HELPFIRST LIMITED

HelpFirst

HelpFirst is a CRM plug-in that allows caseworking organisations to identify and prioritise their most vulnerable customers.

Features

• Score
• Risk Alerts
• Supervisor view

Benefits

• Prevent high-risk cases falling through the cracks
• Reduce the cognitive load on caseworkers of switching between cases
• Allow managers to see the case load on their team

£200 to £400 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy@helpfirst.ai. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

842638503576769

Contact

Andy Bell
07932047197
andy@helpfirst.ai

Service scope

• Software add-on or extension: Yes
• What software services is the service an extension to: Dynamics 365, Salesforce or other CRM system
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: We are optimised for the Azure cloud, but that is not a hard constraint. HelpFirst can also be deployed on a private cloud or with a different cloud provider.
• System requirements: Azure cloud (not a hard constraint)

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 4 hours during working week.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Dedicated customer success manager throughout the engagement.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: * Workshops to customise the service; * User training; * Online documentation
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: To be confirmed
• End-of-contract process: To be confirmed

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Service is accessed via Dynamics 365 or similar CRM.
• Accessibility standards: None or don’t know
• Description of accessibility: Via Dynamics 365 or similar CRM.
• Accessibility testing: None to date
• API: Yes
• What users can and can't do using the API: Users access HelpFirst insights and prioritisation via an API.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: We will work closely with the users, to customise the HelpFirst service around the risks that they want to prioritise.

Scaling

• Independence of resources: Each instance of HelpFirst is deployed separately, as an independent resource, so this is not an issue.

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: HelpFirst is an analysis service so we don't really hold the users data. ; ; The user may want to access HelpFirst analysis of their cases. That data is not currently exportable, primarily for data security reasons.
• Data export formats: Other
• Other data export formats: Data not currently exportable.
• Data import formats: Other
• Other data import formats: Not relevant. Data would be uploaded via CRM.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: 99.9% guaranteed uptime. Users are refunded for any fraction of the billing period when the service was not avilalable.
• Approach to resilience: We are relying on Azure's datacentre resilience
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Other
• Other user authentication: HelpFirst is a CRM plug-in. We rely on the verification that happens at the CRM layer. Typically this will be 2FA.
• Access restrictions in management interfaces and support channels: At HelpFirst, we prioritise the security of our clients' data and restrict access to management interfaces and support channels through:; ; 1. Role-based access control (RBAC) based on least privilege principles; 2. Mandatory multi-factor authentication (MFA) for all users; 3. Regular access reviews and permission updates; 4. Encrypted communication channels for secure data exchange; 5. Continuous monitoring and logging of access attempts and activities; 6. Staff training on security best practices and policies; ; These measures ensure that only authorised personnel can access sensitive information, minimising the risk of unauthorised access or data breaches.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials
• Information security policies and processes: 1. Access Control: We follow the principle of least privilege, ensuring that users only have access to the resources and data necessary for their roles. .; 2. Data Protection: We employ strong encryption techniques to protect data both at rest and in transit. ; 3. Incident Management: We have a well-defined incident response plan that outlines the procedures for detecting, reporting, and responding to security incidents. ; 4. Business Continuity and Disaster Recovery: We have a comprehensive business continuity and disaster recovery plan to ensure that our services remain available even in the event of a disruption. ; 5. Security Monitoring and Auditing: We continuously monitor our systems for potential security threats and vulnerabilities. ; ; Our information security policies are overseen by our Chief Operations Officer (COO), who reports directly to the Chief Executive Officer (CEO).

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our configuration and change management processes ensure that all changes to our IT environment are properly planned, tested, approved, and documented. We follow a standardized change management procedure that includes risk assessment, impact analysis, and rollback plans. All changes undergo thorough testing in a separate environment before being deployed to production.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our vulnerability management process proactively identifies and mitigates potential threats. We gather threat intelligence from various sources and conduct regular internal and external vulnerability scans. Identified vulnerabilities are assessed using CVSS and prioritized for patching. Critical patches are deployed within 24-48 hours. We maintain secure configurations, perform penetration tests, and have a well-defined incident response plan. This comprehensive approach helps us maintain a strong security posture and protect our services from emerging threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our protective monitoring processes leverage Azure's built-in security features and monitoring capabilities. We use Azure Security Center to gain visibility into potential security vulnerabilities and threats across our Azure resources. Azure Monitor and Azure Sentinel provide us with real-time security analytics and threat intelligence to identify potential compromises. When a potential threat is detected, Azure's integrated incident response capabilities allow us to quickly investigate and respond, typically within 30 minutes of detection.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: As an organization hosted on Azure, we comply with Azure's incident management processes, which are aligned with industry best practices and standards such as NIST 800-61 and ISO/IEC 27035. ; ; Azure has a comprehensive incident response plan that includes:; ; Preparation: Azure maintains an incident response team and has predefined procedures and communication channels in place.; Detection and Analysis: Azure's 24/7 monitoring systems and threat intelligence help detect and analyze potential security incidents.; Containment, Eradication, and Recovery: Azure promptly contains the incident, eradicates the threat, and recovers affected systems, following predefined procedures.; Post-Incident Activity: Azure conducts post-incident reviews to identify lessons learned.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Tackling economic inequality

  50% of our senior management team and 50% of our technical team are female. In a small way, this helps reduce the enduring sexism in technology.

  Equal opportunity

  We are an entrepreneur-led SME. Our continued existence ensures that we contribute to a diverse and resilient supply chain. We make innovative use of AI that should lead to lower cost and/or higher quality goods and services.

  Wellbeing

  Well-being is at the heart of our mission: using AI the protect the most vulnerable members of society. ; ; We protect caseworkers by reducing the cognitive load of switching between cases. We protect managers, by reducing the fear of discovering the needle in the haystack. ; ; Most importantly, we protect the clients of the organisation that is using HelpFirst. By providing accurate prioritisation, we ensure that people get the priority they deserve. By provide visual 'risk alerts', we ensure that caseworkers understand their client needs.

Pricing

• Price: £200 to £400 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We would be happy to provide a free trial as a Proof of Concept. This would need to be discussed, as it would be provided on a bespoke basis and would depend on the clients' requirements.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy@helpfirst.ai. Tell them what format you need. It will help if you say what assistive technology you use.