Scopesuite Ltd

Conveya

Conveya is platform designed to help employers manage apprenticeship programmes. Conveya will automate the gathering of external provider reports, gather feedback from learners and supervisors, alert of issues, improve completion rates and display learner progress on tailored dashboards.

Features

• Digitally manage apprenticeship programmes
• Reporting dashboards
• Gather external provider reports
• Automate feedback from apprentices

Benefits

• Remove the need to track apprenticeship programmes on spreadsheets
• Automate the gathering of external provider reports
• Reduces paper processes and administration
• Dashboards identify high/low performers

£5,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pduffy@conveya.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

750979168707529

Contact

Paul Duffy
+44 751 471 3892
Pduffy@conveya.co

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements: Software Licence

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 24hours
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We provide email support to all users. ; Admin users can benefit from online support via their technical account manager or onsite support depending on location.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Withing the platform we use a 3rd party software called Userflow which provides the admin user with a walkthrough of the software and features.; ; We have a help centre page on our website for each user role. This includes PDF user guides.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: When the contract ends, Conveya will provide the client with an export of all of their data.
• End-of-contract process: Included in the contract is access to the specified Conveya software platform for the listed number of users, including onboarding and support.; ; If a contract is terminated, access to the platform is removed at the expiration date of the contract and all customer data is then permanently deleted from our systems.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our mobile service can be accessed by a specific user type (learners). The mobile service is used to capture evidence of learning& training. This can still be done via desktop service however it provides a secondary capability for those learners who don't have access to a computer/laptop.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: Buyers can request customisation of the platform which can include branded dashboards, change to the dashboard layouts and change to feedback forms.; Buyers must request customisation at the set-up stage via their account manager.; Only the admin user/buyer can request customisation of their platform.

Scaling

• Independence of resources: We use Salesforce Cloud to store data and each user can interact with the system independently of others.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Salesforce Shield Security System
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can export their data using our export functionality.; ; Users can select which fields they would like to export and then generate the data download.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: We protect data in transit by transport layer security protocols.
• Data protection within supplier network: Other
• Other protection within supplier network: Data in rest is protected by Salesforce Shield Security.

Availability and resilience

• Guaranteed availability: We will use commercially reasonable efforts to provide a Monthly Uptime Percentage to you of at least 99.8% (‘Service level Commitment’).; Exclusions – The Service Level Commitment will not include unavailability to the extent due to: ; (a)your use of the Products in a manner not authorised in the Terms or not in accordance with the applicable Documentation;; (b) Force Majeure Events;; (c) your equipment, software, network connections or other infrastructure;; (d) Client Data or Client Materials;; (e) Third-party equipment, apps, add-ons, software or technology (other than our agents and subcontractors); or; (f) Routine scheduled maintenance or reasonable emergency maintenance by us.
• Approach to resilience: Resiliency details are available upon request
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We have username and password based access. Data restrictions are done through role and profile policies applied on each user.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman & Co
• ISO/IEC 27001 accreditation date: 03/11/2020
• What the ISO/IEC 27001 doesn’t cover: Our Cloud provider Salesforce carries this certificate
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Our cloud provider Salesforce carries this certification
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems Ince
• PCI DSS accreditation date: 26/02/2022
• What the PCI DSS doesn’t cover: Our cloud provider Salesforce carries this certification
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Salesforce: CSA Star Certification, ISO 27001, ISO 27017, ISO 27018, SOC 1 Type II (SSAE 16 Report), SOC 2 Type II (Trust Principles Report), PCI-DSS (Payment Card Industry Data Security Standard) ; Amazon Web Services: CSA, ISO 9001, ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1, SOC 1,2&3.
• Information security policies and processes: We comply with ISO 9001 with policy checks and audits

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: 6 step process through our change management:; 1. Planning; 2. Developing ; 3. Testing; 4. Build release; 5. Test release; 6. Release
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We address security early in the development; process and throughout a product’s lifecycle with repeated testing to minimize the risk of security flaws. Conveya performs a variety of assessments to identify vulnerabilities. During these assessments, Conveya employs credentialed scanning, static code analysis, container scanning. We use the Open Web Application Security Project; (OWASP), the Common Vulnerabilities and Exposures (CVE) program, and the Common Weaknesses and Enumeration (CWE) security guidelines to identify publicly known application and cybersecurity vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Conveya continuously scans our assets for vulnerabilities, software misconfigurations, andopen ports across all our environments. We use a variety of scanning and detection techniques to assess the health state of Conveya services and applications including code quality and containers.
• Incident management type: Supplier-defined controls
• Incident management approach: Any incidents on the Conveya platform can be reported directly on the platform or to our support staff via email or phone. ; Our service level agreement is to have the matter resolved within 5 business days.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  Conveya helps by creating new jobs and skills. It creates training opportunities and supports educational attainment.

Pricing

• Price: £5,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Pduffy@conveya.co. Tell them what format you need. It will help if you say what assistive technology you use.