data secure and separate from other clients. These servers also scaled to demand allowing for peaks in service.

Analytics

• Service usage metrics: Yes
• Metrics types: Every quarter, your Programmes and Communications Manager will present data and metrics on registrations and engagement to review the performance of the programme. ; ; In addition, each programme has a dedicated Admin page. This page shows real-time data dashboards on registrations, engagement and how that matches to frameworks such as the Sustainable Development Goals, or the carbon emission scopes. ; ; Further, all members can see the aggregated tangible impact, such as the kg CO2e, kg waste, litres of water and kWH of electricity avoided from their actions. ; ; Our team are also on-hand to provide additional metrics as requested and available to provide.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can access and view their data via the 'My Account' area. All data we hold on a user is stored on this portal. If a user wants this in a downloadable format, then they can request this via our Customer Contact Centre and we will provide.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The service guarantees a high level of availability, with an uptime of 99.5% or above. In terms of Service Level Agreements (SLAs), the service does provide an SLA to all customers purchasing the product. The SLA outlines the guaranteed response/resolution times, with all calls answered within 30 seconds and responses to written communication provided within 3 days. The service also provides service reports to the customer to confirm achievement against SLAs. At a minimum, Quarterly Review meetings are held with the customer, however, a Programme Manager for the solution is available for the University at any time for support, updates, and reviews. In the event of not meeting the guaranteed levels of availability, the specific details of refunds or compensations would be outlined in the individual SLA.
• Approach to resilience: The service is designed with resilience in mind, ensuring high availability and robust data protection. The data is stored securely and encrypted both in transit and at rest. All access to cloud-based storage is via TLS sha256, ensuring secure data transmission. Access to data is restricted to named employees only, with IP locked and monthly changing password access. All data access is logged and audited for traceability and security.; ; The service uses SOC 2 certified data centres based in the UK, which adhere to high standards of information security. These data centres have multiple levels of physical, infrastructural, data, and environmental security, including security guards, fencing, security feeds, and intrusion detection technology.; The servers scale vertically automatically in response to demand, ensuring that the service can handle a large number of users without any issues. Backups are made daily of the server and file storage data, and these backups are stored off-premise on UK servers. The backup process is monitored daily for success indicators, and backup restore is tested every 6 months to a staging environment.; ; More details available on request.
• Outage reporting: To report outages we use email alerts and a public dashboard. We're able to trigger automatic alerts to M365 Teams or Slack channels.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is strictly controlled. We employ a multi-tier admin and management user login system, maintaining the lowest "need to know" security. Access is further restricted with IP address login restrictions for admin and management consoles. We also use a forced complex password system for admin and management logins. Additionally, we have time and day-based login restrictions for admin and management consoles. For sensitive areas, admin users use Multi-Factor Authentication (MFA), which includes IP locking. All these measures ensure that only authorized individuals can access our management interfaces and support channels.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; CREST approved Penetration Testing
• Information security policies and processes: The service follows a comprehensive set of information security policies and processes to ensure the protection of data. These policies include Access Control, Data Protection Compliance, Storage and Transmission Security, Change and Configuration, and Incident Procedures, among others.; ; Access Control policies ensure that only authorized individuals have access to the information systems and facilities. This is achieved through measures such as IP restricted Admin access, network firewalls, web application firewalls, security patches, and network intrusion detection.; ; Data Protection Compliance policies ensure compliance with individual requests for access to data, reporting of data protection breaches to the customer and/or the ICO, and encryption of data in-transit and at-rest.; ; Storage and Transmission Security policies ensure that customer data is stored securely in SOC 2 certified data-centres based in the UK. Data is encrypted both in transit and at rest, with cloud storage encrypted at rest with AES-256 bit LUKS encryption.; ; To ensure these policies are followed, the service conducts regular risk-assessments as part of its data protection policy. There are also robust checks in place for any employees or vendors that require access to the locations, with approved individuals required to pass multi-factor authentication and their access limited to their pre-approved area.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The components of the services are tracked throughout their lifetime using a systematic approach. This includes documenting, testing, and approving the promotion of changes into production. ; ; Changes are assessed for potential security impact through a security patching process that requires patching systems in a timely manner. In addition, the service's security programme is updated daily with new threats.; ; The service conducts annual audits of its platforms with a penetration test from a CREST-approved supplier. Any issues identified are added to the roadmap. This ensures that the service is continually improving its security measures and any potential vulnerabilities.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our vulnerability management process is robust and comprehensive. We assess potential threats to our services through a combination of internal monitoring and external threat intelligence.; ; We use an accredited third party for annual penetration tests and run periodic vulnerability scans. Patches are deployed swiftly based on risk analysis. We update our security programs daily with new threat intelligence. We also have an up-to-date Cyber Essentials certificate, which provides us with guidance on security controls. Independent benchmarking reviews are also undertaken for continuous improvement.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes involve identifying potential compromises through continuous system monitoring and external threat intelligence. Upon detection of a potential compromise, we respond swiftly by initiating our incident response procedures, which include containment, eradication, and recovery measures. We prioritize rapid response to incidents. Our processes are designed to ensure the security and integrity of our systems at all times.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management processes are pre-defined for common events and outlined in our Jump Incident Response policy. Users can report incidents via their dedicated Programme Manager or via our Customer Contact Centre, where we aim to answer within 30 seconds, or through written communication, responded to within 3 days. We provide incident reports during our Quarterly Review meetings or ad hoc. These reports detail the incident, actions taken, and preventive measures for future. Our goal is to ensure swift resolution and continuous improvement in our incident management.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  At Jump we’re on a mission to empower and motivate people for a more sustainable future. Our programmes educate and encourage mass participation in daily actions and choices that fight climate change and support biodiversity. ; ; Our programmes have 25+ activities, customised to your organisational needs, and organised into themes of your choosing, such as energy, water, travel, waste, consumption, nature and wellbeing. ; ; In tackling the climate crisis, both education and action are important which is why we make both areas core to our programmes. Our education programme activities reward members for learning about climate change and other issues by watching videos and reading articles, plus testing their knowledge through quizzes. Members can also use our embedded carbon calculator to understand the biggest opportunities for reducing their individual carbon footprint, both at work and at home. ; ; We have a bank of over 300 action-based activities to reward members their actions which tackle climate change. Activities could include cycling to work, car pooling, sustainable business travel, eating less meat, switching off electrical devices, recycling, reporting maintenance issues and supporting the natural environment. ; ; We recognise the importance of impact data to motivate members and demonstrate impact of the programme. Throughout the user experience, we demonstrate the tangible impact of members actions. The kg CO2e a member has avoided as a result of their action is presented to members at various touch points including their weekly nudge email, their personal dashboard upon logging in, and when they’ve logged their weekly actions. Further to this, the Impact Dashboard shows real-time, cumulative metrics on the tangible impact all members of the programme have made as a result of their actions. Metrics include kWh, kg CO2e and kg waste avoided, and miles travelled sustainably.

  Tackling economic inequality

  Our programmes help to tackle economic inequality in various ways. Firstly, there is no charge for members to register and take part in the programme, removing any financial barrier. ; ; Further to this, members who score the most points each month are rewarded with a voucher of their choosing including supermarkets, cinema vouchers, National Garden Gift Vouchers and many other retailers which the client chooses. With the cost of living increasing, we’ve seen supermarkets being a popular voucher choice and appreciate the value of these vouchers for some members. ; ; Finally, many actions to tackle climate change and protect our natural environment have a secondary benefit of reducing costs. For example car pooling, walking or cycling rather than driving, buying second hand, cooking only what is needed, switching off devices, and turning down thermostats – by an individual doing these actions they will reduce their carbon footprint and reduce their daily living costs and bills. Our programmes educate members on what they can do and provide weekly nudges to support them to develop new habits which will save them money.

  Wellbeing

  We are committed to delivering substantial social value, particularly in the area of Wellbeing, in alignment with the themes outlined in PPN 06/20. Our approach encompasses a variety of initiatives designed to enhance both the physical and mental health of individuals within the public sector, fostering a more productive and positive working environment.; ; One of our key initiatives is the introduction of a dedicated Wellbeing Activity Theme, which encourages individuals to engage with nature and participate in mindfulness activities. Recognising the diverse needs and interests of public sector employees, we offer a range of activities that can be customised to suit individual preferences. These include opportunities for volunteering, access to green spaces, and the formation of staff interest groups. These activities are not only aimed at improving the internal wellbeing of staff but also at fostering a sense of community and connection within the workplace.; ; Furthermore, we have integrated our services with popular fitness applications such as Fitbit and Strava. This integration is designed to automatically reward members for engaging in physical activities, such as walking and other forms of exercise. By incentivising active lifestyles, we aim to contribute to the overall health and wellbeing of public sector employees.; ; It is also important to highlight the strong interconnection between environmental sustainability and personal wellbeing. Many of the actions we advocate for, such as choosing active travel methods to commute to work, not only contribute to environmental preservation but also offer significant health benefits. By promoting such practices, we aim to create a win-win situation where public sector employees can contribute to a greener planet while simultaneously improving their physical and mental health.; ; Our service provision is designed to deliver significant social value by prioritising the wellbeing of employees. We aim to create a more vibrant, healthy, and productive public-sector workforce.

Pricing

• Price: £9,250 to £53,350 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at josh.cleall@teamjump.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.