Arbor MAT Management Information System for Multi Academy Trusts
Arbor's MIS (Management Information System) is the hassle-free way for schools to get work done. Arbor brings all your MAT (Multi-Academy Trust) schools onto one system and makes daily admin more powerful and less stressful - so staff at every level can focus where it matters most.
Features
- Group-wide live performance and BI dashboards out of the box
- Centralised workflow for HR and Education administration
- Powerful custom reporting to support bespoke analysis
- All the power of Arbor MIS from the classroom up
- A live companion product for your schools' Arbor MIS
- Deeper licensing discounts for larger groups of schools
- Export data to different formats or live-link to Microsoft/Google programs
- Meet statutory requirements and monitor them across your schools
- Push down frameworks and policies for your schools to use
- Make custom reports and graphs from your datasets
Benefits
- Track attendance, behaviour, and progress in a single, integrated platform
- View and act on school performance from your central team
- Ensure quality assurance across your schools with live dashboards
- Uncover and understand trends by digging deeper into data
- Support your growth with consistent workflows and bespoke reporting
- Reduce school level admin burdens by remotely accessing their MIS
- Communicate better with central comms tools and aligned systems
- Uncover and understand trends by digging deeper into data
- Integrate with key Trust systems like PowerBI, budgeting, and FusionHR.
Pricing
£1,500 to £15,000 a licence a year
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
9 2 0 5 0 2 1 7 9 2 6 7 3 8 3
Contact
Arbor Education Partners Ltd.
Phillippa De'Ath
Telephone: 0208 050 1028
Email: bids@arbor-education.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- We recommend users work in the Chrome or Microsoft Edge browsers, with a minimum internet bandwidth of 2MB, but there are no known hardware constraints.
- System requirements
-
- Recommended browser: Chrome or Microsoft Edge
- Recommended internet bandwidth: 2MB
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
We aim to respond to users as quickly as possible when queries come in. Our email and phone lines are staffed 8-5, Monday-Friday by a team of experienced analysts.
Our Service Level Agreement (the maximum time we would ever expect to take) for responding to urgent queries is 1 working hour, rising to 24 for low priority queries. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 A
- Web chat accessibility testing
- We have a dedicated engineering team that works specifically on front-end user experience and managing our accessibility of Arbor for our users, including the support areas of the site. They have tested a number of assistive technologies with the site over the past year of development such as keyboard controls and colourblind browser settings.
- Onsite support
- Onsite support
- Support levels
-
More complex group deployments are appointed a Programme Manager to work with senior stakeholders on strategic planning, training delivery and integrations with third parties. This service begins at £2,500.
All schools have access to our onboarding team who will support their migration, training and needs at key points through their first term. The onboarding team will run kick-off calls, provide instructions, and check in on your migration progress, in addition to the usual email and phone support. Secondary schools will have specialised support to help them with setup and practice migrations. After your MIS is fully embedded in a school, the onboarding team will hand them over to their Account Manager who will look after them for the rest of their time with Arbor.
Further in person training can be provided for up to £650 per day. Further training and options are outlined in our Pricing document. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
When schools sign up to Arbor, they’ll be scheduled to meet their onboarding team via web conference to plan their data migration, training and implementation. Data migration instructions will be sent to the school depending on their current MIS, usually on a Friday afternoon following final registration. Pre-Launch webinar training will be provided.
Thereafter, for the first term we will check in with you regularly to understand the project status, implementation and answer any questions. Further Post-Launch training is usually provided once users have got going, for more detailed system areas such as custom report building, progress tracking or Trust-wide administration for MATs.
You will have access to our online learning as soon as you sign, and when any user logs in for the first time the system intelligently gives them a tour of the site and the key features they'll need. All help documentation can be accessed online via the application, and is also searchable without logging in to Arbor. Documentation includes videos, product gifs and written instructions. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Searchable Help Centre website
- Video introductions & guides
- Live webinars with a library of prior webinars
- In-app walkthroughs and information
- End-of-contract data extraction
-
Data processed in Arbor will always be owned by the school. Data can be removed from Arbor in the following ways:
• Through an Arbor Standard Migration Export, which exports all essential data from your Arbor backup in .csv format.
• As reports using the Custom Report Writer which can then be exported in Excel, CSV, PDF, Word or XML.
• As Common Transfer Files (CTFs) containing all basic student data.
• As downloaded files that match their upload format e.g. pictures added to profiles, PDFs added to medical records.
• Using Arbor’s full open RESTful API, all fields in Arbor can be exported to another MIS or similar application - full detail of the Arbor API can be found at https://developers.arbor-education.com. - End-of-contract process
-
The Arbor standard license agreement covers support, hosting, upgrades, maintenance, and software license for the selected tier of MIS. It is a rolling 12 month contract.
Should the institution wish to fully terminate their service after the Initial Licence Period for that service, including the deletion of all historic data processed by the service, free or otherwise, it must give 30 days’ notice in writing to Arbor’s registered address that complete deletion of data is required. There will then be a 60 day countdown period during which time the institution can extract their data, before the MIS is switched off.
Access to an Arbor site will cease on the contract end date. After the contract end date we are no longer the appointed Data Processor, and in line with the General Data Protection Regulation (EU) 2016/679, the data will be permanently deleted after 30 days.
If the institution have not extracted their data after the contract end date, they can request access to export their data for a further 48 hours. This is possible up to 30 days after the end date, after which time data is permanently deleted. There is an administration fee of £500 (+VAT) for this extension.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
-
The Arbor Parent App allows parents to access their Parent Portal on Android or iOS, so they can make payments, receive push notifications from the school, arrange clubs, trips and parents evenings, update their children's data, and more. The Arbor Student App likewise allows them to access their Student Portal online, with their timetable, assignments, and daily info.
The MIS user interface is also reactive meaning it can be accessed through the browser of a phone or tablet as you would do on a computer. This allows e.g. teachers to view class information and seating plans to take the register. - Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
Our user interface is clear and accessible, with colour coding and all displays carefully considered to ensure a consistent user experience across the site. Graphs, callouts, and slideovers break up the screen to introduce significant information in engaging ways, according to a standard set of design guidelines.
By creating a consistent and attractive user experience, we can guarantee the meaning of each component is clear and memorable. Experienced users can guess how to find and use data on any page, even if they have not been to that particular area of the site before. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- Arbor is used by over 650 special and alternative provision schools across the country, and by students, parents, and staff experiencing a range of special needs and disabilities. We regularly collect feedback from all users, including schools and users with additional needs. Accordingly, our interface is customisable through browser-based accessibility controls. We recommend Google Chrome for the best range of accessibility controls and plugins, such as their high contrast, colourblind, and greyscale modes.
- API
- Yes
- What users can and can't do using the API
-
Arbor's full REST and GraphQL APIs allow you to integrate your app and reach our entire network of schools with your product or service. Integrating with Arbor is completely free, and we provide full developer documentation and Software Developer Kits to help you get started. Once we’ve vetted an app, they can become an Arbor approved partner. We can migrate app data from a previous MIS to sync with Arbor, maintaining historic data records.
The Developer Portal is the first place to find answers to technical queries relating to Arbor’s open, REST and GraphQL APIs. We also partner with Wonde, Groupcall and Zinet to maintain a simpler interface to the API to allow app developers to read and write to the Arbor database.
There are no operating system or database constraints, but Arbor reserves the right to rescind access by third parties if the API is misused. Access to the API is granted by school administrators only; no third party will be able to access a school's Arbor-stored data unless we have been given the explicit, written consent of the data controller in that school. - API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
-
Arbor is a highly customisable system which will be set up to match school priorities. During implementation, we will work with you on each of our customisable features to make sure their languages and processes work best for you and your goals. Schools using our Core MIS will also be able to have any modules from our higher value packages in their system for a set fee, allowing them to mix and match the right MIS for them.
Workflows: customisable for behaviour, progress tracking and intervention management
Curriculum: any curriculum can be imported and tracked against
Assessment frameworks: can be set up in limitless ways
Custom Report builder: any data fields can be pulled into custom reports that can be read within the application or exported to Excel, Word, Google Docs, XML or Excel/GDoc live feed.
Users can customise based on role: usually school administrators will set up and push out workflows or assessment features to their own schools.
Scaling
- Independence of resources
-
1. Architecture is housed in a private firewalled network, within which we operate a strict single-tenanted database model.
2. Dynamically-sized worker pool
Amazon EC2 instance optimised for high memory and data storage.
3. Massively Parallel Analytics Engine
The dynamic worker pool is combined with a job server to allow large, complex querying of datasets, with results returned in real-time.
4. Dynamically-sized web instance pool
Amazon instance optimised for high CPU power analytics.
5.Elastic load balancer
Uses Amazon’s Elastic Load Balancer to reroute traffic across multiple instances.
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Feature usage:
- Monitored by Arbor support analysts to evaluate training needs.
- Monitored by Product Managers to identify feature adoption issues and to improve usability.
Guardian usage:
- Adoption metrics are available to Arbor school administrators to identify engaged parents and to automate follow ups to those who have not used the system.
Staff usage:
- The 'Users and Security' feature shows MIS login history in the past thirty days, the last login date of each user, and the access permissions users have.
- Each staff page has a 'System Engagement' section that shows their individual service usage. - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with another standard
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Data importing and exporting
- Data export approach
-
Data can be exported from Arbor as:
• CTF (common transfer files)
• XML (e.g. for Census)
• Excel
• Word
• .csv
• via the API
• via secure Live Feed (e.g. to Microsoft PowerBI
• as pre-built extracts (e.g. for London Grid for Learning)
All of our features have suggested exports designed around their function; for example, a student's full record can be downloaded as a PDF from a single button on their profile page. - Data export formats
-
- CSV
- Other
- Other data export formats
-
- Excel
- CTF
- ATF
- Read from the Arbor API
- Word
- XML
- Data import formats
-
- CSV
- Other
- Other data import formats
-
- CTF
- ATF
- Excel
- XML
- Write back to the Arbor API
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
-
We will use our reasonable endeavours to maximise uptime, and ensure that the System is available least 99% of the time during each year, excluding (i) any of our or our subcontractors' maintenance downtime, (ii) a failure between the Institution's computer(s) and the internet; (iii) factors outside of our reasonable control; (iv) the Institution's action or inaction, or any action or inaction of the Users or the Institution's other suppliers.
Service credits are provided if this level is not met, with full details in our terms and conditions. - Approach to resilience
-
Our datacentre, hosted by Amazon Web Services in London, is resilient and certified ISO 27001, ISO 27017 and ISO 27018 compliant.
Architecture is housed in a private firewalled network to reduce external access and increase security. Instances are recycled daily to reduce the risk of data being compromised; servers are patched continuously to reduce security vulnerabilities.
Further information is available on request. - Outage reporting
- By email alerts to Arbor users, or our online status page.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Username or password
- Access restrictions in management interfaces and support channels
-
System Access: Access is granted to various business systems based on defined Access Control Policy. We conduct regular Access Control reviews. We maintain a test/demo system that minimises the need for support access to production systems.
Server Access: We adopt a Development and Cryptographic Policy which restricts server access to production servers only to DevOps engineers, using SSH keys managed via an LDAP server which are additionally password protected. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS International
- ISO/IEC 27001 accreditation date
- 24/03/2021
- What the ISO/IEC 27001 doesn’t cover
- The certification covers all Arbor services and locations. Accreditation was first gained in 2017 via LRQA - it is renewed annually.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- Yes
- Any other security certifications
-
- IASME & Cyber Essentials
- DfE Cloud Suppliers Checklist
- Annual penetration tests
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
-
• IASME & Cyber Essentials certification
• DfE Cloud Suppliers Checklist - Information security policies and processes
-
Arbor protects the data we store with a comprehensive Information Security Management System, audited annually for our ISO27001 certification. This system is governed by an Information Security Management Committee consisting of senior management across various business areas.
Arbor senior management actively supports information security within the organisation through clear direction, demonstrated commitment, and acknowledgment of information security responsibilities. The committee is ultimately responsible for:
•Reviewing and approving information security policy and objectives
•Providing clear direction and visible management support for security initiatives
•Providing the resources needed for information security
•Initiating programmes to maintain information security awareness
•Adopting a best-practice approach to information risk management and ensuring implementation of appropriate information security controls
•Promoting the regular review and continual improvement of information security
Physical security is maintained by formal inspections, risk assessments, and access control at every Arbor office. Access to Arbor locations is restricted with secure keys, CCTV, 24/7 security personnel and secure perimeter doors.
Data security is maintained by our staff’s awareness training, personal vigilance, and a number of digital safeguards including regular password changes and two-factor authentication. Data is stored centrally rather than on any one device, making it easy to give and revoke permissions to different users.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All systems are configured using SaltStack. No changes are ever made to live server configurations (we operate with immutable servers). Salt allows us to define the end state of the system declaratively in salt state files which are version controlled. This means that any changes to the configuration of servers leave an audit trail. It also means that all configuration can be tested in our staging environment and repeated deterministically. All changes are assessed by the Head of Technical Security Operations before being approved.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
Assessing: We run a monthly Security Committee to assess potential threats to our services. In addition, there is a quarterly Management Information Security Review to ensure effectiveness of the information security management system. A dedicated DevOps team subscribes to relevant security briefings and assesses the risk on a daily basis. We commission external penetration tests at least once per year.
Patching: All systems are configured to download and install security updates nightly, and the installed updates are checked via a centralized log. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Monitoring: All changes to any data records are kept in an Audit Log. All errors are logged to a centralized error reporting system and investigated by relevant engineering teams. All user activity, page requests, system and server logs are aggregated in a centralized log. All services are continually monitored into a centralized system.
Identification: Automatic alerts are sent to DevOps/engineers whenever breaches/errors are identified.
Response: Incidents are assessed and classified. Serious incidents are reported to the CTO and our Incident Response Policy is followed to completion (48 hours). Minor incidents are resolved by individual teams (14 days). - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
The security incident response plan aligns with the SANS Identification step and is about making use of a robust detection and reporting capability. Early visibility of incidents facilitates quick decision making and rapid action. Potential security incidents can be detected and reported from a number of different sources, such as:
Arbor employees.
Arbor customers.
Arbor business partners.
Other external sources such as Law Enforcement Agencies.
System logs.
For non-system reporting our support line can be contacted to report a perceived security event or security weakness.
Security related incidents are centrally recorded using an Incident Log.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Fighting climate change
We have always had a robust recycling programme, our servers are on track for 100% renewable energy by 2025, and the majority of our employees are either fully remote or hybrid workers which reduces travel emissions. Over the last year in particular:
• We have conducted a full carbon survey with Carbon Footprint Ltd. across Arbor and The Key to calculate our emissions over a year
• We have partnered with a UN backed organisation in India, working on developing renewable energy power to offset our emissions
• We’ve moved our largest office to one where electricity and heat is generated onsite
• The Key has now become officially carbon neutral for Scope 1 and Scope 2 emissions as a result of this work (Scope 1 being direct emissions like travel, and Scope 2 being indirect emissions like office energy usage)
• We will now be starting work on calculating and formulating a plan to reduce our emissions further, including Scope 3 emissions. These are emissions that are not produced by the company itself and relate to our supply chain such as AWS.
• We have introduced a Sustainable Procurement Policy focussed on ethical and environmentally friendly sourcing of goods and services.Covid-19 recovery
For schools, Arbor was a key tool during the pandemic helping them to move to remote working, and we involved schools in the design of a Covid dashboard to help manage the pandemic and report to the DfE. Arbor still includes testing records, as well as tools for tracking the deprivation and gaps in progress that may have been caused by the pandemic.
Within the company, hybrid flexible working has been implemented permanently. 10% of employees are fully remote and 81% of employees commute to the office 2 days per week or less. This allows the vulnerable to continue shielding, increases leisure time and wellbeing of employees and opens up employment for those in deprived areas.Tackling economic inequality
We regularly hire staff across the country as we grow each year, and all of our staff are paid above the national living wage. We clearly communicate company progress and any benefits or professional development staff may be entitled to. When possible, hiring has been designed to focus on core competencies rather than educational background, to ensure that quality candidates from disadvantaged backgrounds are not excluded.
For roles that do require qualifications, our management structure provides a constructive appraisal process and a training budget for every staff member to improve in their existing job or switch to another role. Each employee spends an average of 3-10 days on skills development and training per year. (public speaking, bid management, engineering) many resulting in recognised qualifications. We have also run internship and work experience programs for young people to see what it's like to work in an edtech company.
We collaborate with the volunteering sector by providing all employees with a paid volunteering day each year. This means staff can give their time to efforts as varied as hiking for Marie Curie, supporting Lincoln Food Bank, and performing a concert for humanitarian aid. The company encourages and provides additional funding for group events to make a bigger impact.Equal opportunity
Arbor is proud of its majority-female management team, but know we can always do more to improve access. We have launched a number of initiatives internally as well as partnerships externally with charities, groups and individuals aimed at increasing access to underrepresented communities and educating ourselves internally. Our talent team have been active in partnering with organisations providing more visibility to underrepresented communities, reviewed the wording in our job adverts to be more inclusive, continued our programme of internal training including unconscious bias and where possible ensured a mixed interview panel that represents the broader community we serve. We survey our staff each year to ensure we are making positive progress:
Gender Identity- Our results are broadly similar to last year in terms of % but with the significant increase in headcount this has resulted in a broadly even distribution of gender identity when adding to our teams. We have seen an increase in the number of women in our tech teams which has been a key target.
Ethnicity– This is the area in which we've made our biggest strides having increased the representation of our BAME employees by 15%
Age– Our age distribution is a little more evenly spread than last year. For example, we've increased the proportion of people above the age of 45.
Sexual Orientation– Another area of success has seen the increase in numbers of our LGBTQ+ colleagues, more than doubling last year’s figure.
Disability– Again an increase in those feeling comfortable disclosing disabilities. There is still more work to be done to increase awareness of some disabilities but this is a positive trend that we will continue to invest in.Wellbeing
We have a dedicated Wellbeing Manager who focusses on the benefits available to staff and the overall wellbeing of the team. All job roles at Arbor have flexible working options so that staff can fit work around their life, and we provide ergonomic work from home setups for remote staff. We provide additional time off over school holidays as well as team building events, healthy food in the offices, and office managers to ensure staff needs are met. There is an Employee Assistance Programme through which employees can access wellness tools as well as 6 weeks of free counselling.
Pricing
- Price
- £1,500 to £15,000 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- We offer free usage for schools with existing MIS licences who need to move before their current licence expires, to ensure that they don't pay for two systems at once. This is referred to in their contract as a free prep period and covers the Arbor Core package.
- Link to free trial
- https://login.arbor.sc/