ASSESS MANAGEMENT LIMITED

Skills Management Services (SFIA)

We offer skill management services to help organisations implement any skills framework, such as SFIA (Skills Framework for the Information Age). We have the ability to work in any sector, building and customising skills frameworks for business. Once we have scoped requirements, we can implement delivery via our cloud-based platforms.

Features

• Real-time
• SSO
• Integration
• Cloud-based
• Skill-performance-data
• Hybrid skill additions
• Any skill Framework (SFIA specialists)
• Hierarchy management
• Manager verification
• White site

Benefits

• Align job descriptions to skills frameworks
• Assess employees against their roles
• Career Pathway management
• Personal Development Reviews PDPs
• Course logging
• Previous and Aspirational skills log
• 24/7 support
• Full administration support or self managed
• Customisable skill codes
• Combined skill management frameworks

£5 to £40 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kevin@validateskills.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

954041386736135

Contact

Kevin Tibbs
07738402970
kevin@validateskills.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Integration is depending on the clients own systems. We are the latest React and can integrate with the most popular systems, HR, LMS etc
• Cloud deployment model: Private cloud
• Service constraints: No, we may require down time for mass uploads with new features however using GitHub gives us the flexibility of very very rarely having to go off line.
• System requirements:
  • No requirements
  • Firewall acceptance if a closed gov service

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond within the hour to the first request. However we operate a 3 tier support service depending on the severity of the ticket.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Severity 1 - Software Application is moderately affected.; The issue is not critical and the system has not failed. The issue has been identified and does not hinder normal operation, or the situation may be temporarily circumvented using an available workaround. Service Provider will work during normal business hours to provide reasonable effort for workaround or solution within 5 business days, once the issue is reproducible.; ; Severity 2 - The software Application is seriously affected.; The issue is critical and does not comply with the Severity 1 conditions. There is no workaround currently available or the workaround is cumbersome to use. Service Provider will work during normal business hours to provide reasonable effort for workaround or solution within 3 business days, once the issue is reproducible.; ; Severity 3 - Software Application production system is down; Upon confirmation of receipt from the Client, Service Provider will begin continuous work on the issue, and a Client resource must be available at any time to assist with problem determination.; Once the issue is reproducible or once we have identified the defect, Service Provider support will provide reasonable effort for workaround or solution within 24 hours; ; Cost included in licensing
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide a dedicated consultant to assist in the scope and delivery. We provide training and workshops depending on clients requirements. Admin, Employee and Manager training. We also provide video tutorials, often delivered directly to the clients own account explaining the programme being delivered. Documented guides are available within the application.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We are able to offer EoC CSV files to include all data. This data is available at any point.
• End-of-contract process: We request 1 months notice or at the end of contract or without renewal we can provide the full data at no cost.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: We have designed within the GUI the screen size adjustments regardless of which device you are on.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: API enhances the functionality and capabilities of our React applications. Our React applications using API can fetch data from external sources, such as databases, servers, or third-party services. This enables developers to integrate dynamic content into their applications, providing users with real-time information. provide a secure way to access external data and services, reducing the risk of exposing sensitive information directly through the frontend. By using APIs with React, developers can implement authentication mechanisms and ensure data privacy and integrity. Our application ITSA can interact with external services and resources, making it easier to scale the application as needed. Developers can easily add new features or integrate additional services by utilizing APIs, ensuring scalability as the application grows.; Integrating using our API React tool ITSA offers numerous benefits such as improved user experience, faster development, scalability, reusability, and enhanced security. By leveraging APIs in React applications, developers can create dynamic, interactive, and efficient web experiences for users
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: Any part of our application can be customised within reason and at cost, each account can be developed specifically if the clients requirements fall outside our vanilla system.

Scaling

• Independence of resources: We treat all clients equally and are organic in our approach to service management. We separate clients needs depending on the SLA, we are able to scale up to cover any raise in demand leaving all clients unaffected.

Analytics

• Service usage metrics: Yes
• Metrics types: Identifying the skill competency of the organisation via mutiple channels. The skills framework adopted such as SFIA we can track development reviews, skills gaps, strengths and weaknesses within the organisations skill requirements. Our skills gap analysis is the process of identifying the difference between the skills employees currently have and the skills they need to perform their jobs effectively. This metric can help organisations identify areas where additional training may be needed and prioritize development efforts.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Exports via PDF and/or CSV download
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Our primary support is via the 24/7 (global) ticketing system for reporting bugs and errors in ITSA. These can be raised at any point (24/7) and acted upon within the contract window GMT 09:00 to 17:00; ; When required an incident will be passed to the appropriately skilled resource, responsible for a particular element of the Service, to fix the fault. This will include reporting errors within application modules as well as the overall system. All errors will be reported via the support application. For severity level 1 or 2 failures (as defined above in Section), Client must notify AML via our dedicated support email help@validateskills.com found within the ITSA application. AML support will raise a ticket on behalf of the client and give it its severity rating. The individual who raised the issue will be kept informed throughout. ; AML provide a dedicated helpdesk to resource support to the Client centres. The AML helpdesk will have responsibility for providing support across all areas of the operation of the system application, for example including regular tasks such as report generation.; AML provide the Client with a telephone number (01666 823148) and support e-mail (enquiries@validateskills.com)
• Approach to resilience: The platform ensures continuous uptime by automatically deploying a minimum of three data nodes per replica set across availability zones (AWS), fault domains (Azure), or zones (GCP). This distributed architecture mitigates the impact of outages and routine maintenance, ensuring uninterrupted service availability. The platform offers a fully managed backup service with continuous, consistent backups and point-in-time recovery capabilities. Custom retention policies provide flexibility in managing backup data, ensuring data integrity and availability.
• Outage reporting: IT skills analysis tool, it is crucial to promptly inform clients about the issue to manage expectations and maintain transparency. ; ; 1. Acknowledge the Issue via email and dashboard: Start by acknowledging the outage and informing clients that you are aware of the problem. Transparency is key in building trust with our clients.; ; 2. Provide Details: Offer a brief explanation of what caused the outage, if known, and assure clients that your team is working on resolving the issue as quickly as possible.; ; 3. Communicate Impact: Clearly communicate the impact of the outage on clients’ ability to access and use the IT skills analysis tool. Provide any relevant details on affected functionalities or services.; ; 4. Estimated Resolution Time: If possible, provide an estimated time for when the issue is expected to be resolved. Keep in mind that this may change as your team investigates the problem further.; ; 5. Alternative Solutions: Offer any alternative solutions or workarounds that clients can use in the meantime while the IT skills analysis tool is unavailable.; ; 6. Regular Updates: Commit to providing regular updates on the status of the outage and the progress towards resolving it. This helps keep clients informed and reassured.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Hierarchy set up within a dedicated account, strict access controls which restricts access to specific areas via access controls. Sensitive information, such as passwords, is encrypted using industry-accepted methods before being stored in the database. For integrations, we offer custom APIs that enable seamless communication with clients' L&D platforms, facilitating the exchange of related information securely.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: MongoDB Atlas prioritizes security with robust features such as TLS/SSL encryption, authentication, and authorization via SCRAM. Additional security measures include network isolation, VPC Peering on AWS, IP access lists, and encrypted storage volumes, safeguarding sensitive data against unauthorized access.
• Information security policies and processes: Our application is designed and managed in alignment with security best practices and a variety of IT security standards, including:; • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70); • SOC 2; • SOC 3; • FISMA, DIACAP, and FedRAMP; • DOD CSM Levels 1-5; • PCI DSS Level 1; • ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018; • ITAR; • FIPS 140-2; • MTCS Level 3; • HITRUST; ; In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards, including:; • Criminal Justice Information Services (CJIS); • Cloud Security Alliance (CSA); • Family Educational Rights and Privacy Act (FERPA); • Health Insurance Portability and Accountability Act (HIPAA); • Motion Picture Association of America (MPAA)

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: • A request for change (RFC) being raised via the ServiceDesk (Topdesk); • Approval by the Change Advisory Board; • An approved, documented plan of the sequence or steps for implementing and releasing the change into the live environment.; • Evidence demonstrating the fact that this change has been tested in a pre-live/staging environment first; • A rollback/mitigation plan in case of failure.; • A post-change test being documented to check that the change has been successfully applied.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: MongoDB Atlas prioritizes security with robust features such as TLS/SSL encryption, authentication, and authorization via SCRAM. Additional security measures include network isolation, VPC Peering on AWS, IP access lists, and encrypted storage volumes, safeguarding sensitive data against unauthorized access. Hosted on standard SSL, guaranteeing protection against eavesdropping, data tampering, and message forgery. Data and web hosting are securely managed on enterprise-grade cloud services, offering protection against denial-of-service attacks and other security threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Real-time monitoring and alerting capabilities provide instant visibility into critical database and hardware metrics. This proactive monitoring ensures that any potential issues affecting performance or user experience are identified and addressed promptly.
• Incident management type: Supplier-defined controls
• Incident management approach: Yes we have a predefined incident management approach, we offer an online ticket support to for clients if they wish can log a ticket directly via Jira or email a dedicated team who will respond in 1 hour. We provide incident reporting upon request per ticket.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Sustainable Investment Strategies: Assess Management has implemented sustainable investment strategies that prioritize environmental, social, and governance (ESG) factors. By integrating ESG criteria into their investment decisions, the company ensures that their investments support environmentally responsible practices and contribute to mitigating climate change.; ; Engagement with Companies: Assess Management actively engages with companies in their investment portfolio to encourage sustainable business practices. By advocating for carbon footprint reduction, renewable energy adoption, and other climate-friendly initiatives, the company influences positive change within the companies they invest in.; ; Supporting Renewable Energy: Assess Management supports renewable energy projects by investing in clean energy sources such as solar, wind, and hydroelectric power. By allocating resources to these sustainable initiatives, the company directly contributes to reducing greenhouse gas emissions and combating climate change on a broader scale.

  Covid-19 recovery

  In conclusion, managing post-Covid recovery in-house through Assess management involves several steps, including assessing the impact of the pandemic on each employee our organisation’s assets, prioritizing assets, developing a recovery plan, implementing the recovery plan, monitoring progress, and reviewing and adjusting as necessary. By following these steps, organizations can effectively manage their post-Covid recovery efforts and ensure that their employee are supported and assets are optimised for maximum value and minimum risk.

  Tackling economic inequality

  Assess Management is tackling economic inequality by implementing a comprehensive approach that includes sustainable investing strategies, engaging with companies to promote fair labour practices and diversity, advocating for policy changes that address income disparities, and supporting initiatives that aim to uplift marginalized communities. By integrating environmental, social, and governance (ESG) factors into their investment decisions, Assess Management seeks to drive positive change and create long-term value while addressing economic inequality on multiple fronts.

  Equal opportunity

  Assess Management is managing equal opportunities by implementing policies and practices that promote diversity and inclusion within the organization. They ensure fair recruitment and selection processes, provide equal training and development opportunities for all employees, and create a work environment free from discrimination and bias. Assess Management actively monitors and evaluates their diversity initiatives to identify areas for improvement and ensure that all employees have an equal chance to succeed based on their skills and qualifications, regardless of factors such as race, gender, or background.

  Wellbeing

  Asset Management’s wellbeing approach focuses on promoting physical health, supporting mental health, and fostering emotional wellbeing through various initiatives and programs. By taking a holistic approach to employee wellbeing, the company aims to create a positive work environment that supports its employees in achieving their full potential.

Pricing

• Price: £5 to £40 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A consultancy meeting to discuss requirements to include a demonstration of the skills management tool ITSA; A demo account can be set up depending on the clients needs
• Link to free trial: https://portal.validateskills.com/Login.aspx

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kevin@validateskills.com. Tell them what format you need. It will help if you say what assistive technology you use.