Ellucian

Ellucian Quercus

Quercus is a comprehensive SaaS Student Information System, specifically designed for Higher Education providers that delivers a full range of functions to manage the student lifecycle from admissions to graduation.

Features

• Intuitive registration tools
• Designed specifically for HE
• Integrated attendance tracking tool
• Mobile access for students, faculty and staff
• Single page access to critical student information
• Real-time and comprehensive student visibility
• Modern architecture
• Ability to be integrated with 3rd party systems
• Comprehensive regulatory reporting capability including UCAS, OfS and SFE
• Powerful ad-hoc reporting tool reporting on data across the lifecycle

Benefits

• Deliver the academic experiences your students expect and want
• Improved engagement with students
• Nimble curriculum management for faculty and administrators
• Workflow helps to automate and streamline operations
• Better collaboration between academics and administration teams
• Supports data driven decision making processes
• Integrated accounts receivable for accurate and timely student finance management
• Improve accuracy and quality when interacting with UK statutory bodies
• Standardise and streamline student support services with Case Management
• Provide a holistic view of the full student journey

£58,000 an instance a year

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emearfp@ellucian.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

896116205944626

Contact

Matt Searles, Vice President
+447890 627355
emearfp@ellucian.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Quercus software licences
  • Latest browers installed

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: • P 1 - Critical - 1 hour or less - ; A ‘production down’ situation where you are experiencing a full system or software failure preventing you from performing critical processing.; • P2 - High - 4 hours or less - ; Situations where you experience a partial failure preventing you from performing critical processing; • P3 - Medium - 1 business day or less - ; An intermittent failure or a problem that causes a considerable delay in non-critical processing ; • P4 - Low - 3 business days or less -; General questions, or problems that do not appreciably affect processing
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our customer support website, available 24/7, is where customers can access a variety of information, including product news, case updates, bug reports, and enhancement requests. Customers can also take advantage of our Knowledge Base, a searchable database of resolved support cases. Ellucian can provide answers to the many routine daily questions users have via the Ellucian Action Line. The Action Line is a telephone support system for users, allowing them to speak with an Ellucian consultant on functional or technical issues. Users may also report apparent product defects using the Action Line. Action Line uses an automated answering system to receive and record initial Action Line calls. The answering system allows Action Line staff to be prepared before returning calls. Action Line staff can classify, prioritise, record basic details, conduct research, and assign the most appropriate consultant for resolution of your question. There is no additional cost to provide this service.; We provide both working day support and 24x7 support options. ; Hosted customers have a named Cloud Assurance manager.; All customers have a named Customer Success Manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: During the Project Initiation phase the project team members – from both Ellucian and your institution - meet to review customer high level goals, objectives and KPI’s for the project. The team aligns expectations and agrees an initial project plan. ; ; As part of this phase, you can expect to help create the Resource Schedules and Initial Project Plan, as well as review the Project Scope Statement and the Project Charter.; ; The Project Charter summarises the scope of work to be executed, tactical and strategic business objectives, project stakeholders, and includes: ; ; •Purpose; •History; •Scope; •Mission and goals; •Implementation approach; •Communication plan; •Guidelines; •High-level schedule; •Escalation and decision procedures; •Approvals.; ; Ellucian Professional Services guides and supports your project team both through the use of pre-defined delivery material and more bespoke enablement depending on requirements. We can provide training which is directed toward a specific audience and designed to meet specific purposes. Training will be structured to enable your Teams to gain specific insight into the capabilities of each solution.; ; Formal training is delivered either ; 1.Directly on campus in a classroom setting ; 2.Remotely by a consultant using screen sharing software and VOIP; 3. On Demand product training from a suite of self-service packages.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: We will provide you a copy of your data in our possession upon contract termination or expiration if you provide us a timely request. We will provide you a copy of all your data then in our possession, in a commercially reasonable format, at no additional charge. This will be done in accordance with the terms of the underlying agreement.; ; We will securely delete such data in accordance with our then-current data security, retention, and disposal policies.
• End-of-contract process: If at any time you decide to make a commercial decision to cease your use of Ellucian Cloud Software, you will be entitled to a copy of your Client Data at no additional charge – see Section 14.3 of the Ellucian Supplier Terms and Conditions.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The entire interface is accessed through a Web browser. ; ; Ellucian develops new modules with a ‘mobile first' strategy. This means that the responsive design is applied to automatically adapt the page layout to the size of the screen of the rendering device. The page layout is natively built and tested for small screens and can scale up on larger screens.; ; Functions are ‘point and click’ with use of graphics, promoting a visually appealing interface.
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: Yes
• What users can and can't do using the API: Quercus Live Link (XML) API is a RESTful API that allows developers to pull data from a Quercus database into dynamic websites and information portals using standard REST integration techniques. ; Live Link provides: ; • A consistent interface to all existing and future services ; • A standard model for returned data ; • Facility to query services for an individual student ; • Fast performance.; ; Quercus can also exchange data using Quercus Message Link. Quercus Message Link allows the retrieval and posting of event driven XML messages from Quercus using standard REST techniques, including:; • SOA-based, event-driven online integration platform for enterprise corporate systems (e.g. HR, Finance, CRM, VLE, etc).; • RESTful API for transactions/events.; • Message queues, bi-directional, receipting, error handling; • Students, Programmes/Courses, marks and standards, enrolment, and sponsorship and curriculum.; Quercus Message Link provides the ability to send, receive and delete messages in Quercus message queues. An optional two-stage acknowledgement process ensures messages that are received by the user are not deleted until a receipt acknowledgement is returned to Quercus. Quercus includes a Message Link Monitor to monitor inbound and outbound messages. It also allows users to configure the Message Link system.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Environments hosted by Amazon Web Services (AWS) are segregated to prevent customers from accessing resources not assigned to them.; ; Services which provide virtualised operational environments to customers ensure that customers are segregated via security management processes/controls at the network and hypervisor level.; ; Ellucian continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. Ellucian maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently. In addition, the capacity planning model supports the planning of future demands to acquire and implement additional resources based upon current resources and forecasted requirements.

Analytics

• Service usage metrics: Yes
• Metrics types: We can provide cloud application availability and uptime reports upon request
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: AWS adheres to independently validated privacy, data protection, security protections and control processes.; ; AWS is responsible for the security of the cloud; Ellucian is responsible for security in the cloud. AWS enables Ellucian to control their content (where it will be stored, how it will be secured in transit or at rest, how access to their AWS environment will be managed).; ; AWS offers key management options and dedicated hardware-based cryptographic key storage.; ; Data, including backups, is encrypted at rest using a combination of Amazon Web Services (AWS) Elastic Bock Store (EBS) and Simple Storage Service (S3) storage with AES-256 encryption.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Most screens have an option to create a .CSV file, and the embedded reporting capability has a file export capability.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Environments are logically segregated to prevent users and customers from accessing resources not assigned to them. Ellucian gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.; Ellucian enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wishes to use.; API calls can be encrypted with TLS/SSL to maintain confidentiality.

Availability and resilience

• Guaranteed availability: Please see SLA in the attached Ellucian Supplier Terms and Conditions document.
• Approach to resilience: AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: The Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximsing the effectiveness of the recovery and reconstitution efforts and minimising system outage time due to errors and omissions.; ; AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.; ; Ellucian is responsible for implementing contingency planning, training and testing for our systems hosted on AWS. AWS provides Ellucian with the capability to implement a robust continuity plan, including the utilisation of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
• Outage reporting: Notification of outages is provided in the form of e-mail alerts from Ellucian and a public dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: AWS IAM provides user access control to AWS services, APIs and specific resources. Other controls include time, originating IP address, SSL use, and whether users authenticated via MFA devices.; ; API calls to launch/terminate instances, change firewalls, and perform other functions are signed by customers’ Amazon Secret Access Key (either the root AWS Account’s Secret Access Key or the Secret Access key of a user created with AWS IAM).
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Less than 1 month
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Less than 1 month

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Schellman
• ISO/IEC 27001 accreditation date: 26/05/21
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • ISO 27001:2013
  • SOC 1 and SOC 2 Type II Audit and Report
  • Educause HECVAT Audit and Report

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Cloud security at AWS is the highest priority.; ; Ellucian benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations.; ; In addition to this, Ellucian maintains an Information Security Policy (ISP) and related standards that are based on the ISO 27001 framework and are defined, approved by management, published, and communicated to employees and relevant external parties.; ; Our Information Security Programme, and policy, ensures we continually improve Information Security controls, policies and practices and comply with applicable law, regulatory and industry requirements, and contractual obligations.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Changes to AWS services and features follow secure software development practices, including security risk reviews prior to launch. Developer access to production environments is via explicit access system requests, subject to review and authorisation.; ; Teams set bespoke change management standards per service, underpinned by standard AWS guidelines.; ; All production environment changes are reviewed, tested and approved. Stages include design, documentation, implementation (including rollback procedures), testing (non-production environment), peer to peer review (business impact/technical rigour/code), and final approval by the authorised party.; ; Emergency changes follow AWS incident response procedures. Exceptions to change management processes are documented and escalated to AWS management.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: AWS performs vulnerability scans on the operating system, web applications, and databases in their environment. ; ; Approved 3rd party vendors conduct external assessments. Identified vulnerabilities are monitored and evaluated. Countermeasures are designed and implemented to neutralise known/newly identified vulnerabilities.; ; Ellucian maintains a Threat and Incident Management Programme to respond to security incidents. We deploy network threat monitoring tools, rapid response technology, antivirus/antimalware and endpoint protection tools, network Security Groups, DDoS protection, and a Security Information and Event Management (SIEM) solution.; ; Patches are applied based on severity and their required planning and resolution timeframes in accordance with the Ellucian Vulnerability Management Standard.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: AWS deploys (pan-environmental) monitoring devices to collect information on unauthorised intrusion attempts, usage abuse, and network/application bandwidth usage.; ; Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set thresholds.; ; In addition to this, Ellucian maintains a Threat and Incident Management Programme to respond to security incidents within the cloud environment. It captures, indexes and correlates real-time data to identify potential threats and security events in the Ellucian environments.; ; In the unlikely event of a security breach, Ellucian’s Information Security Response Team assumes ownership of the security incident response. A team is assembled on a per-incident basis.
• Incident management type: Supplier-defined controls
• Incident management approach: AWS adopts a three-phased approach to manage incidents:; ; 1. Activation and Notification Phase; 2. Recovery Phase; 3. Reconstitution Phase.; ; AWS conducts incident response testing, providing excellent coverage for the discovery of defects and failure modes.; ; Ellucian employs an Information Technology Service Management (‘ITSM’) tool which provides service incident management, according to ITIL framework best practices.; ; Users can report incidents to the Action Line support service. The Action Line support desk is available 24/7 to respond to reported issues. ; ; The Ellucian Customer Centre provides a direct line to instant response and feedback pertaining to service requests.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  Ellucian is committed to improve our impact on the environment and increasing the efficiency of our services and operations. We acknowledge the impact our facilities, travel, data centres and suppliers have on the environment and are taking actionable steps to reduce any negative effects.; ; Toward this end, we have and will continue to establish initiatives aimed at reducing carbon emissions and waste throughout our operations.
• Covid-19 recovery:

  Covid-19 recovery

  During the COVID-19 pandemic, our commitment to employee health and safety was vital and we navigated important decisions about our workplace, such as office access and safety protocols. Measures to protect employees from COVID-19 infection in the workplace included but were not limited to closing offices worldwide in March 2020 and encouraging all employees to work from home. ; As we move into recovery, we are opening offices with a small number of employee volunteers. COVID-19 vaccinations are required of all employees and contractors working in our offices.
• Equal opportunity:

  Equal opportunity

  The Ellucian Environmental Social and Governance (ESG) Policy formalises our commitment to offering a safe, ethical, and inclusive workplace, supporting success for all students, making a positive impact in our communities, and reducing our environmental impact – all which have been a long part of Ellucian’s culture. ; ; We are committed to offering an ethical and inclusive workplace where everyone can thrive. We embrace our employees’ differences in age, disability, race, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other characteristics that make our employees unique.; ; We provide educational sessions and training that explore biases, their impact in the workplace and how we can influence behaviours to drive greater inclusivity. Our initiatives encourage and reinforce:; ; • Respectful communication and cooperation between all employees; • Teamwork and employee participation, permitting the representation of all groups and employee perspectives; • Work/life balance through flexible work schedules to accommodate employees’ varying needs; • Employer and employee contributions to the communities we serve to promote a greater understanding and respect for diversity.
• Wellbeing:

  Wellbeing

  Ellucian is committed to offering a safe and healthy workplace that supports the well-being of our diverse workforce. Our commitment is demonstrated through workplace policies designed with employee health and safety at the centre and a comprehensive benefits portfolio for employees, their children and spouses or domestic partners.; Our commitment to employee well-being also guides the benefits portfolio we offer to employees and their families. Ellucian offers a rich set of benefits supporting diverse employee needs including but not limited to parental leave at the birth or adoption of a child, access to on-demand mental health services, reimbursement for activities like gym memberships, and remote working support. These benefits are in addition to comprehensive medical, dental and vision benefits for employees, dependents, spouses, and domestic partners.

Pricing

• Price: £58,000 an instance a year
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at emearfp@ellucian.com. Tell them what format you need. It will help if you say what assistive technology you use.