CPOMS

CPOMS Engage (Software for Safeguarding, Pastoral, and Wellbeing Management)

CPOMS is the market leader in digital safeguarding solutions, with more than 18,000 clients globally. CPOMS offers an intuitive system designed to streamline safeguarding management, Child Protection, and pastoral concerns. Reporting enables comprehensive data analysis, quickly identifying data trends and identify patterns, subsequently sharing insights with stakeholders.

Features

• Enhancing secure exchange of confidential data across settings reliably
• Secure data sharing using UPN’s e.g. attendance, safeguarding, wellbeing data
• Customised editable categories designed to suit users specific requirements
• Customise user permissions, restrict user access, create elevated user access
• Efficiently produce reports with intuitive, real-time reporting for insightful analysis
• Instant alerts for Children Missing Education ensure staff vigilance
• Remote system access for seamless work from any location securely
• Secure 2 factor authentication with enhanced system security
• Share sensitive information to authorised recipients with secure collaborative chronologies
• Allow approved email domains for user address whitelist security

Benefits

• Transfer data securely between CPOMS systems for protected information exchange
• Access CPOMS securely via your unique URL from anywhere online
• Generate insightful reports highlighting data patterns and emerging trends effectively
• Create customisable fields to suit individual needs for versatile functionality
• Seamlessly capture information on safeguarding concerns for comprehensive data analysis
• Quickly address concerns remotely to effectively manage incidents
• Our software interfaces adapt to different screen sizes and resolutions
• Facilitate effective communication among multiple agencies for seamless information sharing
• Enhances safety protocols, streamlines processes, and centralises safeguarding efforts efficiently
• Receipts confirm policy delivery and staff acknowledgment for accountability tracking

£200.00 a licence a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at procurement@cpoms.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

818826900672502

Contact

Nicki Higgins
01756797766
procurement@cpoms.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: We only guarantee support for the major web browsers (Google Chrome, Microsoft Edge, Safari, and Firefox) and only to the last two major versions.
• System requirements:
  • CPOMS, an internet based system, requires an active internet connection
  • We recommend Google Chrome or Microsoft Edge.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Responses are provided within 48 hours Monday to Friday. Does not include Bank Holidays.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: 1st Line Product Support, 2nd Line Technical Support, 3rd Line Engineering Support. No difference in cost and included within service
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Implementation meetings are held once a customer orders the product. a Welcome email is sent to the customer with training videos and helpsheets. Other training includes a 1:1 train the trainer session and webinars to further embed user knowledge. More training meetings can be made to meet the needs of the buyer and are not restricted to a set number. This support is included in the costs.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Emails
  • Knowledgebase Website
  • Online webinars
• End-of-contract data extraction: The customer will receive a copy of their data back in a JSON format.
• End-of-contract process: The customer will receive a copy of their data back in and JSON format. Once CPOMS receives confirmation that the customer is in receipt and accessed their data we will either a) delete the data from our side or b) hold a copy if the customer has asked us to (following an agreed period).

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our web developers have created a responsive design that adapts to different screen sizes and resolutions. This is achieved using flexible grids and layouts, and other techniques. Responsive design allows the content to rearrange and resize itself dynamically based on the device's screen size. Functionally it is the same. The only differences are visual.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: This is a web based application with a user interface.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: None to date
• API: Yes
• What users can and can't do using the API: The public facing REST API is limited to fetching and posting of a subset of data (primarily around creation of incidents). Permissions are granted via an API token that is specific to a user, and via user group and category permissions.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Our Azure infrastructure will automatically scale up to meet demand during busy periods or heavy usage. This is continually monitored by our engineers to ensure optimal performance.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Built in CPOMS reporting tools allows customers to pull their data off from within the system at any time by creating a report from within the platform. If the customer decides to leave, the in-house technical team will run and export the customer's data as a JSON format. This is password protected and the password is provided at the same time. There is no additional cost.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Excel
  • PDF
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Excel
  • XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our SLA states uptime of 99% per annum. In reality this is > 99.95%.
• Approach to resilience: We use two Azure regions, a "Primary" and "Secondary". We have live database replication between the two. In the event of a "disaster" we are able to deploy infrastructure (via code - Terraform) to the secondary region quickly. More details available on request. Logical backups are taken daily from the primary database nodes. Backups are transferred from the DB servers to a separate instance in our cloud provider and are kept for 28 days. This is not configurable by the client.; For disaster recovery we have active replication of all database nodes between our primary and secondary regions.; Our process is set out in our backup policy, which is reviewed and tested every 6 months.
• Outage reporting: We have a public facing status page, and we would communicate via email in the event of a serious incident.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access is only granted on a least privileged basis in accordance with our Access Control policy. All access to our systems are via 2FA.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA (Lloyds Register Quality Assurance) UKAS Accredited
• ISO/IEC 27001 accreditation date: 11/12/2023
• What the ISO/IEC 27001 doesn’t cover: Nothing - our certification covers the whole organisation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We have internal Information Security Management policies, governed by our Information Governance Committee (IGC). This includes policies on, but not exclusively; Access Control, Change Management, Secure Development, Disaster Recovery. More information available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Our Change Management policy defines the steps we take as part of our software development lifecycle. This includes, but not exclusively, controls for security vulnerabilities, code quality, peer review, access control, monitoring and auditing. All changes are graded and approved by our internal Change Advisory Board (CAB). More information is available on request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our development process includes automated vulnerability scanning of the codebase. This check for CVE warnings against the MITRE database. Urgent patches are released as soon as is practicably possible (usually within hours for the highest rated CVEs).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have a WAF configurated in Microsoft Azure and monitor anomalies regularly. Any potential compromises are dealt with by our DevSecOps team as soon as is practicable, and dependent on the severity. We have a multitude of monitoring services (Sentry.io, NewRelic, etc) that are constantly monitored by engineers, and any issues dealt with in accordance with our SLO's which are defined by the severity rating. A P1 issue will be resolved within 24 hours, A P2 issue within 2 weeks, A P3 within 3 months.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We use a Major Incident process, with clearly defined roles. All issues are triaged by the Incident Commander and dealt with accordingly. Incidents are either triggered manually by any member of staff, via our incident email address, or automatically via any anomaly detected via our monitoring. All incidents are recorded and Postmortems carried out.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  We have chosen to partner with Microsoft Azure for our cloud based operations because of their commitment to sustainability, and the benefits of using cloud based computing - outlined here: https://azure.microsoft.com/en-gb/explore/global-infrastructure/sustainability

  Covid-19 recovery

  CPOMS leverages Single Sign-On (SSO) and Multi-Factor Authentication (MEA) as key features, facilitating secure and remote usage of the CPOMS system from any location. With the rise of post-Covid remote work, CPOMS attendance categories and features have played a crucial role in assisting staff in effectively managing post-Covid attendance.

  Tackling economic inequality

  CPOMS was designed to address economic inequality and poverty, focusing on aiding the most vulnerable individuals who frequently encounter substantial disadvantages in society. CPOMS Engage, implemented in schools, improves Safeguarding measures, providing enhanced support for children in need and ensuring secure information sharing.

  Equal opportunity

  We offer apprenticeship programs aimed at providing individuals with the necessary skills and knowledge to succeed in their respective roles.; Our apprenticeship programs are open to individuals from diverse backgrounds, providing equal opportunities for learning and growth.; Additionally, we actively recruit and hire local, early-career individuals, providing them with training and development opportunities to enhance their skills and advance their careers within our company.We believe in providing a clear path for career advancement for all employees, regardless of their background or level of experience.We are committed to promoting from within and providing opportunities for employees to grow and excel in their careers.We prioritize creating an inclusive and accessible work environment where all employees feel valued and supported in their professional development.

  Wellbeing

  We recognise that in the digital age, promoting wellbeing goes beyond traditional healthcare initiatives; it encompasses creating software solutions that enhance users' quality of life and foster positive experiences. To address this, we embed principles of wellbeing into the design and functionality of our software products. Our platforms prioritise user-friendly interfaces, seamless navigation, and personalised experiences to reduce stress and enhance overall usability. Through intuitive features and accessibility enhancements, we aim to empower users to accomplish their tasks efficiently and effectively, ultimately contributing to their mental and emotional wellbeing. Moreover, our company culture emphasises employee wellbeing as a cornerstone of our success. We offer flexible work arrangements, comprehensive wellness programs, and resources for mental health support to ensure our team members feel valued and supported in both their professional and personal lives. By prioritising the health and happiness of our workforce, we cultivate a positive work environment conducive to innovation and collaboration.

Pricing

• Price: £200.00 a licence a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at procurement@cpoms.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.