TROJAN CONSULTANTS LIMITED

CasparGov

The CasparGov Software as a Service application is a comprehensive financial and case management solution for Public Deputies, Solicitors, Appointees and their teams to manage the property and financial affairs of their clients under the orders and rules of the Court of Protection.

Features

• Real-time data driven graphical dashboard and reporting
• On-screen account reconciliation / optional automation using bank transaction files
• Court of Protection workflow and system generated application forms
• Pre-populated Office of the Public Guardian annual returns
• Report writer to create and save user defined reports
• User diary plus client notes, visits and funeral functionality
• Security includes data encryption and Multi Factor Authentication
• Letter writer to create bespoke templates populated with data
• Court of Protection workflow and system generated application forms
• Access to support services directly from the application

Benefits

• A completely integrated client record, eliminating the need for spreadsheets
• Centralisation of processes and client data
• Improved caseload allocation and management
• Increased compliance and efficiency in account reconciliation processes.
• Vastly reduced reliance on local ICT support services
• Dramatically reduces time spent collating data for OPG reports
• Improves reporting capabilities and data access
• Automation of the fee calculation process
• Improves audit and statutory reporting
• Facilitates the court application process

£18,445 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at larry.morgan@plianz.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

810699457565416

Contact

Larry Morgan
01527 882255
larry.morgan@plianz.io

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Access to the system requires 2 factor authentication by default, therefore a suitable smartphone with Microsoft or Google Authenticator is required. Alternatively, Microsoft Single Sign On can be deployed which may also require an authenticator app.
• System requirements:
  • Laptop or desktop computer
  • Internet connection with 5Mbit download and 0.5Mbit upload
  • Internet connection located in the UK
  • Google Chrome Version 100.0.4896.127 or later
  • Microsoft Edge Version 100.0.1185.50 or later

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 2 hours SLA in normal working hours 9am to 5pm UK time, Monday to Friday excluding Bank and Public holidays in England
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is included in the CasparGov user interface accessible to every user after sign-in. The chat will connect the user to a support engineer, and also raise a ticket on our Support Desk. These queries will be resolved during the chat session if possible unless further escalation is needed. The chat can be rated and email copy of the conversation can be sent to the user initiating the chat session. When the chat is used out of hours, the user is notified and a support ticket is created to be handled in line with our standard SLA.
• Web chat accessibility testing: None - For users unable to use our web chat we recommend using our standard email or telephone support service.
• Onsite support: Yes, at extra cost
• Support levels: Priority 1 ; Description: Business Critical – The system cannot fulfil its statutory business duties and the system is potentially down.; ; Response Time: 2 hours ; Fix time: 2 hours; ; Priority 2 ; Description: Interruption to normal service – The system is still able to perform the majority of the statutory duties, but the fault prevents aspects of this not to be performed.; ; Response Time: 4 hours ; Fix time: 2 days; ; Priority 3 ; Description: Non serious – system does not perform as per the user manual. The system is available for normal work but users are inconvenienced and a more manual intervention is required.; ; Response Time: 4 hours ; Fix time: 7 days; ; Charges are included in the annual system subscription charge.; A nominated account manager is provided alongside the technical support team.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The first step in the implementation process is a workshop session which is aimed at providing users with an overview of the standard system functionality and setting out the system configuration and security requirements. Training is delivered through a mixture of on line sessions and self learning 'how to' videos that focus on a number of the key functions offered by CasparGov ; An optional data migration service is also available. A comprehensive list of standard demographic data migration fields is provided to allow the customer to undertake the process of compiling and cleansing relevant client data for migration. The customer then transfers the data to us via an agreed secure channel. Following a review of the data, it is converted and migrated to a CasparGov platform to allow user acceptance testing in preparation for go-live.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Upon request, and at the Customers cost, a full copy of the user data as at the contract expiry date will be provided. The data is provided in CSV format in in zipped file format. The data will normally be available for transfer within 5 business days of the request. Users also have the ability to extract their data by using the standard system report generator functionality if they wish to specify particular data sets they wish to extract.
• End-of-contract process: At the end of the contract and upon request a free of charge, full copy of their data in CSV format and files in zipped format will be provided.; If the client requires assistance to migrate data to another system, then this would be done at prevailing professional services rate at a scope to be agreed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 A
• API: Yes
• What users can and can't do using the API: Allows access to all client and financial data held in the system and allows data input for certain reports
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
  • Other
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Customisation available to Users with Super Admin access level includes the following:; -User access levels to system areas; -Document and letter templates; -Reports; -Fee charging; -Dropdown reference tables; -Legal Workflows

Scaling

• Independence of resources: CasparGov services are hosted on Virtual Private Cloud instances, therefore customers are fully separated.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be exported utilising the "report generator" functionality in the system by a User with suitable permission levels, as well as independent export options across the standard pages. This data is exported as CSV and XLSX.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • PDF
  • XLSX
  • DOCX
• Data import formats:
  • CSV
  • Other
• Other data import formats: Xlsx

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: By use of segregated secure networks whenever possible

Availability and resilience

• Guaranteed availability: There is guaranteed service availability of 95%.
• Approach to resilience: Caspar Gov is hosted on AWS - London Availability zone. For more information please refer to https://aws.amazon.com/compliance/data-center/controls/ ; ; Caspar Gov instances are also load balanced and built to be fault tolerant, in case of a system failure a new image is deployed automatically in no more than 15 minutes.
• Outage reporting: In case of a system outage affecting multiple customers, we notify all customers utilising the caspar.support@plianz.io email address. Emails will be sent to the customer's nominated Super Administrators.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: All management interfaces are secured with 2FA and secure passwords. Management interface access are also limited to a small number of staff, all staff with access to management interfaces are DBS checked and undergo internal Cyber Security Awareness and GDPR training. Staff are also restricted to only access management interfaces from our premises or via VPN, management interfaces are also restricted to our managed devices.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Description of management access authentication: IP Whitelisting

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We aim to follow the appropriate ISO27001/2 standards and industry best practices and ISO accreditation is expected to be achieved later in 2024. Our infrastructure is Cyber Essentials Plus Certified and CasparGov is penetration tested by an independent CREST and TIGERSCHEME approved 3rd party on an annual basis.
• Information security policies and processes: We have defined information security policies and processes, our policies are based on industry best practices, CE+ and ISO27001 guidelines. A brief list of policies and processes in place: ; -Patch Policy; -Information Security Policy; -Incident Management Policy; -Secure Development Policy; -BYOD Policy; -Vulnerability Management Policy; -DRP and BCP policies; -Privacy Policy; -Backup Policy; -Data Protection Breach Policy; There is a rolling programme of review and education in place to ensure that staff are fully aware of their duties and responsibility to report any divergence from the current policies.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Caspar Gov is built using Infrastructure as Code therefore infrastructure and software updates are both subject to our release pipeline and procedures. This approach ensures full tracking coverage for all major components of the service.; Code and built containers are scanned for potential security issues prior deployment to Production environment, this scan takes place per release. We also carry out code level scans on a weekly basis to identify newly discovered vulnerabilities and emerging threats on code level, this enables us to assess and fix vulnerabilities even when no standard release is scheduled.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Code is scanned on a weekly basis and servers on deployment with automated tools. Target timelines are defined below: ; ; • Critical – Immediate action to be able to issue a fix or mitigate the vulnerability in no more than 48 hours with deployment to all affected environments as soon as a solution is available. ; • High – Commence work to make patch available and deployed in 14 calendar days; • Medium - Commence work to make patch available and deployed in 21 calendar days; • Low – Depending on the nature of the vulnerability patch in 28 days or monitor
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Monitoring is carried out through manual and automated log reviews; we heavily rely on our IDS/IPS solution to discover and identify possible breaches, suspected incidents can also be reported by users. In case of a security incident we aim to investigate suspicious activity immediately during business hours and start our incident response procedure: ; 1, Immediate Containment / Recovery; 2, Preliminary internal investigation; 3, Notification to affected customers and if required the ICO; 4, In depth internal review ; 5, CAPA Procedure
• Incident management type: Supplier-defined controls
• Incident management approach: Predefined processes are detailed in our Incident Management Policy. Users can report incidents on three channels, Online Chat, Support Desk and via phone. Incident reports are provided via email to the nominated Super Administrator for the affected user, other forms of reports are available upon request. If personal data suspected to be affected, and following an assessment it is determined that there will be risk to individuals, the incident is also reported to the ICO.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  By using AWS as the sole hosting provider CasparGov is running on an infrastructure that is 88% more energy efficient than on premise data centres. CasparGov also runs on ARM instances provided by AWS that consume 80% less power than conventional Intel based systems.

  Equal opportunity

  The Company is committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination.; The aim is for our workforce to be truly representative of all sections of society and our customers, and for each employee to feel respected and able to give their best.; The organisation is also committed against unlawful discrimination of customers or the public.; This policy’s purpose is to:; 1. Provide equality, fairness and respect for all in our employment, whether temporary, part-time or full-time; 2. Not unlawfully discriminate because of the Equality Act 2010 protected characteristics of:; • age; • disability; • gender reassignment; • marriage or civil partnership; • pregnancy and maternity; • race (including colour, nationality, and ethnic or national origin); • religion or belief; • sex; • sexual orientation; 3. Oppose and avoid all forms of unlawful discrimination.; The organisation commits to:; 1. Encourage equality, diversity and inclusion in the workplace; 2. Create a working environment free of bullying, harassment, victimisation and unlawful discrimination.; 3. Take seriously complaints of bullying, harassment, victimisation and unlawful discrimination by fellow employees, customers, suppliers, visitors, the public.; Sexual harassment may amount to both an employment rights matter and a criminal matter.; 4. Make opportunities for training and development available to all staff.; 5. Make decisions based on merit; 6. Review employment practices and update them and the policy to take account of changes in the law.; 7. Monitor the make-up of the workforce regarding information such as age, sex, ethnic background, sexual orientation, religion or belief, and disability; issues.; The equality, diversity and inclusion policy is supported by senior management and has been agreed with trade unions and/or employee representatives

  Wellbeing

  CasparGov is the latest in a long line of our software products that meets the criteria for adding value to the client, which in this case means the citizens served by local authorities who provide a Deputyship or Appointeeship management service.; Building on our existing account management and local authority user group structures the aim is to bring together our customers who have a desire to engage with stakeholders who have an interest in improving services and adding social value by examining from a citizen perspective how we can work together with Local Authorities to deliver better outcomes for their citizens.

Pricing

• Price: £18,445 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We can grant a limited licence trial period for test purposes to access CasparGov. Please contact sales@plianz.io for further details

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at larry.morgan@plianz.io. Tell them what format you need. It will help if you say what assistive technology you use.