Skip to main content

Help us improve the Digital Marketplace - send your feedback

PEOPLE PLACES LIVES LIMITED

PPL eMarketplace

PPL eMarketplace is a comprehensive, transactional marketplace solution for Adult and Children's Social Care, enabling citizens to purchase care and support.

Features

  • Online marketplace of services and products
  • Fully transactional marketplace
  • Supports credit, debit and Paypal payments
  • Search by category, geography or free text
  • Supports free or paid-for services
  • Multiple catalogue support
  • Multi-tenanted solution, so providers only maintain one record
  • Integrates with CQC
  • Allows purchasing of services, including recurring appointments
  • Option to use as standard eCommerce offering

Benefits

  • Supports service users, self-funders and managed accounts
  • Compliments many other PPL modules
  • Allows individuals to self-serve to meet their needs
  • Develops the local care market
  • Provides an online shop for all providers
  • Supports contracted rates and public rates depending on buyer
  • Provides a one-stop shop for local care and support
  • Providers maintain one record for multiple Authorities

Pricing

£10,000 a unit a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@peopleplaceslives.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

8 3 1 7 6 0 0 4 7 9 1 1 8 0 2

Contact

PEOPLE PLACES LIVES LIMITED Claire Hewitt
Telephone: 03300 582 690
Email: sales@peopleplaceslives.co.uk

Service scope

Software add-on or extension
Yes
What software services is the service an extension to
PPL's digital platform. The eMarketplace is an add-on to the Adults or Childrens Portal.
Cloud deployment model
Private cloud
Service constraints
Not applicable
System requirements
  • Application is hosted on the PPL Cloud
  • Users require a modern browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Issues are responded to during working hours, according to priority: - Priority 1 - 15 minutes, Priority 2 - 30 minutes, Priority 3-5 - 60 minutes.

While our team respond to system issues outside of working hours, our team typically only respond directly to customer tickets during working hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support services are agreed with clients on a case by case basis, dependent on requirements. All clients are provided with a named Account Manager and Support Manager who will manage the commercial relationship and support on behalf of the customer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
PPL will provider onsite training, online training, online system documentation and electronic copies of training documentation for unlimited reproduction.

Some support contracts provide full user support, in addition to technical support.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Many elements of data can be exported from the system directly in CSV/XLS/PDF format. PPL can also provide a CSV/XLS/PDF of any other client data held by PPL on the solution.
End-of-contract process
As standard, PPL will include an exit meeting, one day's handover and decommission and destroy client data. We would be happy to tailor this process, according to requirements and would quote accordingly.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
The service is built using responsive technologies that will work across all popular devices. The service will therefore automatically display differently on mobile devices using appropriate reformatting and functionality.
Service interface
Yes
User support accessibility
WCAG 2.1 AA or EN 301 549
Description of service interface
The service interface is delivered via a web browser. The interface has been developed to be responsive (works across PCs, mobiles and tablets), accessible (complies with WCAG AA Accessibility standards) and cross-browser compatible (works across most popular web browsers). The interface is very intuitive and has undergone extensive usability testing, plus there is no requirement for users to download any code or plug-ins.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The interface has been tested extensively with users of assistive technology, including our lead accessibility tester, who is disabled and uses assistive technology on a daily basis.
API
Yes
What users can and can't do using the API
Extract and exchange data between systems. Subject to separate commercial agreements.
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Almost all elements of our service can be customised, including features, service levels and support arrangements. Please contact us to clarify your requirements, after which we will issue a quotation for the service specified.

Scaling

Independence of resources
The PPL cloud makes use of resource management within the virtualisation platform to allocate dedicated resource to each virtual resource within the cloud. These resource are actively monitored by the PPL technical team and managed to ensure smooth demand management.

Analytics

Service usage metrics
Yes
Metrics types
Service metrics are provided through a combination of anonymous user data from Google Analytics and application/server generated information, such as uptime and transaction value.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Many data elements can be exported directly from the system in CSV/XSLX/PDF format against the particular function on the system. In addition, bespoke export feeds can be created and provided via e-mail/ftp/sftp or other secure mechanism, as required by the client.
Data export formats
  • CSV
  • Other
Other data export formats
  • XML
  • XSL/XSLX
  • PDF
  • JSON
Data import formats
  • CSV
  • Other
Other data import formats
  • XML
  • XLS/XLSX
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.95% availability is standard, SLAs are tailored to each customer and appropriate service credits are issued based on the SLA targets meeting availability.
Approach to resilience
Datacentre resilience information is available on request
Outage reporting
Our service is monitored 24x7 by an automated monitoring service, which generates SMS and email alerts to our Service Support team. Customers can opt into service alerts, on request.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Management interfaces are typically only accessible internally by PPL within our network. Where clients need access to the management interface directly, it will typically require a secure IP restricted access and other security measures agreed with the client (e.g. certificates or VPN). Access to the interface is by secure username and strong encrypted password or via integration with 3rd party identity solutions e.g. ADFS/ForgeRock/WS02. The support tools are restricted based on agreed personnel who can raise support tickets and have a secure username and password to access.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Access to management and administration areas is governed by various security options, which are discussed and agreed with our clients.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Citation
ISO/IEC 27001 accreditation date
12/02/2020
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
PPL have a dedicated corporate Information Security team and a CISO responsible for monitoring and managing security across the organisation. Within each business unit, a dedicated security expert provides local management and control. PPL implement mandatory annual training via eLearning tools to ensure staff are ware of all key security policies. A range of tools including SCCM are used to monitor and audit all devices on the network (both local office and hosting infrastructure). As part of our standards compliance, security controls are audited by a number of external auditors and clients on a regular basis.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The purpose the PPL change control process is that any requested changes are understood and that their impact is recognised by all of the parties affected by the change.

The main Components of the change control process are:
• Documented channel through which a change is requested
• Change impact analysis
• Change Advisory Board (CAB) to assess change and recommend action
• Prioritisation and scheduling of the change, relative to other changes
• The development / implementation of the change, including testing,
• Updating of records to incorporate the change
• Management reporting (throughout)
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All threats are reviewed by the corporate security team and reviewed with the business unit security experts. This will also include review and advice with the vendor, if appropriate. Information on threats from 3rd party services PPL subscribes with, vendor notification and other public sources. Patches are deployed on a severity basis as soon as relevant testing is complete or in line with vendor recommendations. Critical patches will be deployed immediately where a known active exploit is identified.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
PPL have a number of hardware and 3rd party solutions that monitor both the internal and external elements of the network and advise on possible threats. Audit logs are maintained at hardware and software level for internal analysis and by 3rd party services, which actively advise on potential issues. All potential threats are reviewed by the corporate security team and reviewed with the business unit security experts. This will also include review and advice with the vendor, if appropriate. Patches are deployed on a severity basis as soon as relevant testing is complete or in line with vendor recommendations.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
PPL operate an ITIL based incident management process with documented procedures for common incidents. Users can report incidents through our online customer service portal. They can also monitor the status of the incident through the portal and receive e-mail/SMS updates. Incident reports are provided through the portal as part of closing each incident.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

Fighting climate change

PPL have a carbon reduction plan and are committed to achieving Net Zero by 2050.

Tackling economic inequality

Tackling economic inequality is inherent in the solutions we provide, which help to create new businesses, new jobs and new skills.

The PHB Digital platform itself provides social value by providing a web presence for voluntary and community organisations at a local level. This functionality provides vital support to organisations who would otherwise not have a web presence. Many of our modules also actively generate much-needed revenues for these organisations, increasing supply chain resilience and capacity.

Through the development of our PA recruitment tool, which includes features and content to actively promote becoming a Personal Assistant, helping them get set up and find clients, we are stimulating the PA market in every area that it is implemented in.

Equal opportunity

PPL are committed to offering employment opportunities to a wide range of people, as such we offer apprenticeships and have employed individuals with lived experience via supported employment programmes (e.g. https://www.waysintowork.com/), reducing the disability employment gap and helping to tackle inequality. PPL is a Disability Confident Employer. We also offer flexible working arrangements to support staff with family or external commitments.

Wellbeing

PPL are committed to supporting wellbeing in the workplace. We offer flexible working arrangements to help with work/life balance and we have "wellbeing Wednesdays" where we actively promote activities that support mental and physical wellbeing. We have also implemented Family and Friends' Fridays over the summer school holiday period, which gives everyone a half day leave to spend with friends and family and to recharge.

Pricing

Price
£10,000 a unit a year
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@peopleplaceslives.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.