CRB ASSOCIATES LTD.

CRBhub Coaching and Mentoring Management System

CRBhub is a comprehensive web-based programme facilitation and management system for coaching, mentoring, and similar interventions. The system is offered on a licensed basis, which includes resilient
and secure web hosting along with friendly, responsive support from the team at CRB Associates.

Features

• Automated profile-driven search and match process
• Full relationship management– schedule sessions, upload and share notes/documents
• Multi-stage evaluation gathering from participants and third parties if required
• Administrative console to manage users, relationships, resources and messaging
• Comprehensive reporting of programme usage, relationship activity and evaluation data
• Coaches/mentors can record and report on CPD, supervision, learning logs

Benefits

• Proven system, used by NHS and public sector since 2011
• Personalised branding / profile questions / evaluation / system settings
• Securely and independently hosted- no internal IT resource required
• Frees up administrative resource, with the associated cost benefits
• Provides accountability and a tangible measure of ROI
• Scope for system enhancement and further development as programmes evolve
• User-friendly system, drives end user engagement

£13,000 an instance

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at corin.wakeford@crb-associates.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

846293577935207

Contact

Corin Wakeford
01582 326414
corin.wakeford@crb-associates.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: By default a core service specification is offered, but this may be extended as required, by arrangement.
• System requirements:
  • An internet connection
  • A current, standards-compliant web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Standard response time is within 24 hours, during UK business days. Enhanced support may be provided as an optional extra.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Our standard level of support includes unlimited telephone and email support from a named account manager, or substitute if they are unavailable, during UK office hours, for named top level system administrators. This standard support is included within the annual system licensing fee.; ; Enhanced support levels are available if required (POA) should additional support be required for sub-administrators (e.g. regional leads) or if assistance with performing administrative tasks is required. Enhanced support would typically incur an additional annual cost of £3k - £5k depending on the level of additional support required.; ; Technical / cloud support managers and engineers are not allocated as a first point of contact to clients, but may be accessed via the support ticket system or via referral from the nominated account manager. This may result in direct contact from a technical member of staff in a second line support capacity.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: -- Two detailed system training sessions are provided to nominated system administrators, delivered via Teams;; -- Help guides for end users and administrators are available when logged in to the system;; -- We can import existing supplier / client / relationship data, if required (to be supplied in a standard format, i.e. CSV). E-mail notifications can be scheduled to be automatically sent to imported users, containing a welcome message and their initial login details for the system, if required.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: System administrators may extract key user and relationship data in CSV format as and when required, until the system is decommissioned. We will also provide any required client data in machine-readable format within one month following expiration of a system licence. Our data processing agreement specifies that the commissioning client remains the owner of all data uploaded to / aggregated by the system.
• End-of-contract process: Should a client not wish to renew their licensing agreement, we will make arrangements with them to provide their data in machine-readable format, at the point of system decommissioning, if required. This is included in the price of the contract. ; ; In accordance with our obligations under the GDPR, client data are deleted from our systems and servers and so are no longer retrievable following system decommissioning.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: All desktop functionality is accessible via mobile, and is optimised for a mobile viewport. The allows the core features of the system to be easily accessed via phone/tablet, particularly for end users. For administrative reports etc we recommend a full-size display, due to the quantity of data displayed on-screen.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The system and support helpdesk are accessed via a web browser over the public internet.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: The system has been assessed by real end users employing assistive technology. As a result, the system has been improved in some key areas to ensure that it is fully accessible by these users.
• API: No
• Customisation available: Yes
• Description of customisation: We differentiate "personalisation" and "customisation". Personalisation is provided as standard -- this includes organisational branding, specification of profile fields, and evaluation question sets and scheduling. Customisation is offered as an optional extra, and is open-ended -- we define this as modification of the system functionality to meet the particular requirements of the commissioning clients's own programme. Customisation may be applied at the time of commissioning and/or subsequently in response to user feedback or evolving programme requirements. In each case, any customisation is subject to a fully costed specification.

Scaling

• Independence of resources: Systems are distributed across servers which are monitored to ensure appropriate levels of redundancy. We use cPanel server management software with alerts to ensure that no single hosting account can monopolise the resources of a server.

Analytics

• Service usage metrics: Yes
• Metrics types: The CRBhub system aggregates key aspects of activity into a top-level real-time dashboard, ideal for management reporting. Various built-in reports provide other metrics ranging from high-level aggregate statistics to highly granular reports which may be exported in CSV format for offline analysis. Additional reports may be commissioned as required in order to meet the requirements of the client's programme.
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: End users may export a limited set of data relating to their logged system activity, depending on their assigned user types. The export functions are clearly signposted in the user interface.; ; Administrative users may export aggregated sets of user and relationship data, as well as generated system reports.
• Data export formats:
  • CSV
  • Other
• Other data export formats: PDF
• Data import formats: Other
• Other data import formats: Data upload is not available as standard to system users.

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Availability is guaranteed at >99.97%. This service level is written into our client contracts, and is also reflected in the SLAs of our hosting provider subcontractors. Service credits for failure to meet these service levels are also written into the client contracts.
• Approach to resilience: Our servers employ firewalls, intrusion detection systems and DDos migitation services to provide a proportionate level of resiliance as standard. These servers are located in datacentres which are certified to ISO-27001 standard. Specific information on datacentre security measures/policies may be provided on request.
• Outage reporting: Automated monitoring is in place on our managed servers. We are notified of any outages, and we then pass this information on to affected clients, either via our online ticketing system or by direct contact. Outages are a rare occurrence however, due to the investment that we make in maintaining a secure, robust and monitored infrastructure environment.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: A one-time/single-use access code may be used to gain limited access to the system for providing evaluation feedback.
• Access restrictions in management interfaces and support channels: System administrators are subject to the standard username and password authentication, but additionally are required to satisfy a second level of authentication before being granted access to the system. Upon successful authentication of username and password, an email containing a one-time code is sent to their registered email address. This one-time code must be entered within 15 minutes in order to achieve a successful login.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: IASME Cyber Assurance Level 1 (GDPR)

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials; IASME Assurance Level 1 (GDPR)
• Information security policies and processes: Our security policy covers physical, technical and social aspects of data security, and is regularly reviewed to ensure ongoing compliance with Cyber Essentials requirements. Our data protection policy forms a subset of our security policy, and covers the requirements set out in the GDPR. Our information security policy also contains procedures for handling actual or suspected incidents/data breaches, including documentation and notification to the appropriate bodies. Employees are required to adhere to the security policy as a condition of their employment contract, and the Managing Director is ultimately accountable for enforcement of the security policy directives.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Each implemented system is based on an approved codebase version , which has passed through our testing procedures. Once the system has undergone initial build and personalisation/customisation, another full internal test is undertaken before provision to the commissioning client for a review period, when minor changes can be requested. For subsequent change requests, a technical specification is prepared and assessed for security and usability impacts, sometimes resulting in elements of the request being modified. System enhancements are subjected to internal testing before being made available to the client. For fundamental changes, the entire system would undergo a full re-test.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We use specialist hosting subcontractors, and our management agreement with them includes vulnerability scanning. Patches are typically deployed monthly, except in the case of critical zero-day vulnerabilities, which are patched at the earliest possible opportunity (once the patch has been issued by the software manufacturer).
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our host servers are continuously monitored for vulnerabilities. Automatic alerts ensure that any new vulnerabilities (including any newly published CVE issues) are notified in a timely manner to our managed hosting providers. For any identified vulnerability, a risk assessment and appropriate remediation schedule is put in place based on the severity of risk determined.
• Incident management type: Supplier-defined controls
• Incident management approach: Our security policy includes a section on incident management, with which all employees are familiar. Our processes ensure that any actual or suspected incident/breach is isolated at the earliest opportunity, following which it is investigated and, if required, an appropriate remediation plan is put in place. When personal data are involved, we adhere to the ICO's directives regarding notification. Users may report incidents via our support ticketing system, although in view of the perceived urgent nature of such incidents, a client would often choose to contact their account manager directly. All incidents and related assigned actions are documented.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  By streamlining and efficiently automating the processed involved with running and managing a coaching/mentoring programme, in particular removing the need for the majority of manual interventions, our CRBhub system can be shown to reduce carbon emissions associated with the manual processes which would otherwise need to be undertaken, including those related to commuting, office provision, consumables provision, waste processing/recycling, etc.

  Covid-19 recovery

  Our CRBhub system contributes to the ongoing COVID-19 recovery by promoting and efficiently facilitating the delivery of coaching and mentoring services. Coaching and mentoring are among the most effective means of delivering tangible career development and knowledge sharing across all industries which have suffered from staff being forced to work in relative isolation, without the day-to-day exposure to the informal interactions and knowledge sharing which are inherent to office-based working, during and following the COVID pandemic.

  Tackling economic inequality

  Our CRBhub system contributes to tackling economic inequality by promoting and efficiently facilitating the delivery of coaching and mentoring services. Coaching and mentoring are effective means of knowledge and skills sharing, allowing the junior partner to more rapidly advance their career and earning potential, thereby reducing the salary gap between them and their superiors.

  Equal opportunity

  Our CRBhub system offers the facility to capture D&I information such as gender, ethnicity, sexuality, etc, which is then anonymised to produce reports allowing system administrators to focus and ensure equality throughout their coaching and mentoring programmes.

  Wellbeing

  Our CRBhub system contributes to the ongoing COVID-19 recovery by promoting and efficiently facilitating the delivery of coaching and mentoring services. Coaching and mentoring inherently promote wellbeing by allowing participants an open and confidential channel in which to discuss their situation and concerns, and to receive advice and reassurance which they can use to improve their wellbeing, both in their career and in their life in general.

Pricing

• Price: £13,000 an instance
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at corin.wakeford@crb-associates.com. Tell them what format you need. It will help if you say what assistive technology you use.