NEC SOFTWARE SOLUTIONS UK LIMITED

Jadu Creative by NEC

A low-code, web-based platform for digital service delivery. Incorporating collaborative case management, payments, forms, customer MyAccount and website with integration to NEC services. Build end-to-end digital transactions for service requests, applications, and payments. Secure, responsive, accessible websites on all devices. Includes rich toolset of APIs and extension points for developers.

Features

• Bundled with NEC Software Solutions integrations to Citizen Access portals
• Granular access controls, with audit trail and user login reports
• Forms are integration-ready with CRM, payment gateways, databases, etc
• Advanced form features: branching rules, data retention, PDF generation
• Web timeline view of customer cases, Real-time messaging and updates
• Non-technical workflow, rules and notifications configuration
• Create repositories for structured data and allow customer generated additions
• Visitor login and personalised landing pages based on stated preferences
• Customisable components for embedding third party content into homepages

Benefits

• Secure, extensible and affordable Content, Form and Case Management Platform
• Accessible forms & websites which meet WCAG 2.1 AA standards
• Highly secure hosting and GDPR-compliant platform
• Customer accounts providing transaction history and personalised web experience
• Build end-to-end digital services and drive savings through channel shift
• Quickly locate relevant content through powerful navigation and discovery tools
• No programming required - non-technical forms and service workflow design
• Developer API for easy system modification and extensions
• Platform built on open-source technologies
• Enable business users to configure complex systems integrations and payments

£4,244 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@necsws.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

757809991816814

Contact

NEC Frameworks Team
07852 936231
frameworks@necsws.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No.
• System requirements: A modern web browser is required to access the service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Jadu provide a level of support which is built into the monthly subscription cost. This provides an online help desk and ticketing system available 24/7 with telephone support during business hours (8am-6pm, Monday to Friday, except English Bank Holidays). ; ; On-call engineers will respond to critical availability issues outside of standard business hours. The support SLA is included in the terms of service document. ; ; The help desk is staffed with dedicated support engineers, with sysadmins, software engineers and other technical experts becoming involved to resolve support issues as necessary.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Online support web chat is provided using the Jadu Connect platform. The Jadu Connect user interface is regularly tested with NVDA and JAWs.
• Onsite support: Yes, at extra cost
• Support levels: Jadu provides a standard level of support, which is built into the monthly subscription cost. This provides an online help desk and ticketing system available 24/7 with telephone support during business hours (8am-6pm, Monday to Friday, except English Bank Holidays). ; ; On-call engineers will respond to critical availability issues outside of standard business hours. ; ; Jadu’s support SLA is included in the terms of service document. The help desk is staffed with dedicated support engineers, with sysadmins, software engineers and other technical experts becoming involved to resolve support issues as necessary. ; ; An Enhanced level of support (an additional £650 per month) increases the number of support accounts an organisation can have as well as out of hours deployments and a number of inclusive professional service days for small works. A named Customer Support Advisor is assigned to every customer, irrespective of whether standard or enhanced support has been chosen.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Jadu provides certified training for administrators, consisting of both Jadu Connect Foundation Training (Online), and Jadu Connect Practitioner Training (Webinar). ; ; Jadu can optionally lead with the build of the first digital service at a cost. ; ; Additionally there is an online implementation guide and online user manuals for administrators and customer service agents. ; ; Customer service agents are also able to access a dedicated online Jadu Connect Advisor Training course.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Tools are provided to export data from within the application. ; ; Form structures can be exported as .tar files, user submitted data can be exported in CSV and XML format. ; ; Any other form data not accessible via the export tools provided in the application can be exported via database export. Users can extract all case data via csv export or webhooks.
• End-of-contract process: A service plan can be cancelled at any time.; ; When you do this, your platform becomes unavailable, and all public-facing forms are taken offline – no further usage or subscription charges will apply. ; ; You will have access to your platform for export purposes only, for a further 30 days, following which all content and data will be deleted permanently.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The platform uses responsive web design to allow the same interfaces to adapt and be displayed on devices of different dimensions. This means that both desktop and mobile users can access the same features in the same place, giving a consistent experience across all a user's devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Jadu’s modern interfaces are developed using the Pulsar user interface framework. The platform uses responsive web design to allow the same interfaces to adapt and be displayed on devices of different dimensions. This means that both desktop and mobile users can access the same features in the same place, giving a consistent experience across all a user's devices.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Jadu’s modern interfaces developed using the Pulsar user interface framework are tested using desktop screen reader software, and our text editor supports a variety of screen readers including JAWS, VoiceOver, NonVisual Desktop Access (NVDA) and ChromeVox. Additional testing has been undertaken to confirm that animated backgrounds in the software do not trigger seizure in individuals with Photosensitive epilepsy.
• API: Yes
• What users can and can't do using the API: The Jadu Connect Service API provides users with the ability to create and update service requests (cases), progress cases through the workflow and register and retrieve contact details. ; ; Jadu Central supplies both a PHP and RESTful XML API. The PHP API is fully functional, allowing both read and write of application data. The RESTful XML API allows users with an authorised API key to access publicly available content already published to the website.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: A broad range of settings can be adjusted from within the application user interfaces. ; ; Additional custom functionality can be developed to extend the core feature set. Extensibility of the platform is a core feature of the Jadu Central.; ; For the digital concierge component of the platform branding options allow customers to upload their own logos and set a system-wide colour scheme. For the form and website component, skinning is possible through web template design.

Scaling

• Independence of resources: Monitoring tools are used to measure usage of the application and where necessary additional resources can be added.

Analytics

• Service usage metrics: Yes
• Metrics types: Monthly and daily reports for number of cases by case type for a user defined date range. Users can export all case data to CSV to build reports not currently available in the reporting dashboard. Webhooks can also be configured to push real-time updates to a central datastore / reporting service endpoint for consumption.
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Jadu

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: Sensitive data is encrypted within the database and filesystem. 'Sensitive data' includes: - Any data submitted by a member of the public, including their personal details - The personal details of internal users of the system - IP addresses - API access credentials
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Through the service application interface.
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: Case workflows and forms can be imported in JSON format.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Traffic between various network tiers is restricted with the use of both physical and local software firewalls. ; ; Additionally where applicable TLS encryption (Version 1.2 or above) is utilised. ; ; Data exchange within various internal networks may use a combination of IPSec VPNs, SSH, TLS or Encrypted RDP protocols.

Availability and resilience

• Guaranteed availability: We guarantee 99.9% availability excluding planned maintenance. Our SLA is contained within our terms of service.
• Approach to resilience: This information is available on request.
• Outage reporting: Customers are notified by our support team in the event of an outage and we maintain a public status dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: Users must create an account with their email address and a password with min 8 characters, at least 1 upper and lower case and one symbol.
• Access restrictions in management interfaces and support channels: The application user interface provides granular access control for Jadu Central users. The user’s experience of the publishing environment can be controlled at multiple levels. User permission management and workflow management are carried out via the application user interface. Individual users can be temporarily disabled when necessary.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 07/06/2021; valid until June 2024. Certificate IS 598449.
• What the ISO/IEC 27001 doesn’t cover: N/A our ISO 27001 certification covers all our office location.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials and Cyber Essentials Plus
  • Business Continuity Management ISO22301:2019
  • Environmental Management ISO14001:2015
  • Information Security Management ISO27001:2013
  • Service Management ISO20000:2018
  • Quality Management ISO9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: ISO 9001:2015
• Information security policies and processes: We follow a security policy approved and externally audited as part of our ISO27001 accreditation. A copy of the policy is available upon request.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All configuration changes must be submitted to a review process. An audit trail of configuration changes is retained. Configuration changes are applied by an automated, tested process, never manually to eliminate human error.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our sysadmin team members are subscribed to various vulnerability publishing lists e.g. cve.mitre.org. Any published and relevant vulnerabilities affecting the application stack are carefully reviewed. If a vulnerability is discovered that affects any of the stack components and a vendor patch is available Jadu will attempt to contact the customer to establish a suitable time for updating the affected software. If customer data or reputation is at risk and the customer is unreachable within a reasonable time window we will apply the patch in an emergency immediately.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Jadu uses internal and external monitoring systems to monitor server health in real time.
• Incident management type: Supplier-defined controls
• Incident management approach: An incident will be reported via portal or telephone or identified by our service desk team. The service desk team will analyse the incident and gather as much information as possible from log files, investigations etc and will at the same time make senior management aware of the incident and escalate appropriately in accordance with our defined escalation procedures Following an incident, a report will be compiled and shared with the customer and any further actions clearly identified. All incidents are reviewed by Jadu’s security council quarterly and this process is subject to external audit via our ISO27001 accreditation.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  NEC is committed to being Net Zero by 2030.; To support this objective, we targeted a 50% reduction in our 2020 baseline emissions by 2026. We are ahead of target, having already achieved an independently audited reduction of 64% in tonnes of carbon dioxide equivalent(tC02e). ; We have implemented a multitude of initiatives to support this, including:; -Appointing an Environmental Manager and Environmental Champions to promote our objectives. ; -Successfully obtaining certification for and implementing ISO14001:2015 Environmental Management System(EMS). ; -Developing a Carbon Reduction Plan, which is published on our website.; -Maintaining an Environmental Aspect and Impact Register (down to site level) through which to capture the elements of our operating practices that could negatively impact the environment.; -Working with government accredited consultants to understand our environmental impact.; -Collaborative activities to influence customers, supply chain partners and employees.; Specific initiatives applicable to our contract delivery approach include:; -Ensuring directly sourced energy is from renewable sources.; Reducing business travel where possible through utilisation of controls and technology such as:; -Video conferencing.; -Electronic sharing of documents.; -Conference call facilities.; -Working from home/flexible working arrangements.; -Approval controls for commercial flights.; -Use of environmentally friendly data centres.; Additionally, our Environmental Policy objectives include:; -Meeting all relevant legal requirements and monitoring our compliance.; -Minimising our environmental impacts for the life cycle (including disposal) of work equipment and other physical assets under our control.; -Demonstrating efficient use of energy, water, and other natural resources; -Maximising opportunities to minimise our waste by reusing or recycling waste, where practical.; -Ensuring our supply chain are aware of our environmental policy and our commitment to ensuring its effective implementation.; Increasing environmental awareness and commitment amongst employees through training and briefings.; We’ll continue to identify opportunities to improve our environmental performance through clear objectives, plans and targets.

  Covid-19 recovery

  During the COVID-19 global health crisis, NEC supported its workforce, customers and the local communities they serve, to adapt to the challenges the pandemic posed. As a provider of software and services to the public sector, this included the rapid development and deployment of software solutions to enable the efficient and effective delivery of new government schemes and changes in legislation introduced as a direct response to the pandemic. Examples include provision of software to assist with Test and Trace Support Payments and new hospitality sector licensing requirements. ; Initiatives we implemented that support the policy outcomes include:; • Increasing our pre-pandemic workforce numbers through recruitment of an additional 250 UK based roles, many of whom were unemployed following redundancy from other sectors such as hospitality.; • Re-training and redeploying temporarily displaced colleagues rather than imposing redundancies or taking advantage of the furlough scheme.; • Investing over £400,000 in training and apprenticeships.; • Working collaboratively with customers to introduce new ways of working.; • Delivering community based social value through donations in kind to voluntary sector organisations impacted by the pandemic. ; As part of our response to the pandemic we invested in and introduced several initiatives and workplace adaptations to protect employee health and safety, including:; • Introducing wider use of remote and flexible working, including making additional allowances for those caring for young children.; • Enhancing office safety, including installing sanitising stations, hygiene screens and digital thermometers.; • Increasing the frequency of colleague communications, with a focus on provision of mental health support and reducing the risks of isolation/loneliness.; • Providing all employees with free access to additional specialist resources, including 24x7 counselling and mental health services.

  Tackling economic inequality

  We recognise the expertise, innovation and value that can be gained from having a diverse supply chain and providing all suppliers with a fair and equal opportunity to become suppliers to us and our customers. We operate openly and transparently to enable this collaborating with third-party suppliers including large enterprises, sub-contractors, SMEs, VCSEs, mutuals and social enterprise organisations. ; Additionally, we are committed to nurturing talent and creating a sustainable learning and development culture that equips our workforce with the appropriate skills, knowledge and processes so that the company continues to deliver innovative, industry leading solutions.; Processes and practices we have adopted to tackle economic inequality include:; • Using outcome-based specifications and co-design methods to encourage suppliers, communities, users and third sector organisations to collaborate and propose solutions based upon end user requirements, rather than being prescriptive.; • Advertising supply chain opportunities openly and always operating transparently. ; • Including modules covering anti-bribery and corruption, whistleblowing, equality and diversity in our all-colleague compulsory Annual Compliance Training.; • Having policies and operating practices that support effective supply chain relationships through fair selection and responsible management. For example, only flowing down appropriate contract terms. ; • Paying at least 95% of all invoices within agreed terms and agreeing to reduced payment terms for SMEs and subcontractors.; • Never deducting sums from payments as a charge for remaining on our supplier list. ; • Investing in new jobs and training opportunities through an active Apprenticeship scheme. We recruited 18 apprentices in 2023.; • Creating opportunities for career progression and investing in reward and recognition initiatives that support employee retention. ; • Following the foundational principles of the Good Work Plan in respect of employee satisfaction, fair pay, well-being and safety, career progression, voice, and autonomy.; • Having appropriate controls in place to mitigate cyber security risks.

  Equal opportunity

  We want to be an employer of choice for people of all backgrounds and we are committed to ensuring workers either directly employed or employed within our supply chains are treated fairly, humanely, and equitably. We will not discriminate on grounds of gender, marital status, race, ethnic origin, colour, nationality, national origin, disability, sexual orientation, religion, age or any other characteristic. ; To encourage a diverse and varied workforce our approach to equal opportunity includes:; -Inclusive and accessible recruitment practices, including supporting candidates and employees with disabilities through provision of supportive technology and/or changes to working practices.; -Collecting, analysing and senior reporting of equality and diversity data obtained during recruitment activities.; -Making appointments on the grounds of selecting the most suitable candidate for the post.; -Ensuring job adverts reach a diverse audience, including utilising job sites which encourage interest from disadvantaged and Minority Ethnic groups.; -Having diverse interview panels and anonymising applications.; -Using gender-neutral role definitions.; -Ensuring policies and employee communications promote respect and equality for all.; Other activities to support equal opportunity within the workforce include:; -Tackling the gender pay gap, through annual audits. Women now comprise 50% of our leadership team, including our Chief Executive. ; -Compliance with the Modern Slavery Act 2015 and the nine core principles of the Ethical Trading Initiative Base Code.; -Ensuring effective supply chain controls are in place to mitigate and manage the risks of exploitation.; -Provision of appropriate channels for colleagues to have an effective voice, such as our Employee Steering Group.; -Investment in workforce development and training, including an active Apprenticeship programme.; -No use of zero hours contracts or fire and rehire practices.; -Being a Real Living Wage Employer.; -Flexible working practices.; -Transparent and structured promotion, pay and reward processes.; -Senior level sponsorship at board level to support and promote equal opportunity.

  Wellbeing

  Our approach to supporting good health and wellbeing includes providing our workforce with:; • Access to helpful health and wellbeing resources through our dedicated intranet Wellness Hub. ; • A LinkedIn Learning Platform that includes a section dedicated to health and wellbeing, including advice for managers on opening up dialogue about mental health and emotional safety. ; • Free and confidential access to specialist resources 24x7, including counselling and mental health services through our Employee Assistance Programme. ; • Private healthcare cover including a Doctor at Hand service for fast and convenient access to advice, assistance and medical treatment, anytime and anywhere.; • Maintaining compliance with the six standards of the Mental Health at Work commitment.; • Accommodating workplace adjustments, such as supportive technology for those with a disability or health condition.; • Encouraging good physical health by providing discounted corporate gym membership at over 3,300 participating gyms through our employee GymFlex scheme.; • Access to a cycle to work scheme through salary sacrifice.; Employee Communications; We incorporate national health and wellbeing campaigns within our yearly communications calendar to raise employee awareness and signpost to useful support pathways. Our 2024 calendar will include the following nationally recognised campaigns:; • Mental Health Awareness week.; • World Menopause Day.; • National Eye Health week.; • World Diabetes Day.; • Stress Awareness Month.; • Suicide Prevention Day.; • Men's Health week.; We have Mental Health First Aiders who are trained to spot the signs of mental ill health and can provide early support for colleagues who may be developing a mental health issue. ; Policies; Support for employee health and wellbeing is underpinned by a policy framework including:; • Health and Safety Policy; • Alcohol, Drugs & Solvent Abuse Policy; • Menopause Policy; • Absence Policy ; • Flexible Working Policy; • Gender Reassignment Policy.

Pricing

• Price: £4,244 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at frameworks@necsws.com. Tell them what format you need. It will help if you say what assistive technology you use.