REAP SERVICES LTD

CUBE Back Office

At Reap Services, we are pioneers in delivering cutting-edge low code solutions tailored specifically for the public sector. Our expertise lies in providing comprehensive services that empower government organizations to streamline operations, enhance efficiency, and improve citizen engagement.

Features

• Low code expertise
• Data-driven workflow of core processes
• Preconfigured Modules
• Comprehensive Support
• Management of Interfaces
• Documented, published Open API included as standard
• Innovative Use of Data Sets
• Accounts, Portals and Public Registers

Benefits

• Lower cost of processing
• Intuitive systems
• Integrated systems
• Improved customer experience
• Automated Triage
• Self Service

£65 to £200 a licence a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Danny.Ivie@Reapservices.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

895114592132441

Contact

Danny Ivie
07939651600
Danny.Ivie@Reapservices.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Maintenance events usually scheduled to occur outside normal hours-of-business (assumed 08:30-17:30)
• System requirements:
  • Internet connected device
  • Supported on a range of internet browsers

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Clients set their own log priorities and the support desk responds in accordance with pre agreed SLAs.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Clients provide panel testing of all of our support structures.
• Onsite support: Yes, at extra cost
• Support levels: Support is governed against individual SLAs and these are driven by our clients requirements. Having said this as a rule we offer several levels of support which includes: web support telephone support onsite support remote monitoring Generally all support will be coordinated by a dedicated client manager and we encourage monthly support meetings. Support will normally form part of the licensing or transactional costs but where a request falls outside of the agreement we would charge published daily rates.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Reap Services solutions have been designed to intuitive to use. Solutions are supported with a full range of training functions Including; ; Training Documentation; Video Training Material; Train the Trainer sessions; Class Based Training; ; We will agree with our clients set training plans and will provide certified training courses directly by our own staff
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: At the termination of the contract we would work with the users to understand the export requirements they have. Usually this involves another supplier and we would work alongside them to export the data in a suitable format to enable the data to be migrated into the new system quickly and efficiently.
• End-of-contract process: We can leave the applications running and the clients can continue running them down, with or without support. We can help to manage the transfer of data to a third party system. Or in some cases where there is no propriety data involved the service will just be switched off.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Responsive design
• Service interface: Yes
• User support accessibility: WCAG 2.1 AAA
• Description of service interface: Clients dictate the interfaces that they require and we facilitate and manage them
• Accessibility standards: WCAG 2.1 AAA
• Accessibility testing: Clients have panels testing our support structures including interfaces we provide.
• API: Yes
• What users can and can't do using the API: Users can interact using the REST and SOAP services with our application. This is not exposed on the public internet and customers would require a secure VPN connection before they could access it. We offer API for the loading of tickets, viewing of tickets, paying for tickets and loading of inbound correspondence. Other API points are available but these are low level and we would not encourage use and only then support on time & materials basis.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Recognising the diverse needs of local government operations, we specialise in crafting bespoke solutions tailored to reflect specific local operating conditions. Our team works closely with clients to develop customised applications that address their unique challenges.

Scaling

• Independence of resources: On our internet connection we enable QoS (Quality of Service) to ensure enough bandwidth is available to the end users. We also use segregated infrastructure which means each client has their own dedicated servers running their system. This means that they are not affected by another authority putting strain on the system. Should we see the underlying infrastructure being strained we can easily scale up by either (a) providing additional resources to the VMs running the system or (b) add additional servers in a load balanced solution.

Analytics

• Service usage metrics: Yes
• Metrics types: Reap Services can provide reporting tools that can present data in report and dashboard format. Users will also be able to build there own reports ranging from daily management requirements through to KPI metrics
• Reporting types:
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Data can be extracted by the user or Reap Services. Data can be extracted by the user at any time before the contract ends. There are several UI tools provided, depending on the specific needs. These tools provide data in CSV format, files are provided in their original formats. Open APIs also allow a variety of open-source tools to be used to extract data into other formats.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our standard availability target is 99%, measured on a calendar month basis and not to include any planned downtime for system maintenance and the likes. Service availability will be defined under specific contract terms but will generally mean that a user under licence can access the system and retrieve information.; Where there are local issues that prevent access to the system any failure to be able to meet these conditions will not be deemed to be a breach of the SLA.; To monitor the service we will provide clients with our monitoring tool that shows the live status of all server availability.
• Approach to resilience: This is dependent on the the clients specific needs but where possible we ensure that we have no single points of failure. The physical servers all run RAID disk arrays and dual teamed network cards. The firewalls are setup in a cluster with one running at each site, this automatically fails over should the primary one experience an issue. Data is replicated between 2 separate sites over a dedicated fibre point to point link.
• Outage reporting: We use both internal monitoring tools to monitor CPU, memory and disk space etc as well as external monitoring for our public facing sites. Should any of these monitoring tools detect an issue an email and SMS is sent to a number of people who can resolve the issue. In addition we also have a dashboard available on the internet showing the current status of our systems. These can be easily customised to allow our clients to see only the services that are of interest to them.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Users are added to security groups and all parts of the system are protected from users who are not part of the correct access groups. For example, only users who are a member of a specific security group would be able to reverse a transaction.; All user actions and document updates are audited (date/time/userID).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We run a robust information security policy that is designed to ensure that all of clients (and so their customers) data is protected at all times. The policy deals not just with the data itself but also extends to security around access to data. This is especially important to us as several of our services have both public facing web pages and involve remote lone workers using mobile devices. We build our system to be in line with legislative standards and to ensure that users have a compliant, safe and secure platform from which to work. The policy is a active part of our core behaviours as we understand that it protects both our clients and ourselves from reputational harm as well as protecting the data itself. It should be noted that for the policy to be effective it needs to dovetail with local client policies and procedures.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: We work hard to ensure users are fully aware of changes, that they are trained or have factsheets etc. Generally we will manage and implement most of the initial system configuration, but we will do this this in close partnership with the clients mobilisation team and will rely heavily on them to supply the relevant data sets. Core elements of the service are monitored continually with either monthly KPI reports being used or some clients opting for our live system health checks. Clients IT teams are often involved in the change management process especially so when relating to local security.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: We run our own penetration tests regularly using OWASP ZAP to ensure no vulnerabilities exist within our systems.; ; Upon identifying an issue we asses the risk and give the issue a priority. Priorities are assessed by the vulnerability and the number of our clients that it could possibly affect.; ; Information is obtained from a number of sources including Qualys Community and Dell Sonicwall.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: We use external penetration tools to help us identify potential compromises. If an issue is identified it is categorised High, Medium or Low.; Anything falling into the High category is immediately actioned and a fix sourced immediately.; Medium category issues are usually dealt with on a weekly basis.; Low category items are resolved on a monthly basis as part of the server maintenance routines.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users report incidents via a web portal and these are logged directly in our Support Desk software. The software is configured with triggers that recognise common problems, and route them to the most suitable person or team. It contains a Knowledge Base, so that knowledge can be easily shared between team members.; ; We have strict processes for specific events e.g. Priority 1 issues, and these processes are regularly reviewed.; ; Clients can view the progress of issues on the web portal.; ; Incident Reports are run automatically and emailed to a nominated circulation list weekly.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a purpose-led, responsible business, the Reap Services Limited group companies are committed to its responsibility in the fight against climate change. We are dedicated to reducing our environmental impact and supporting our clients and suppliers to do the same and we know that if we work together, we can make a real difference. Significant reductions in carbon dioxide emissions has been made by reducing travel by video conferencing where possible. The switch to a paperless office allows reducing in consumables for both us and our clients. We are always looking at more sustainable activities and work well with our local government clients to promote this through our software delivery systems. Underpinned by these science-based targets, we have set out an ambitious and far reaching roadmap to take us to Net Zero by 2035. These are challenging targets, that we as an organisation are committed to at every level. Our three phased approach that will see us reach operational net zero by 2025; operational and business travel net zero by 2030; and full net zero by 2035 including our supply chain, ahead of the UK Government target of 2050.

  Tackling economic inequality

  Social purpose is woven into the company’s fabric. From creating new businesses and new employment opportunities, to improving education and training, the company is committed to tackling economic inequality at root. Our overriding vision is to help lower the unequal distribution of income and opportunity between different groups in society.

  Equal opportunity

  Equal opportunity The company is committed to creating accessible technologies and products that enhance the overall workplace environment and contribute to the productivity of our employees, our customers, and our customers’ customers. We recognise the need for our applications, and our customers’ and partners’ products built with our tools, to be usable by the disabled community.

  Wellbeing

  The company regularly delivers both manager and employee training on a variety of wellbeing topics, including mental health, which are available in real-time and on demand. Examples include ‘Your Wellbeing, Your Tools’ and ‘Stress Awareness and Mental Health’. We also provide employees and their dependants with access to a free and confidential Employee Assistance Programme, offering emotional and practical support should they need it 24/7 and in confidence. The company is committed to the implementation of the core standards as set out in the Stevenson Farmer Review on Mental Health and Employers.

Pricing

• Price: £65 to £200 a licence a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Danny.Ivie@Reapservices.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.