Bronze Software Labs

TRIBE: Social Action & Community Capacity

TRIBE is a social action technology. The platform grows Community Capacity, facilitates Social Prescribing and can Micro Commission services directly via up-skilled community assets.

The purpose of the platform is to connect community resources at scale with people seeking help for either themselves or to address a community need.

Features

• Mobile volunteering app containing local jobs
• Geo-spatial impact analysis
• Resource tracking
• Capacity management
• User access management
• Social prescribing
• Community capacity building
• Micro commissioning services

Benefits

• Gain insights on need across local communities
• Track local volunteering iniatives and their success
• Increase efficiency of volunteer allocation based on need in communities
• Measure impact of CSR & volunteering work completed locally
• Identify more impactful volunteering work to complete
• Increase productivity of staff completing CSR
• Savings through domiciliary care provision via Micro Commissioning

£0.30 a user a year

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.vinall@bronzelabs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

752176915254249

Contact

Michael Vinall
01952288215
michael.vinall@bronzelabs.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements: Supported Internet Browser as detailed further below

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Depending on the severity of an issue, we will respond within 60 minutes through to within 5 working days for small cosmetic errors. Our response times are further detailed in the "Support Levels" section.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Support is provided as part of the service, which includes a priority based system whereby the severity and scale of the issue dictates response times and target resolution times.; ; P1 - The entire Service is down and inaccessible to all users; P2 - Operation of the Services is severely degraded, or major components of the service are non operational and work cannot reasonably continue and impacting multiple users.; P3 - Certain non-essential features of the Service are impaired while most major components of the Service remain functional.; P4 - Errors that are, non-disabling, or cosmetic and clearly have little or no impact on the normal operation of the Services.; P5 - Verification of app compliance with latest iOS/Android updates.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide comprehensive onsite training, to enable users to make the most from our software.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Clients can request to have their data extracted from the platform, it will then be provided in a flat file format.
• End-of-contract process: At the end of the contract the client will lose access to the platform, they will receive a copy of their data if required, before it is deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The desktop service functions as an administrative portal, with the mobile application a platform for end-users to interact with.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Administrative users can access our API to retrieve and update the community service directory. This allows councils to integrate their own service directories and keep it in sync with the central Tribe service list.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Users can set up teams, which includes user access control and customisation.

Scaling

• Independence of resources: Our system utilises automatically scaling cloud services to ensure demands are met and applications are consistently performant.

Analytics

• Service usage metrics: Yes
• Metrics types: Both an individuals metrics, and aggregated team metrics can be viewed within the platform. This includes the number of volunteering requests raised, number completed within the allotted deadline, and a count of requests that have expired past their deadline without receiving help.; ; On an individual basis, statistics on the number of requests made, requests viewed, offers to help, and requests completed are reported.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Administrative users have the ability to export data as a function of the dashboards contained within the web management portal.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Via an API
  • Xls
  • Sql

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: 99.5% availability of service
• Approach to resilience: The hosting utilised by our service uses a traditional resilient and scalable architecture which features load balancing, and storage & database hardware available across multiple key regions to ensure availability. Additionally, each of the components automatically scale to meet user demand to ensure a performant service.
• Outage reporting: Services outages are displayed on a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels are restricted through identify federation with two factor authentication.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: EY CertifyPoint
• ISO/IEC 27001 accreditation date: 18/04/2017
• What the ISO/IEC 27001 doesn’t cover: The platform and infrastructure that hosts the software is ISO/IEC 27001 compliant. The current software applications themselves do not have certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: We use information security policies and processes we have developed internally, which are based on expertise collated from industry best practices and our clients requirements who operate across sectors with a great need for data security, specifically those operating within the UK Defence space.; ; The structure for improving and following policies spans the business, from developers providing recommendations on new secure technologies, to our CEO working closely with clients to improve our existing processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Management approach Change management is performed through use of modern software tools and established change management processes. Code is versioned through source control and deployed on sandbox systems to allow thorough testing, before a change is deployed to clients. Changes are tracked using an internal system, customers can call to request an update on progress, or access the change management portal directly.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Regular vulnerability scans are scheduled on our cloud service to ensure new vulnerabilities are identified swiftly and can be patched. Once a vulnerability is visible, it is scheduled into development as a priority to ensure it can be deployed quickly and the service remains secure.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Application and hardware logs are utilised internally to monitor any potential risks or threats. This includes the use of alerts which allow us to respond and mitigate potential issues quickly.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents can be triggered by automated alerts, or users contacting us by phone or email. Once an incident has been raised, it is assessed in line with our support levels to determine the scale and severity of the incident. Incidents of small-severity can be tracked within an online system, those larger in scale will be led by an Incident Manager who will keep the afflicted parties informed and later provide an incident report on what happened, what action we have taken, and any action users should take.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Wellbeing

  Tackling economic inequality

  Tribe provides features which support self-employed individuals to run their business and advertise their services to the public, while setting their own hourly rates. The growth of smaller providers offering highly personalised services delivers new support into the struggling care market and facilitates high-quality employment.

  Wellbeing

  Tribe connects and helps to grow the support, relationships and opportunities that permit everyone, everywhere to live safe and well in the place we call home.; ; Connecting people in this way helps reduce social isolation and improve quality of life by enabling people to access local support services and recover their independence.

Pricing

• Price: £0.30 a user a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at michael.vinall@bronzelabs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.