Ernst & Young LLP (EY)

AI, Data & Analytics in Local Government

EY (in partnership with Xantura) provide analytics-driven insights and enable proactive intervention, improving outcomes. Our government accredited and proven solution (OneView) enables organisations to securely leverage increasing volumes of citizen data, automate case summaries (‘single view’), use predictive models to identify those ‘at risk’, and understand trends and demand drivers.

Features

• Secure data sharing across service teams, partners and third parties
• Robust Information Governance agreements; pseudonymisation of sensitive data
• Holistic ‘single view’ of an individual or household; household composition
• Analysis of structured and unstructured data; master data management
• Automated case summaries and citizen chronology, including risk factors
• Analysis of debt, housing, social care risk factors, demand drivers
• Interactive dashboards; visualise population-level data and risk score trends
• Automated safeguarding alerts to identify individuals ‘at risk’; prevent crisis
• Data and insights to support early intervention and prevention
• Data enrichment; natural language generation and artificial intelligence

Benefits

• Generate safeguarding alerts to support early intervention and prevention
• Increase frontline capacity through automation of data gathering and analysis
• Access powerful insights (Xantura); inform commissioning of services and resources
• Gain insight into user characteristics, demand drivers & risk factors
• Improve targeting of interventions to prevent crises and build resilience
• Improve outcomes: prevent homelessness and enable temporary accommodation ‘move on’
• Improve outcomes: reduce debt, increase income, and improve financial resilience
• Improve outcomes: prevent escalation to Adults and Children’s Social Care
• Build trust and enable joined-up working across services and partners
• Support prevention with applications in Health, Schools, Justice, Police settings

£100,000 to £500,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at EYTenders@uk.ey.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

936923011277158

Contact

EY Tenders
+44 (0) 20 7951 2000
EYTenders@uk.ey.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Hybrid cloud
• Service constraints: There are no constraints.
• System requirements:
  • Windows operating system
  • Java
  • Connection to Xantura Secure Cloud via VPN or PSN

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Target response time to queries or requests for support is 60 minutes, depending on the nature and priority.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The support is generally available during the standard working day and is chargeable. Special arrangements can be accommodated and are also chargeable.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We take an iterative, four-phased approach to co-designing, developing and deploying OneView, working with the organisation to plan the implementation and ensure they achieve the desired outcomes. We agree the problem we are trying to solve, collaboratively design a Proof of Concept, collaboratively design OneView tools, deploy OneView tools. During mobilisation, we develop a tailored project plan that comprises of all security and Information Governance considerations / requirements, liaisons with IT and data extractors, stakeholder engagement, and planning and training. ; From a testing perspective, Xantura undertake testing before the launch of OneView tools and we collaboratively complete additional detailed testing with end users (typically a group of superusers) following the build of OneView tools, to enable refinement if required prior to wider launch. This includes testing to validate data, identify and resolve potential issues, review functionality and usability, customise Natural Language Generation outputs to suit organisational and user requirements, and identify potential enhancements desired, for example to predictive risk models. ; We also work with the organisation to identify and confirm the end users of the OneView tools. We develop comprehensive communications and training plans, using a combination of ‘live’ training and supporting materials (including user guides).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users can extract data on a periodic basis from platform. This approach can support both local BI analytics as well as supporting contract-end.
• End-of-contract process: The following services are included in the contract: Data is deleted from the platform and user access is revoked. Final data extracts are produced and supplied to clients as CSV files.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Master Data Management services are accessible through a secure web portal, Fusion Data Exchange. End user services are also accessible through a secure web portal, OneView.
• Accessibility standards: None or don’t know
• Description of accessibility: Accessibility requirements are considered as part of User Interface design activities. Please contact us for more details.
• Accessibility testing: Narrator functionality in Microsoft Edge. Please contact us to discuss further.
• API: Yes
• What users can and can't do using the API: Please contact us for more information.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Prior to the build of OneView tools for the organisation, we collaboratively co-design the desired functionality to customise the tools for the organisation and their users. Users can define data flows into the system. Users can create data visualisations. Users can manage data quality, data correction. Users can create their own predictive risk models.

Scaling

• Independence of resources: The underlying technology platform is fully virtualised and with full redundancy designed / built in. All components of the software and underlying servers can be scaled independently - with one to one mapping between resources and clients where needed. Forward planning of client demand supports the integration of new hardware into the platform.

Analytics

• Service usage metrics: Yes
• Metrics types: Data processing overview including reports on files processed, rejected, data quality metrics. We also provide risk model performance metrics. We can provide service usage metrics, broken down by data sharing protocols.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: CSV files or access through secure web services.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 97.5% Target Service Availability.
• Approach to resilience: The underlying technology platform is fully virtualised and with full redundancy designed / built in. All components of the software and underlying servers can be scaled independently - with one to one mapping between resources and clients where needed. Forward planning of client demand supports the integration of new hardware into the platform. Hybrid cloud configuration also facilitates the migration of services between secure public and private cloud infrastructure as needed.
• Outage reporting: Outages could be reported via email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: 2 level authentication based on Role Based Access Control/Data Sharing Protocols and customisable to buyer requirement.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 28/03/023
• What the ISO/IEC 27001 doesn’t cover: Covers ISMS that covers systems, assets and processes related to all client data that is stored, processed and transferred to EY.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: ISO27001 and ISO9001 PSN accredited (by arrangement).

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration and change management processes available on request.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Servers are patched fully automatically, where appropriate, and patches are applied within one month of release. SIEM software performs monthly internal vulnerability scans across all systems.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: SIEM system (AlienVault) performs constant monitoring and alerting Response to compromise would depend on the nature of the issue, but would typically involve immediate network isolation of affected systems, followed by investigation and remediation or recovery – where appropriate.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Yes, there are pre-defined processes for common events. Users report incidents through the Ticketing system with appropriate alert or reach out to the client manager depending on severity. Incident reports can be made available according to client requirement; target Incident Management Response time is 60 minutes, depending on the nature and priority.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Public Services Network (PSN) by arrangement

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  EY is committed to fighting climate change. Our ethos is to go beyond ‘just working sustainably’ – we continuously work with governments and businesses towards a more sustainable future. We are part of the United Nations Global Compact (UNGC) and our environmental strategy is aligned with the UNGC environmental principles. We will implement the following for G-Cloud 14: ; · Carbon neutral projects: We pledge to deliver each G-Cloud 14 project as carbon neutral. To do this, we will use our engagement carbon calculator tool. This enables us to monitor and reduce different impacts, e.g. travel emissions. The data from the tool also supports employee training and awareness raising on sustainable behaviours. ; · Reducing our carbon footprint: In January 2020, EY announced a global commitment to become carbon neutral. We achieved this in December 2020. We became carbon negative in 2021 and we are forecast to reach net zero in FY25. We are reducing emissions and offsetting or removing more than the remaining amount annually. We are forecast to reduce emissions by 40% by FY25, against a FY19 baseline, consistent with our 1.5°C Science Based Target. ; · Purchasing renewable energy: We confirm all work delivered for G-Cloud 14 from an EY office will be powered by 100% renewable energy. We have purchased zero-carbon electricity since 2009 and reduced global consumption by 5.5%. In December 2020, we signed a 10-year power purchase agreement with Lightsource to provide us with solar energy. ; · Sustainability volunteering: In proportion to the length and size of each framework contract, we will allocate staff volunteering days to support local environmental projects. These could include litter picking and general upkeep of nature reserves and Sites of Special Scientific Interest and free advisory sessions for small community organisations caring for the environment.

  Covid-19 recovery

  EY is committed to helping our people and communities to recover from the impact of COVID-19. In response to the pandemic, we moved to a remote working model for over 17,000 UK-based staff, increased special leave and provided meaningful mental health support. ; People in the 18-24 age group were disproportionately affected by COVID-19 and EY has worked with an independent charity, the EY Foundation (EYF), to improve opportunities for this group. In response to travel restrictions all EYF activities were converted to a virtual platform. In 2023, EYF supported over 2,500 young people. ; Examples of existing EYF programmes to support COVID-19 recovery are shown below. We will extend these programmes for contracts awarded to us via G-Cloud 14 in proportion to the scale and scope of each contract. ; · Smart Futures: A 10-month programme for young people eligible for free school meals or a college bursary. The programme develops employability skills and offers a paid, two week work experience placement. Students achieve a Chartered Management Institute (CMI) Level 2 Qualification and receive 10 months of mentoring support. ; · Our Future: A six month programme for young people, qualifying for free school meals, who face barriers entering the labour market. Students develop transferable skills, receive paid work experience, gain a CMI Level 2 adult qualification and six months mentoring support. The students also take part in an ‘Entrepreneurship Day’, for example, they have designed mobile apps looking at solving social issues such as ‘tackling isolation and loneliness in the ; community’. ; · Support via the Neuro-Diverse Centre of Excellence (NCoE). Through EY’s UK NCoE and our external ecosystem of organisations, we are supporting a team of neurodivergent staff with additional adjustments, above and beyond our existing support, to promote ; psychological safety in the office and whilst working at home.

  Tackling economic inequality

  Through our work with EYF, we have developed an in-depth understanding of the challenges experienced by those who face barriers to employment and training and/or who are in deprived areas. We are already providing new learning and employment opportunities to these populations via EYF programmes; we will extend these to G-Cloud 14 contracts in proportion with the scale and scope of each contract. Examples of these are: ; · EY Ripples is our global Corporate Responsibility programme that helps our people use their skills, knowledge and experience to positively impact the lives of 1 billion people by 2030. The focus areas of Ripples are to 'accelerate environmental sustainability', 'support the next generation workforce' and 'work with impact entrepreneurs’. Our staff currently get two days a year each to provide skilled volunteering on EY Ripples activities. ; · EY Ripples also provides support to small businesses. For example, our Digital Boost programme matches a small business with an IT mentor who guides them to adopt new technology. ; · EY Accelerate helps social enterprises to grow and thrive, increasing their impact on local economies and creating social change. It provides in-depth business support and mentoring, with access to skills and training from business coaches, workshops, networking opportunities and 35 hours of pro-bono support. ; · Employability Workshops provide Year 10/11 students the opportunity to build knowledge of careers and develop soft skills within a business environment. Each workshop introduces 25- ; 35 young people to a range of careers, employability skills training, and employer connections. ; · Driving recruitment and employment via the NCoE. The Neurodivergent community can be underrepresented in the workforce, with only 29% of autistic adults in employment according ; to the ONS. We are advising clients on new strategies to retain neurodiverse talent.

  Equal opportunity

  EY is committed to creating a diverse and inclusive working environment in which all people have equal and equitable opportunities to succeed. We continually collect, analyse and review diversity monitoring data (diversity characteristics, not limited to the protected ones in the Equality Act) across the employee lifecycle, to create initiatives and understand which ones are working. As a firm, in support of equal opportunities, we: ; · Voluntarily exceed statutory reporting obligations. Our annual UK&I Pay Gap Report has reported on gender, ethnicity, sexual orientation and disability pay gaps since 2017. ; · Use skills-based recruitment for graduates to eliminate minimum degree/A-Level requirements thus remove barriers to entry. ; · Run award-winning sponsorship programmes to build our leadership pipeline, helping our women and ethnic minority population progress. ; · Offer Inclusion & Belonging learning/training to develop staff skills to establish inclusive, open, and safe environments. ; For contracts awarded under G-Cloud 14 we will: ; · Provide equal access to project opportunities, using technology to ‘blindly’ match individuals to roles based solely on skills, experience, and availability. ; · Use the National Equality Standards (NES), which EY helped to create, a set of standards by which businesses can measure their equality and diversity policies and performance. The NES provides a list of standards and competencies which organisations can follow and embed to promote diversity and act as standard bearers for a more inclusive working world. ; · Use our NCoE to ramp up recruitment of people who identify with cognitive differences and who may have had challenges gaining employment. The NCoE environment provides additional adjustments for those with cognitive differences such as autism, ADHD, Dyslexia, and others and fuels technology innovation through creative diverse thinking.

  Wellbeing

  EY is committed to enabling our staff to be healthy. We have a long-established programme called HealthEY, which looks to understand and provide practical support for employees’ mental, physical, financial and social wellbeing. Our offering is comprehensive and aspects such as our domestic abuse support, health knowledge programme and financial wellness offerings are considered market leading. We support wellbeing for our people, clients, and communities in the following ways, and we will extend these initiatives to any G-Cloud 14 contracts that we are awarded as appropriate: ; · Health knowledge and prevention: Enhancing understanding so staff can be at their best, for example: a monthly webinar programme, eLibrary, newsletters and WellPoint kiosks (to regularly help staff self-assess their own health metrics). Staff also get an annual wellbeing allowance, as part of their reward package, which can be spent on health and wellbeing interventions, e.g. gym memberships. ; · Health sessions: We run regular exercise and yoga sessions for staff, along with regular webinars on subjects such as mental health, work/life balance and childcare. ; · Mental health support: Our approach called ‘Thinking Differently’ aims to educate and build awareness of mental health and wellness, including stories/videos, a specific psychological care pathway (plus psychiatric fast track treatment through Aviva), mental health first aid, employee counselling, and Mental Health Network. ; · Supporting neuro-diverse requirements: Though the NCoE, we are creating psychologically safe working environments for existing employees, new recruits, clients, and where possible, our local communities. For example, we have introduced an adapted four step recruitment process culminating in a four day ‘superweek’ work simulation which provides the opportunity to experience a working day and EY culture. This allows us to understand candidates’ needs and inform on adjustments that we may need to make to help them thrive at EY.

Pricing

• Price: £100,000 to £500,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at EYTenders@uk.ey.com. Tell them what format you need. It will help if you say what assistive technology you use.