Fincore Limited

Finworks - Case Management Platform

Finworks’ Case Management Platform is a secure and structured low code case management solution. The platform facilitates safe collaboration, task prioritisation, document management, reporting and advanced data handling. Effective case management empowers digital transformation and enables your staff to be more effective and drives efficiency across your organisation.

Features

• Highly configurable case records, business rules and workflows
• Powerful collaboration capabilities for secure multi-organisation workflows
• Case management, documentation management, prioritisation and escalation
• Robust management information, reporting, dashboard and audit trail capabilities
• Secure access through full role-based permission control
• Full auditability for all user and system actions
• Compliant to Government security standards up to an OFFICIAL SENSITIVE
• Open APIs for easy integration to legacy and other systems

Benefits

• Enterprise solution focused on improving workflows and process transparency
• Fast on-boarding; our expert team is experienced in rapid deployments
• Cloud agnostic - public, private or hybrid cloud
• Simple user interface to configure the platform to business needs
• Optimise data flow through interactions with databases and data sources
• Substantial reductions in case cycle times
• Secure access and automated notifications for external users/suppliers and agencies
• Provides real time business intelligence
• Acceleration of operational processes through workflow monitoring and review capabilities
• Well-established platform for mission critical deployments in the public sector

£21 a user a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@fincore.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

862975336337845

Contact

Mike Ellis
+44 (0)207 397 0620
government@fincore.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Please see our Service Definition document for details of the service. This includes a section on customer technical requirements and also details support and maintenance arrangements.
• System requirements:
  • Browser as per our browser specifications
  • Reasonably modern PC/mobile device
  • Sufficient bandwidth to access the service
  • Sufficient bandwidth to process data if in separate data centre

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: In accordance with an agreed support SLA. Normally within 1 Hour on weekdays during normal UK office hours but can cover 24/7/365.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Tested with standard browsers and to meet accessibility standards.
• Onsite support: Yes, at extra cost
• Support levels: We customise our support arrangements according to your individual needs. Support can be provided on either an SLA or capped effort basis, with support hours and SLA terms agreed according to your specific requirements. Support is provided by an expert team, and we have a reputation for building systems that are easy to use and require little support. Please see our Service Definition document and Pricing for further details of our support arrangements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our service is designed to be extremely easy to use, to the extent that some customers do not feel any need to train their staff to use it. We can however provide training, train-the-trainer support for in-house training, and relevant documentation as needed. We can also provide a full range of onboarding, configuration and other implementation services. Please see our Service Definition and Pricing documents for details.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Finworks can provide an extract of the database in XML, CSV, ODF and JSON format and any stored files in their provided document format. Alternatively, users can directly extract all customer data and files using the service's API.
• End-of-contract process: Please see the Exit Plan section of our Service Definition document.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Our mobile service is provided through responsive design. All core features can be used on mobile devices that meet the browser requirements, but certain functions (e.g. where large amounts of data need to be viewed on screen) are best undertaken on a PC or tablet with a suitable screen size.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: All key capabilities can be accessed and integrated through our service interface. This allows seamless integration with other services, platforms, websites, apps and applications.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Tested with standard browsers and audited through a third-party company.
• API: Yes
• What users can and can't do using the API: The service provides an Application Programming Interface (API) which can be exposed as RESTful and SOAP-based web services. There are numerous calls, which focus on: (i) creating, updating and extracting data (all customer data can be extracted or input using the APIs); (ii) allowing users to take action within workflows; (iii) executing most of the system functionality around user management; and (iv) managing data in the service's 'Bulletin Board' (interactive dashboard), 'Workzone' and 'Basket' functions. All the API calls are documented in an interactive web page within the administration interface, with sample calls and example code to aid any team who are programming against it. A test suite, or 'sandbox', can be made available.
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The service is designed to be extensively user customisable in almost every area, including workflows/business processes, forms, reports, bulletin boards (interactive dashboards), livery (for customer branding) and customer-specific data model. The ability to customise a specific instance is predominantly delivered via configuration. Customers can also access and extend the functionality using the extensive API suite.

Scaling

• Independence of resources: Our DevOps team proactively monitors service performance on our standard (multi-tenanted) service, and will adjust hosting environment parameters as needed to anticipate/address performance issues. Customers can also opt for a dedicated instance of our service, with dedicated application and database virtual machines, for an additional fee. Please see our Service Definition and Pricing documents for further information.

Analytics

• Service usage metrics: Yes
• Metrics types: Finworks has standard service metrics which can be amended to or customised to specific requirements. The service metrics can be defined by the customers to suit their KPIs. We can extract a very broad range of data from: (i) our application; (ii) our hosting environments; and (iii) our support systems. For example, our workflow system provides visualisation of process cycle times and bottlenecks.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: We apply a defence in depth approach to the hosting environments we provide.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Our extensive API suite supports full or partial export of the data in the database and any files stored in their original document formats.
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats:
  • XML
  • PDF
  • JPG
  • PNG
  • TXT
  • DOC
  • DOCX
  • XLS
  • XLSX
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • XML
  • PDF
  • JPG
  • PNG
  • TXT
  • DOC
  • DOCX
  • XLS
  • XLSX
  • JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: IP address whitelisting can be applied to customers. Where applicable, highly sensitive data could also be shipped in an encrypted format (in addition to transmission using TLS).
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: We apply a defence in depth approach within the hosting environments we provide.

Availability and resilience

• Guaranteed availability: Depending on the hosting and support arrangements in place, we can offer SLA-governed availability levels of up to 99.9% (excluding scheduled downtime).
• Approach to resilience: We offer a range of resilience options. Please see our Service Definition document.
• Outage reporting: We agree outage reporting arrangements flexibly with individual customers to fit in with their own processes.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: Access over government networks could also easily be provided; all the necessary security provisions are already in place. Likewise, identity federation would be easy to provide and is on our roadmap for delivery over the G-Cloud 12 framework period.
• Access restrictions in management interfaces and support channels: Our preferred platform is AWS however our solutions are cloud agnostic and we would be happy to provide the software on any cloud platform. For our standard service, the AWS Management Console is used to manage the AWS accounts and requires 2 factor authentication. Support access to the AWS infrastructure and servers is via 2-factor authentication across a VPN connection. This VPN is established using public key authentication. Username and password are required for access into the active directory domain. Where hosting with an alternative cloud provider or on premise is requested, access arrangements will be agreed with the customer.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: We have an extensive range of authentication services as indicated above.

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Peers Quality Assurance Ltd
• ISO/IEC 27001 accreditation date: 19/11/2021
• What the ISO/IEC 27001 doesn’t cover: All Fincore's activities are covered, including all activities under our Finworks trading name.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications: ISO 9001:2015

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials scheme and Data Security and Protection toolkit.
• Information security policies and processes: Fincore is accredited to the ISO 27001 ISMS standard, with a regular programme of internal and external (independent) audit to monitor and maintain compliance. Fincore is also accredited to the ISO9001 quality management standard, and is registered with the Information Commissioner's Office for data protection.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Every customer fully controls the configuration of their service-instances. When Finworks makes changes on behalf of customers: a business analyst will capture requirements which will be implemented by trained specialists; a solution architect and our QA team review requirements prior to design, then review and test proposed detail configuration changes prior to deployment ensuring functional, SLA, and information-security quality criteria are met. Change management processes for configuration changes are agreed with customers. For software development, our SaaS development process follows best practice standards for robust, secure trusted cloud software. The change process is recorded in a centralised change management portal.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We undertake threat reviews when we make changes to our software or infrastructure and when new threats are made public. We carry out regular penetration testing and our CSO monitors security information sources. Our DevOps team are responsible for addressing public threats and the system architects would address any vulnerabilities identified based on the area of the threat. The speed of patching is proportionate to the level of threat identified.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We have an IDS/IPS in place with anti-virus and anti-malware software on all Windows servers. We collate log files centrally from all relevant system components, and these are reviewed daily by the DevOps team. When unusual activity is identified, it is escalated to our system architects who, in consultation with our CISO, will determine the appropriate course of action. DarkTrace and Cisco Firepower are used for monitoring the network activity.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: When incidents occur, they are triaged by a Service Manager who co-ordinates the response in accordance with our ISO 27001 policies and procedures. Our team and customers may report incidents by phone, email or directly and all incidents are logged in our centralised incident management portal. Major incidents will be escalated immediately to senior management level. The Service Manager provides regular updates and an incident report on resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks:
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

• Fighting climate change:

  Fighting climate change

  It is our aim to achieve clear and definite standards of ethical behaviour throughout all areas of business. Fincore Ltd takes responsibility for creating wider benefits both within and around our business and endeavour to make our impact a positive one, which improves the lives of others and reduces the risk of harm to people and the environment. We will continue to look at reducing the impact we have on the environment as a result of our operations. Through innovation and a proactive attitude to waste and energy reduction and seek annually decrease our carbon emissions. We strive toward finding new opportunities to work with clients and specialists in the development of pioneering and sustainable design within data management.
• Covid-19 recovery:

  Covid-19 recovery

  Fincore’s solution is web-based application hosted on the cloud and is inherently resilient. Throughout the Covid-19 pandemic and into the recovery period we have helped our customers to allow staff to work remotely, enhancing the agility of their organisations.
• Tackling economic inequality:

  Tackling economic inequality

  Fincore Ltd are fully committed to adding value to the communities within which we work. We strive to excel the required level of compliance. Being a good neighbour means we actively interact with community groups and support educational initiatives. We foster local business relationships through sourcing local labour, equipment and materials where possible and will continue to champion community engagement throughout the industry.
• Equal opportunity:

  Equal opportunity

  Fincore Ltd is an equal opportunities employer recognising that the provision of equal opportunities in the workplace is good business practice, maximising the talent available. Our company is committed to ensuring we remain within the framework of the law that our workplace(s) are free from unlawful or unfair discrimination, as defined by the Equality Act 2010 (the "Act”). We have adopted an Equal Opportunities Policy as a means of helping to achieve these aims.
• Wellbeing:

  Wellbeing

  Fincore Ltd are committed to planning and executing all operations in a manner that safeguards the health, welfare and safety of all employees, supply chain, clients, the public and end users. Our company advocates a behavioural safety and worker engagement approach to Safety, Health and Environment. A change in safety culture through training seminars and incentive schemes results in every worker becoming responsible for SHE in the workplace. We will continue to reduce our RIDDOR annually and work at all levels of the business to guarantee safety is our highest priority and strive to become an 'injury free workplace’.

Pricing

• Price: £21 a user a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@fincore.com. Tell them what format you need. It will help if you say what assistive technology you use.