Octavia Software

OSKA+ People Services Software & App

Octavia provide a unique software package, OSKA+ for recording service delivery and interaction with customers. Typically used by Housing Organisations, Local Authorities and the Voluntary sector to support business growth by recording and evidencing service delivery and compliance across; older/younger peoples support services, tenancy sustainment and into-work programs.

Features

  • OSKA+ available on Android, Windows & Apple online and offline
  • Simple, effective forms for staff ‘out in the field’
  • Interactive Dashboards with real-time updates
  • Instant statistics critical for service delivery improvements and compliance
  • Flexible background database with two-way integration to existing databases
  • Powerful management and performance data across multiple business streams
  • Effective management reports using powerful reporting tools including PowerBI
  • Cost-time savings through increased performance and efficient service delivery
  • Win new contracts using accurate service delivery data
  • Care Equipment Inventory

Benefits

  • Dashboard provides a user specific start of day visits summary
  • Configurable screens tailored to service requirements
  • Pre-filled forms for completion including client signature capture
  • Access client data while online helping deliver successful outcomes
  • Data submitted via forms instantly available providing real time reporting
  • Managers can re-assign appointments to other staff due to absence
  • Schedule H&S compliance checks send follow-up communication to other departments
  • High levels of security throughout the system
  • Service segregation via user access rights

Pricing

£16540 per instance per year

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

1 0 6 1 2 8 3 6 8 8 7 3 5 4 3

Contact

Octavia Software

Sue Lyons

02033978312

sue.lyons@octaviasoftware.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Housing management systems
Finance systems
Out of hours care line providers/systems
Social services health systems
Maintenance systems
Student support systems
Cloud deployment model
Private cloud
Service constraints
None as any planned server maintenance or software updates are generally scheduled to take place out of hours and in with minimal disruption to our customers.
System requirements
  • Option1: Fully Hosted Solution requires access to a browser for:
  • IT/Systems management & General user access
  • Digital Forms available on; IOS, Android or Windows
  • Options 2: Self Hosted Solution requirements:
  • IT/Systems Management SQL Server 2014+ Windows Server 2012 R2+
  • Client Desktop Windows 7 or 10
  • Digital Forms available on; IOS, Android or Windows

User support

Email or online ticketing support
Email or online ticketing
Support response times
Calls are categorised into:
All calls are logged using our online ticketing system: FreshDesk
An immediate response is sent as each call is logged
General Resolution Times:
Routine within 4 working days
Urgent within 1 working day
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
The support contract provides access to the help desk where all calls are logged and responded to according our service level standards. This level of support is charged as an annual fee and is based on the number of users and system modules purchased.

Technical account managers are not included in the standard support contract but can be arranged and provided in a separate contract at an additional cost
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A Project Plan including an implementation schedule would be provided and agreed with the client, this would be monitored throughout to ensure delivery against target timescales.
Working with our clients nominated team an implementation plan would be agreed and would include; customisation, user access rights, digital form and reporting requirements, training and sign off process.
Following the above stages of implementation there will be a period of user acceptance training during which the client will test their set-up and create user procedures to match their processes.
The system includes an area for attaching training material which is either supplied by Octavia or client generated.
We work with our customers throughout the implementation stages to ensure all aspects of the system are delivered to specification and are fully operational.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Scripts can be written to extract the required data in csv format.
Alternatively a single user licence can be maintained providing access to existing data for an agreement period o f time
End-of-contract process
On receipt of notice an agreement will be made with the client to confirm:
user licence end date
if single licence access is required for a period of time
if a specified data extract is required
Following the above decisions an end of contract document will be drawn up which will include any costs relating to data extract or contract extension and the final end date
When the agreed end date is reached the user licences will be automatically terminated

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Administration element is currently only accessible on the desktop service.
Signatures can only be collected using the mobile service
Digital Pre-filled forms are only available on the mobile service
Service interface
Yes
Description of service interface
The service interface is used to link to other software applications. There is a standard format which can be adjusted to accommodate specific software applications.
Accessibility standards
None or don’t know
Description of accessibility
Our screens have been designed overtime with clients including those with accessibility requirements and this has helped to inform the layout and usability of our screens/digital forms.
We remain committed to designing our software in a way that makes it accessible.
Accessibility testing
While we have introduced and modified our software to users with additional accessibility requirements this has not been formally documented.
API
Yes
What users can and can't do using the API
Our API is not intended for end user usage, access to the data is via our various client application interfaces.
The API interface is used by our client applications only
API documentation
Yes
API documentation formats
PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
1. What can be customised:
Field labels
Digital Form Formats
User views
Reports
2. How users can customise:
Users with administration rights can change, hide and re-purpose fields and hide screens
3. Who can customise:
System Administrators can customise specific areas of the software

Scaling

Independence of resources
Trend analysis based on monitored data from key systems is used to determine capacity barriers and thresholds, the end game is to avoid bottlenecks within the infrastructure and service capacity. This is combined with management input regarding new systems and business growth. Business capacity management includes capacity planning, assessments and projections for current and future business needs.
Core Services are regularly monitored by using sophisticated monitoring agents to track and report on operational systems, for:
• Storage
• Backup
• Compute
• Network throughput

Analytics

Service usage metrics
Yes
Metrics types
Service usage metrics can be provided to specification
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Other
Other data at rest protection approach
Data is never in transit, it resides on secure servers in the data centre which is accessed by the customer using a secure browser connection The only exception to this would be at end of service when a data extract may be provided. This would be achieved via a secure link that the customer would use to download the data.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Customers can export their data in csv either using their own script or a script specified by the customer and written by Octavia. The data file can be exported and placed in the specified location
Data export formats
CSV
Data import formats
CSV

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
There is no data transfer between buyers network and the customer network. The software and the data are stored in the hosted cloud server and are accessed via secure logins, the data does not get transferred.
Data protection within supplier network
Other
Other protection within supplier network
Riverlite our third party hosting provider utilise the Cisco ASA Firepower to monitor threats along with an incident response process to manage unauthorised access to the network and IT systems. At a high level the Information Security Incident Reporting & Management Process details:
o Detection
o Response
o Mitigation
o Reporting
o Recovery
o Remediation
o Lessons Learned

Availability and resilience

Guaranteed availability
The target availability for the data centre is 99.999%. The data centres infrastructure are manned 24/7/365 for availability.
Approach to resilience
The data centres are resilient by design and have resilient internet feeds, resilient pairs of firewall, resilient LAN switches, servers and storage.
The power to the data centres is from dual feeds, with UPS back and onsite generators. At full load the UPS can support the environment for 72 hours.
The data centre is monitored by carbon, heat & smoke sensors, which are monitored 24x7x365 by the data centre NOC team. Water detection is provided in the underfloor crawl spaces, alongside the monitoring of the non-conductive water vapour (cooling) fire suppression system.
Outage reporting
Email alerts:
All major outages are reported via the telephone and followed up with an email. All subsequent updates are via email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels
This is achieved via user access rights which are set-up at the outset based on customer requirements. Users can be grouped into banded access groups.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cisco ASA Firepower is used to monitor threats along with an incident response process to manage unauthorised access to the network and IT systems. At a high level the Information Security Incident Reporting & Management Process details:
o Detection
o Response
o Mitigation
o Reporting
o Recovery
o Remediation
o Lessons Learned

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Our software is tracked through a change log and each instance is assessed for security risk.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
A vulnerability assessment is carried out internally twice a year using industry standard tools, generating technical reports for interpretation by a technical specialist.
Information about potential threats come directly from the software/hardware vendor. Any update testing will be performed on a standard Riverlite image of the given operating system. Patches are made available via standard WSUS channels.
The ISO 27001 framework assesses for impact of loss of confidentiality, integrity, and availability of assets as part of the Risk Management requirements. Appropriate controls are put in place and monitored for conformance and effectiveness and regularly reviewed ensuring maximum uptime.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Riverlite our cloud services provide utilise the Cisco ASA Firepower to monitor threats along with an incident response process to manage unauthorised access to the network and IT systems. At a high level the Information Security Incident Reporting & Management Process details:
o Detection
o Response
o Mitigation
o Reporting
o Recovery
o Remediation
o Lessons Learned
Incident management type
Supplier-defined controls
Incident management approach
All incidents recorded via our call logging software - FreshDesk.
Incident Reports are provided where appropriate to our customers using the data held in the call logging software.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£16540 per instance per year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑