GO 4 Schools

GO 4 Schools Management Information System

GO 4 Schools MIS is a cloud-based Management Information System (and app) for schools with students from early years to post-16. It includes (but is not limited to) student and staff management, classroom management (attendance, behaviour, assessment, seating plans) census returns, exams management and access for students and parents.

Features

• Student and staff records management and visibility based on permissions
• Online markbooks, real-time tracking and analysis linked to accountability measures
• Attendance recording, management, and analysis to improve safeguarding processes
• Behaviour recording and analysis with detention and suspension management
• Homework setting and monitoring, with parent and student mobile app
• Data rich seating plans to enhance teaching and learning
• Summative and full-text progress reports published online with read receipts
• Parental/student access and mobile app with notifications and SMS
• Exams management including base data and exam seating plans
• School census, CTF production with statutory returns

Benefits

• School improvement using real-time data for key decision makers
• Transparency and accountability across roles in schools
• Support staff in the classroom with access to key information
• Support students in the classroom with shared information
• Improve engagement with those with parental responsibility
• Save money through time saving and reduction staff workload
• Improve data security with SSO and GDPR compliance
• Improve behaviour and attendance through clear policies and data capture
• Save time – data entry and analysis in one system
• Up-to-date view of school performance

£2,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at businessadsmin@go4schools.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

801340837203445

Contact

Chris Ramsdale
01223967556
businessadsmin@go4schools.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: The service works on a wide range of desktop and mobile devices using up-to-date operating systems and web browsers, such as Chrome, Edge, Safari and Firefox.; Two MB of bandwidth is recommended.
• System requirements:
  • Modern, standards-compliant web browser, e.g. Chrome, Edge, Firefox, Safari
  • Recommended 2MB internet bandwidth

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets are answered Mon-Fri 8am-5pm.; Our average response time for tickets is one hour.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Onsite support
• Support levels: The support level included in the service costs includes:; * Unlimited use of our library or help articles and videos; * Unlimited use of our in-house support desk ticketing system (manned by our staff of ex school data managers, network managers and other technicians); * A minimum of 3 months of free telephone support from the start of the service.; * Regular 'health checks' provided by our Education Services Team (who are all ex-senior-leaders or data managers) in the form of phone/video calls. Each customer has a specific member of our Education Services Team allocated to them to allow us to build a long-term relationship so we understand how (and why) the school works as it does and advise them appropriately in these calls.; ; Schools can purchase extended telephone support for our help desk and/or additional on-site or remote training and consultancy from our Education Services Team. Details of pricing for these can be found in our Pricing document.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: The most powerful element of the onboarding process is our staff: our Education Services Team (made up of ex-senior-leaders and data managers) and our Technical Support team (made up of staff with ex-data manager, ex-network manager and other technical skills). We understand how schools works and challenges they face.; ; Each school has a specific Education Services consultant assigned to allow us to build a knowledge of the way the school works, and why. A pre-training call with their consultant is used to assess the optimal initial training plan for the school, e.g. as onsite training or multiple, shorter remote (e.g. Microsoft Teams) sessions.; ; They can ask follow-up questions through our support system. Where appropriate these may be referred to their consultant.; ; Initial training is followed with a series of health checks and calls, usually by video. These allow us to identify setup steps that the school may not have completed yet, either through omission or uncertainty, which we can then help them with.; ; We have a full set of online help pages which include "why" and "how" schools may choose to setup the system in the various ways. These are backed up with short videos from our team of consultants.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can be extracted using our API or as CSV downloads.
• End-of-contract process: At the end of the contract, customers have the option of a 30-day data extraction period. All but a single main account is disabled, and this account can be used by customers (for 30 days) to extract the data they want.; ; At the end of this period, the final account is disabled, and their data is then purged from the LIVE service.; Within one month their data is also purged from data backups.; ; There are no exit costs for them.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: For the web interface, for all users, we use the responsive layout features in modern web standards to automatically adjust the layout of content on devices with smaller screens. There is no loss of functionality.; There is also a mobile app available for students and parents which provides a subset of the functionality available via the web application, but adds the ability for them to receive mobile app notifications.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The service interface is a modern, standards-compliant web interface accessible using modern, standards-compliant browsers on a a wide range of devices. ; ; Web pages follow our design guidelines to ensure they are consistent, quick to load and easy to use. We use consistent placement of elements and terminology to provide a familiar feeling to users as they move around the site.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We follow accessibility guidelines during development and react to feedback from users. Our related product (GO 4 Schools) which is incorporated into this service has been used by around two million staff, students and parents over the years, and we are not aware of any significant, unresolved accessibility issues.
• API: Yes
• What users can and can't do using the API: The API is primarily intended to allow customers to extract their data from the service, but they can also use it to record attendance marks.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service can be customised by schools to suit the way their school works. ; ; This covers areas such as their curriculum and timetable, their behaviour and homework policies and their assessment and tracking policies.; ; They can also define fine-grained access levels for staff.; ; They can also customise their data sharing with students and parents, governors and trusts, including the consents they collect from parents, and the styling of the reports they produce for parents.

Scaling

• Independence of resources: GO 4 Schools runs in Microsoft's Azure Kubernetes Services environment. ; We monitor site performance and resource usage as a matter of course to ensure sufficient resources are available.; For any spikes that occur, we can enlist additional resources as required within minutes using kubernetes' scaling facilities.; ; Additional resources can be enrolled independently in the following areas; * Network gateway, load balancing and firewall services; * Authentication services; * API services; * Web-front-end services; * Database services

Analytics

• Service usage metrics: Yes
• Metrics types: System engagement: Date of last usage of the system by each each member of staff, student and parent.; ; Setup progress: Simple yes/no metrics to indicate whether required simple setup steps have been completed, percentage metrics to indicate progress against multi-step set up steps.; ; Usage metrics: Numeric metrics to indicate levels of usage of specific features.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Most pages in the service where tabular data is displayed provide the option to download the data as a CSV file.; Customers can also use the API to extract data in JSON format.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: We use a private network within the Microsoft Azure cloud with no public access. All communication between that network and the Internet is encrypted.

Availability and resilience

• Guaranteed availability: Service credits are available for service failures exceeding 2 hours. The credits allow the service term to be extended by a duration equivalent to the failure. For example, a failure of 2 hours in a day would lead to an additional 2 hours being added to the licence term. Full details are available in the Terms and Conditions document.
• Approach to resilience: We use Azure Kubernetes Services in Microsoft Azure datacentres to provide a solid basis for a resilient infrastructure and platform. ; ; Within this environment, each 'compute resource' has a built-in level of redundancy (i.e. there are multiple 'live' instances of each resource where possible and 'hot spares' where not). The resources for each component are distributed over independent availability zones.; ; Similarly, storage resources are replicated across availability zones where needed.
• Outage reporting: There is a public support service dashboard that users can check for notifications about service status. The dashboard is independent of the service, so is not affected by any service issues.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Customers can opt to use 2FA or just username/password for their access.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We take an active approach to security governance.; ; We have a weekly Security Governance meeting overseen by a board member to assess our security posture and to identify any steps that need to be taken by teams and timescales for delivering them.; ; We use information drawn from a wide variety of sources, including reports from privileged account usage, penetration tests, firewall logs and automated audits of software installed on devices connected to our network (and any updates they might need to mitigate vulnerabilities).; ; This is backed up with application of minimum permissions assigned to staff and ongoing staff training.
• Information security policies and processes: The information security policies we follow require that:; * There are regular reviews of information security arrangements (which are carried out in our Security Governance meetings), and that prioritised actions are delivered in a timely manner.; * All staff receive appropriate training to understand information security requirement and that they report any concerns they might have. ; ; The information security processes we follow impose strict technical controls on the way we work as a company, including:; * Staff are provided with the minimum level of access required to perform their duties; * All use of privileged accounts is logged for accountability.; * The company network can be accessed only by company staff using company devices who have been authenticated with multi-factor authentication. All communication with the company network is encrypted. Devices in need of critical security updates are blocked until the updates have been applied.; * All data is stored centrally to ensure access can be easily revoked if necessary; * All computer disks are encrypted

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We use git to manage change tracking and version control for our software components and their configuration. We use a 2-peer review process within our software development for all changes. Once changes have passed peer review, they are tested by our independent QA team on a staging environment before being released to the production environment. This testing includes security checks.; ; All changes to our infrastructure and platform components (I.e. Microsoft Azure) are logged through Azure.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use a variety of methods to identify potential vulnerabilities: ; * Our baseline is that operating system and application security updates are applied to company devices within 14 days.; * This is backed up with automated audits of software on company devices. This is checked against the industry-standard CVE (security vulnerability) database to identify known issues. We take remedial actions within 14 days, or faster if there is a known exploit for a vulnerability; we are notified immediately if this situation arises.; * We run automated penetration tests; ; We review these reports produced by these processes weekly.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Logs are collated - in real time - into a central location. The logs include page access logs, authentication logs, application logs and system logs. As logs are ingested, automated rules check for known suspicious patterns.; ; Metrics are collated - in real time - into a central location. The metrics include network traffic volumes, user session volumes, error rates, etc. As metrics are ingested, automated rules check for known unusual patterns.; ; Where patterns need investigating, an alert is sent to the appropriate team who can query and filter the underlying logs and metrics. This usually happens within minutes.
• Incident management type: Supplier-defined controls
• Incident management approach: We have work-instructions prepared to enable our staff to respond quickly to events that are 'anticipatable', including compromised user accounts for staff member of customers and unusual network traffic from specific IP addresses.; ; Known users can report incidents or potential incidents via our Support Desk, via email or by phone.; ; We are transparent about incidents. Non-reportable incidents would be communicated to affected customers with as much useful detail as possible, and reportable incidents would be reported to the Information Commissioner's Office.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Using multi-customer cloud technologies for service provision uses significantly less energy than use of separate equipment on-site for each customer, and also reduces WEEE waste.; ; Publishing student progress reports online reduces the environmental impact by eliminating the use of consumables, such as paper and inks.

  Equal opportunity

  Using the GO 4 Schools Mobile App to communicate with students and parents reduces inequality as most parents and young adults have smart phones even if their household does not have the financial resources or space for desktop or laptop computers.

  Wellbeing

  The GO 4 Schools MIS helps others support students in numerous ways, e.g., though:; * Seating plans, to ensure they are comfortable with those around them in lessons and working with others that support their learning.; * The ability to discuss a common, shared view of their attainment, attendance and behaviour patterns, especially if there are unexplained changes.; *Clear guidance on due dates and expected effort for homework and longer term projects to help students plan around their other commitments.

Pricing

• Price: £2,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at businessadsmin@go4schools.com. Tell them what format you need. It will help if you say what assistive technology you use.