CORBETT ENGINEERING LIMITED

Celcat Connect

Celcat Connect simplifies the complexities of academic timetabling. This is a new generation solution - true SaaS - and unlike other solutions it copes with volatile timetables with ease.

Features

• Interactive and automated timetabling
• Self service portals for students
• APIs for systems integration
• Attendance tracking
• Resource bookings

Benefits

• Simplifies volatile and challenging timetables
• Reduces back office administration with self-serve processes
• Increases student engagement

£23,857 a licence

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neil.jordan@celcat.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

775908359397708

Contact

Neil Jordan
+44 (0)24 7646 9930
neil.jordan@celcat.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: Any downtime required for maintenance is communicated in advance.
• System requirements:
  • System is accessed via a modern supported browser.
  • User login requires a 2FA authenticator for administrators.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support desk is available via web portal, phone and weekend, Monday to Friday, 9am to 5.30pm excluding bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: There is a a single service standard common to all customers. Support services include access to the help desk for troubleshooting.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The service is provisioned by Celcat. A package of implementation services and training is agreed with a plan to meet the needs of each project. Services are provided by our Professional Services team both onsite and remotely.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: Data may be extracted via the API. Professional Services are recommended to ease off-boarding.
• End-of-contract process: At the end of the contract term the licence to use the service expires unless extended for another term. If the customer intends to cease use of the service then they must make plans to extract any required data before the service ends. Our Professional Services team provide (charged) services to help off-board,

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Self service features work on mobile such as attendance recording by lecturers. Features designed for back office operation are not suited to mobile use due to the complexity of processes.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: It is a REST API which gives access to records (CRUD). It must be configured by an administrator who determine who has access. Rights are determined by user role.
• API documentation: Yes
• API documentation formats:
  • HTML
  • Other
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Configuration and branding (e.g. calendar) by administrators.

Scaling

• Independence of resources: Scaling of underlying infrastructure is managed as a service.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Using CSV exports and API
• Data export formats:
  • CSV
  • Other
• Other data export formats: API - JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: API - JSON

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Our service shall be available for at least 99.9% of the time.
• Approach to resilience: Our service runs in Microsoft Azure datacenters using Azure databases (as a service) providing the resilience expected for SaaS solutions. Further information available on request.
• Outage reporting: A private dashboard and email alerts via our help desk to our customers.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Users with System Administration roles have acess to management interfaces. Support channels are accessed via customer accounts with our help desk service,
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: May 2024
• What the ISO/IEC 27001 doesn’t cover: The certificate is for the sale, support and development activities performed by Celcat. Whole of business is covered.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Our Information Security Management Forum committee overseas security across our business. Controls are audited for effectiveness to the ISO27001 standard.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our Software Development Life Cycle policy set out out processes for configuration and change management.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We apply NGTM using Crowdstrike to all servers and workstations across our business and use Group level resources to provide threat intelligence. Our SaaS platform utilises the experience of Microsoft to build in security by design.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Logs track activities. Unusual activities trigger our incident response process which defines the escalation process.
• Incident management type: Supplier-defined controls
• Incident management approach: Our incident management policy sets out the controls and processes we follow for incident management. Significant risks have been assessed and built into our BCP and DR planning. Customer reporting follows a standard ticketing process for recording and tracking help desk tickets. Reports are available on request (limited to customer specific tickets)

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Wellbeing

  Fighting climate change

  Our cloud based service running on Azure has a commitment to Net Zero by 2030.

  Covid-19 recovery

  Our timetabling solutions help academics manage remote learning via Teams

  Wellbeing

  Monitoring attendance helps academics make early interventions with students who are not engaged.

Pricing

• Price: £23,857 a licence
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at neil.jordan@celcat.com. Tell them what format you need. It will help if you say what assistive technology you use.