SITS by Tribal
SITS:Vision manages all student administrative processes from enquiries and applications through to graduation and alumni through a fully integrated software system. Functionality exists to support: Student Recruitment and Admissions, Curriculum Management, Enrolment, Student Finance, Research, Placements, Assessments, Progression and Awards, Graduation, Alumni, Statutory Reporting, CRM, Student Support, Integration and Reporting.
Features
- Fully integrated student lifecycle management from initial enquiry to alumni
- Integrated CRM with a holistic view of student interactions
- Reporting provided across all business process areas
- Role based self-service web portal access for all users
- Support for HE Statutory obligations
- Rules based logic for progression and awards processing
- Student Support including enquiries, FAQs, appointments and real-time chat
- Powerful Templates and blueprints
- UK based support; support portal and dynamic user community
- Experienced consultants, many employed directly from Higher Education
Benefits
- Improved data quality with validation on entry
- Increased efficiency through automation of processes, communications and integrations
- Intuitive and timely delivery of information to all stakeholders
- Attracting talent and on-boarding of new students
- Enhanced student and user experience
- Optimised student retention and outcomes through reporting and intervention
- Students are supported through every step of their journey
- Configurable templates for ease of deployment
- Highly scalable to meet the needs of all institutions
- Configured to your exact specifications to meet your specific requirements
Pricing
£249,000 an instance a year
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
9 9 3 7 0 1 3 0 5 0 7 0 0 5 6
Contact
Tribal Education Limited
Fleur Brennan
Telephone: 0330 016 4000
Email: technology.bids@tribalgroup.com
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Public cloud
- Service constraints
- No specific hardware requirements when running on cloud
- System requirements
- N/a
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Our response times to queries and incidents is based upon the severity of the incident in question. Critical faults (P1) are responded to within an hour. Major faults (P2) are responded to within two working hours. Important faults (P3) are responded to within four working hours. Minor faults (P4) are responded to within eight working hours. Our working hours are Monday-Friday 0900 to 1700 - therefore there would not be a response on weekends. Customers can provide us with an impact and urgency rating for any issues they raise which we use to help triage and assign priority.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
All services offered will be supported by a Service Level Agreement suitable to the customer and the service ordered.
There are three levels of service available; Essential, Enhanced and Enterprise and depending on the level of service required this will include a Service Delivery manager, Technical Project Coordinator and assigned Cloud Consultant.
If additional out of hours or onsite support is required then this option is available at additional cost. - Support available to third parties
- No
Onboarding and offboarding
- Getting started
- The system is provided with a full suite of user documentation. During initiation of the project a full training plan will be scheduled and delivered according to the project timescales. Training is predominantly carried out on site. However, there are online training manuals and recorded training materials available as well.
- Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
- The underlying database containing all customer data would be provided to a customer-accessible destination prior to the contract ending.
- End-of-contract process
- We would work with the customer to define an exit plan which would involve extraction of data and completion of any outstanding services. The exact nature and cost of this exit plan will vary from customer to customer depending on their requirements.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Safari
- Opera
- Application to install
- Yes
- Compatible operating systems
-
- Linux or Unix
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- The web application is responsive design and the interface is configurable by the administrative user. The institution can decide what information is presented and how it differs between mobile and desktop services. Functionally there is no difference.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AA or EN 301 549
- Description of service interface
-
Roles based access is a core part of the solution and guides many processes. The solution is presented to students using a self-service web portal.
The solution's role group functionality enables all web portal content to be granted based upon fully configurable rules. All role groups are defined within the system with web portal access being dynamically calculated at login. The system can use either centralised or standalone authentication.
It is a responsive design, designed to work on any device. Built using standard HTML and javascript, it can be branded to fit the requirements of the institution/user. - Accessibility standards
- WCAG 2.1 AA or EN 301 549
- Accessibility testing
- The web portal aims to be compatible with WCAG AA accessibility standards. The institution can customise the portal to ensure any styling that is used is accessible as well as using the programmed solutions. We test with a range of screen readers which all work within our web portal. In order to make our web screens perceivable we aim to provide text alternatives for any non-text content so that it can be changed to fit the user’s requirements. We aim to make all of our web functionality available from a keyboard so that it is operable by any user. To make our web content understandable we aim to make web pages operate in predictable ways by ensuring that common features work in the same way across the software. We try to help users to both avoid and correct any mistakes on the web pages by providing help text and useful error messaging.
- API
- Yes
- What users can and can't do using the API
- There is an interface creation tool which allows institutions to create and modify APIs to their own requirements. This allows them to interface with whatever pieces of software they require.
- API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- Yes
- Customisation available
- Yes
- Description of customisation
- Any users with the appropriate privileges can utilise the in-built system tools to configure their application to meet their requirements. Customisation does not involve altering application source code but rather defining data which drives how the system is rendered and how users go through processes.
Scaling
- Independence of resources
-
Tribal’s Cloud provision for SITS is offered as a single tenancy option only, ensuring the customers have their own dedicated virtual resources residing on back-end shared physical hardware. This ensures that other customers demands on the system do not affect the provision and performance of the application, avoiding so called ‘noisy neighbour’ issues.
Tribal offers public cloud provision through Amazon AWS
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Tribal Cloud incorporates an application to provide alerts to relevant teams when issues arise or thresholds are exceeded. It is a SaaS-based automated IT performance platform. Performance and up-time statistics can be provided as part of a monthly service delivery review
It can monitor any Tribal Cloud service as part of our managed service - Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Encryption of all physical media
- Other
- Other data at rest protection approach
-
Database instances will be encrypted including snapshots at rest using an industry standard. Once the data is encrypted, authentication of access and decryption of the data is handled transparently with a minimal impact on performance.
Physical access is managed by AWS/Microsoft as appropriate as it is a public cloud offering. - Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- All data can be exported through the application using inbuilt tools. It can be exported to any file format or delimiter format including csv and xml
- Data export formats
-
- CSV
- Other
- Other data export formats
- Xml
- Data import formats
-
- CSV
- Other
- Other data import formats
- Xml
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- We offer a minimum 99.5% availability, assured by contractual commitments. Exact SLAs will vary from client to client and their desired uptime.
- Approach to resilience
-
Public Cloud:
The public cloud provides the ability to place instances (servers) in multiple locations composed of Regions and Availability Zones. Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low-latency network connectivity to other Availability Zones in the same Region.
By deploying the web, application and database instances in separate Availability Zones, the solution is protected from failure of a single location. The region consists of more than one Availability Zone, is geographically dispersed, and is located in separate geographic areas. - Outage reporting
- Service outages are reported through both our support portal and direct contact from the appropriate service delivery manager who is assigned to the client. The method of communication will be agreed with the specific client, but could include email alerts, direct phone calls etc.
Identity and authentication
- User authentication needed
- Yes
- User authentication
- Username or password
- Access restrictions in management interfaces and support channels
- Access in management interface and support channels is managed on a Role based Access Control system (RBAC) as with the rest of the system. In this way you can control which areas of the system and support users have access to.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Dedicated link (for example VPN)
- Username or password
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyd's Register LRQA
- ISO/IEC 27001 accreditation date
- 02/05/2017
- What the ISO/IEC 27001 doesn’t cover
- N/A - our ISO accreditation covers all of our business activities.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
- ISO9001:2008
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Tribal has been an ISO27001 certified organisation since 2009 and all of our development and delivery services will be delivered from locations which are specifically ISO27001 certified. The accreditation process included a review of Tribal’s Information Security Management System (ISMS) and our overall policy for handling data including how it is collected, held and maintained.
We have local security forums for all of our offices, which feed into our central Information Security Governance forum which reports to the board. We have permanent Quality and Security Managers who form part of this board.
As well as our regular certification revalidation process (carried out by external evaluators) we regularly test our systems and processes with a series of internal audits to ensure that policies and processes are being followed.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- For our software solutions, Tribal has a structured Change Control process for managing requests for change and enhancements. All Requests for Changes (RFCs) are raised via the Service Desk and go through internal vetting by the respective support team before gaining authorisation from Tribal. Regular Change Advisory Boards meet to review Emergency and non-standard changes. Details of all changes are provided to the Service Manager to review and will obtain final approval from the Contracting Body before proceeding. The Contracting Body will be involved in the change Process at each stage and included in any post implementation review as required.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
As part of our ISO27001 processes we have a risk/vulnerability assessment procedure which will be undertaken on any new customer site and service.
Patches will be deployed depending on the severity of the problem and the level of testing required.
Information about potential threats is found based upon initial and recurring risks assessments, internal procedures and known threats highlighted by both the industry and users. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Our managed service includes the proactive monitoring of all services to identify potential compromises.
Based upon the nature of the compromise we would then respond to the agreed SLA.
The speed of the response will be determined by the severity of the incident. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Our ISO27001 processes include a defined Incident Management process. All personnel are responsible for reporting incidents to the Information Governance Committee (IGC) or Security Forum representatives as quickly as possible. We have a formal Incident Report Form which staff use for recording the details of the incidents.
Security weaknesses will be recorded on a spreadsheet for tracking purposes. Any person can identify weaknesses, which will be managed by the Quality team in conjunction with the Security Forums and IGC as appropriate.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Fighting climate change
-
Fighting climate change
We are focused on finding ways to reduce our overall resource consumption. We have met our commitment to going paperless, a key initiative we had launched in 2020, by ceasing or reducing contracts with all printer-photocopiers globally to minimum operational levels. With regards to cloud computing, we have specialist resources focussed on cloud optimisation to ensure we are not wasting energy by having too many servers running that we do not need.
The proposed solution is hosted in Amazon Web Services (AWS), available anywhere in the world from any device, supporting flexible working for your staff and helping to reducing the need to be in the office. AWS is on path to achieve 100% renewable energy by 2025 and as the world’s largest corporate buyer of renewable energy, Amazon uses new renewable energy on the electric grid in Europe to power the platform upon which the SMS will run. - Covid-19 recovery
-
Covid-19 recovery
Our solution can be accessed over the web, via any device. This will allow you to implement remote working practices where appropriate to support the recovery from Covid-19, ensuring remote working is possible and social distancing can be maintained. This will also allow those who are vulnerable or shielding to continue to perform their duties. - Tackling economic inequality
-
Tackling economic inequality
n/a - Equal opportunity
-
Equal opportunity
n/a - Wellbeing
-
Wellbeing
n/a
Pricing
- Price
- £249,000 an instance a year
- Discount for educational organisations
- No
- Free trial available
- No