Huume Ltd

Huume homeless, register and allocate

Huume, a modern cloud solution for managing Homeless, Social Housing and related services, integrates into your systems Supports Homeless Reduction Act, H-CLIC and creating personalised housing plans. Flexible housing register and allocations approaches (Choice Based Lettings) Management dashboards and powerful reporting. Mobile responsive websites allows self-service on modern devices

Features

• Integrated Housing Register, Allocations and Homeless Housing Needs solution
• Comprehensive case management functionality
• Configure the system as needed without additional cost
• Public portal for customer to manage their account
• Customisable and quick to build Personal Housing Plans (PHP)
• Case and team dashboards for easy management across all modules
• Flexible and personalised communications centre
• Homeless Reduction Act compatible with quick and easy H-CLIC reporting
• Standard reports and ad-hoc report builder
• Email, telephone and online support portal

Benefits

• Flexible approach to housing register and property allocation including CBL
• Value for money, simple pricing, no large up-front costs
• Free upgrades included in the subscription
• Self-configurable to match your needs, processes and policies
• Accurate collection and validation of data for H-CLIC
• Communicate with your customers in they way they want
• Easy access to your data to facilitate decision making
• Intuitive, guided and easy to learn reduces staff training effort
• Compatible with popular browsers and phones\tablets
• Built and supported by a 15 year+ experienced team

£10,000 to £31,500 a licence a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@huume.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

943096293962797

Contact

Customer Service team
0118 336 1005
contact@huume.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: An internet connection and a modern, standards-compliant web browser (Google Chrome, Microsoft Edge, Mozilla Firefox, iOS 11+ with mobile safari, Google Chrome (mobile)) are required.
• System requirements:
  • Modern, standards-compliant web browser (Chrome, Edge, Firefox, iOS mobile safari)
  • Internet access
  • Some functionality may require Microsoft Office or compatible software

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our help desk team is available via phone or email, Monday to Friday 09:00 to 17:00, excluding English bank and public holidays. ; ; We aim to acknowledge all support queries within 1 working day, they are then dealt with according to the support levels listed below.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Business critical impact - 2 working hours investigation - 1 working day fix; Major operational impact - 2 working hours investigation - 2 working days fix; Minor operational impact – 2 working days investigation - 25 working days fix; No operational impact – 5 working days investigation - To be mutually agreed
• Support available to third parties: No

Onboarding and offboarding

• Getting started: A fully working standard system will be delivered, which can then be used to start managing cases, including adding existing cases. Super users will have the ability to add other users to the system, and also to configure the system further by adding additional fields or changing the workflow processes.; ; Training materials will be provided which cover the standard functionality and workflow processes, and also how to configure the system.; ; We will setup a personalised programme of health check calls with our experienced staff to help ensure that your system is working as you require.; ; On site training is available at an extra cost (see pricing document) and we generally recommend the train the trainer approach.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data can easily be extracted using the standard flexible reporting solution. If this is not sufficient, then we are happy to discuss alternative solutions and will work with you to ensure the data is available for testing prior to the termination of your contract.
• End-of-contract process: The product is provided on a rolling annual basis, but 90 days notice can be given to terminate the contract at the next renewal date. As mentioned above we will work with you to facilitate extraction of any data. As this can be a complicated process with multiple parties involved we would suggest these discussions start before any notice to terminate is given.; ; At the termination date, the service will no longer be available to any users (including any applicants/tenants), and data will be permanently (and irreversibly) removed within 10 working days.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The product uses mobile responsive technologies to automatically adapt to the device screen size. The majority of the functionality is available on all screen sizes though with a different layout, though some more complicated areas of the system (e.g. building a new report) may be more suitable to tablet and larger devices.
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: There are two web-based interfaces to the product:; 1. huume admin portal - this is used by members of staff to manage the cases and workload, configure the system and perform reporting.; 2. huume customer portal - this is used by members of the public to apply to join the housing register, review their Personal Housing Plan, search for available properties and make bids
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Internal testing using industry standard tools
• API: Yes
• What users can and can't do using the API: Standard APIs will be available to use, further details are available on request.; ; Custom APIs or integrations can be developed if required. The first step is a scoping exercise to determine the requirements and estimated cost. This will often involve multiple parties. See our pricing document for details of any costs.; ; Our integration module is flexible and supports many different databases (including unstructured/nosql), file formats and web requests.
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: The product is highly customisable by authorised end users rather than requiring our involvement. However, we are available to assist with customisations which may be free of charge via our support team or may incur consultancy costs depending on the scale. ; ; Areas of the system that can be customised by end users:; - Form fields – changing labels, help text, adding new fields and hiding fields not required; - Workflow – adding help guidance, changing labels, adding new steps and hiding steps not required, generating letters , adding and completing actions, setting target dates; - Contact templates (used for sending emails, letters or online messages) – complete customisation of text including merging data fields, and headers/footers; - Actions (used during workflow to record actions taken or required, and for the personalised housing plans) – customisation of contents, default target dates, responsible users; - Roles – controlling access to parts of the system; ; Note: Some form fields or workflow steps cannot be changed or can only be partially changed due being a key part of our standard workflow processes or statutory reporting requirements. However we aim to make our forms as customisable as possible.

Scaling

• Independence of resources: The product has been architected to use the latest true cloud (Platform-as-a-service) technologies meaning that it can scale automatically as demand increases or decreases. ; ; The product is granular which means that we can scale just the parts that are being used, resulting in reduced costs which we pass onto our customers through our low annual prices.; ; The product is built on the industry standard and market leading cloud platform : Microsoft Azure.; ; The product is constantly monitored to ensure the correct resources are being used, and to predict near-future requirements so that resources are in place before they are needed.

Analytics

• Service usage metrics: Yes
• Metrics types: Analytics for usage of the public-facing portal (for tenants and applicants) is provided, and can easily be queried by authorised end users.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Data can easily be extracted using the standard flexible reporting solution into Comma-Separated Values (CSV) text or Microsoft Excel-compatible documents.; ; If this is not sufficient, then we are happy to discuss alternative solutions and will work with you to ensure you can access your data
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Excel (.xslx)
  • JSON
  • XML
  • HTTP-based requests
  • Other delimited text files
• Data import formats:
  • CSV
  • Other
• Other data import formats:
  • Microsoft Excel (.xslx)
  • JSON
  • XML
  • HTTP-based requests
  • Other delimited text files

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Utilising Microsoft Azure’s scalability infrastructure and deployment slots will ensure that, although your huume system is updated on a regular basis, it has a high level of availability. ; ; Our uptime SLA is 99.5%, though we aim to ensure it is much higher than this.
• Approach to resilience: Utilising Microsoft Azure’s scalability and resilience infrastructure, your huume system is architected to be resilient to hardware failures. Multiple SQL servers and web servers are used to ensure that if there is a failure in one, then there are other devices that can take over the load.; ; Data is replicated to another data centre within the same Azure region so that if there is a failure within one Azure data centre then the service will failover to the backup data centre.
• Outage reporting: Your huume system is monitored from within the Azure platform and also using external monitoring service at all times.; ; We use a third party status board service, where we will post any ongoing incidents. Users can subscribe to receive automatic notifications for any incidents.; ; In the rare situation where we need to perform scheduled maintenance then we will contact your primary users to notify them in advance.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Azure Role Based Access Control (RBAC) is used to control which members of staff have access to the data centre, and then which services and environments within that.; ; Access is strictly on a need-to-access basis, with no access by default
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 22/01/2019
• What the ISO/IEC 27001 doesn’t cover: This covers the Microsoft Azure and Office 365 data centres and related procedures.; ; We are in the process of obtaining ISO 27001 accreditation for Huume Ltd
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: Our processes and governance follows the ISO 27001 standard and cloud security guidance from the National Cyber Security Centre.; ; We are currently in the process of gaining ISO 27001 accreditation.
• Information security policies and processes: Our processes and procedures have been designed to adhere to the ISO 27001 standard, and we are in the process of obtaining accreditation for this. Annual management reviews and audits are carried out to ensure that our security policies and processes are followed.; ; Security is at the heart of everything we do, and our approach to security is multi-layered. For more details about our approach to security, please contact us.; ; We are registered with the Information Commissioner’s Office for Data Protection. Our processes and procedures incorporate the Data Protection Act 2018 and therefore the General Data Protection Regulation (GDPR) that apply in the UK. This includes training and procedures to handle any subject access requests, as well as conducting and supporting our customers through Privacy Impact Assessments and Privacy Notices.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: We adhere to a Secure Development Lifecycle, which ensures that security is considered throughout our development processes, from design, development to testing and release.; ; All changes pass through our QA environment, which is a close mirror of the production environment, before being deployed further.; ; Access to our production environment is closely controlled, so that only authorised and trained staff have access.; ; Changes to this environment are audited and monitored to ensure appropriate changes are made.; ; The majority of our production environment is built from source-controlled scripts to ensure consistency and maintain security.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Our processes have been designed to adhere to the ISO 27001 standard, and this includes regular risk assessments, management reviews and audits.; ; Any vulnerabilities identified are tracked, investigated and prioritised. High priority issues are addressed as a matter of urgency and deployed to production as soon as they have completed our QA checks. Other issues are incorporated into the development plan as appropriate.; ; We also have a responsible disclosure policy, and publish contact details so if a security researcher or other person believes they have identified a vulnerability then we can easily be contacted to clarify and resolve any issues.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Our huume product is monitored from within the Microsoft Azure platform and also using external monitoring service at all times. Any issues are notified to our staff so they can be investigated.; ; We also utilise multi-layered intelligent threat detection platforms to continuously identify and defend against any threats, this includes Web Application firewalls and advanced threat analytics.
• Incident management type: Supplier-defined controls
• Incident management approach: Any potential security incidents are treated as highest priority and will be investigated by our support teams urgently, often escalated to our most senior support team members and the product development team.; ; As with all our support tickets, we will keep you updated as the investigation continues, and provide the results of our investigation and any remedial work.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  We offset the carbon created by powering and maintaining our cloud-based hosting, and only chose service providers with active programmes to minimise and address their own carbon footprint. Our current hosting partner, Microsoft, aims to be carbon negative by 2030 including its entire supply chain.

Pricing

• Price: £10,000 to £31,500 a licence a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Access to a sandbox site which is identical to the live version, along with appropriate training materials, and access to our pre-sales team.; ; You can configure this system as required, and add test data as needed. ; ; The length of the free trial is 30 days, this can be extended.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at contact@huume.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.