Decision Time Ltd

Decision Time Grants

Decision Time Grants is a system that simplifies and streamlines the entire grant administration process. This end-to-end system makes online applications easy, supports real-time evaluation, scoring, monitoring and management of multiple grant streams from submission to close.

Features

  • Integrated, easy to use online submission of applications.
  • Forms engine allows complex grant forms to be presented simply.
  • Applicants see grants available, deadlines and guidance notes.
  • System manages all stages of the grant process.
  • Flexible forms and workflow allow us to match your process.
  • Very intuitive easy to use interface for all users.
  • Detailed and summary reports available on all data.
  • Visual workflow dashboard shows snapshot of current status.
  • Range of scoring and evaluation options to meet your requirements.
  • Finance details, payments and refunds managed and recorded.

Benefits

  • Simplify the process for applicants.
  • Ensure information provided by applicants is appropriate and accurate.
  • Give feedback to applicants via web and email reducing queries.
  • Ensure a full audit trail and structure for every decision.
  • See at a glance the current status of all grants.
  • Manage the grant process with step by step actions.
  • Dramatically reduce the time spent on administration.
  • Filters and search tools make finding information simple.
  • All information about applicant and application is in one place.
  • Implement a controlled, auditable, efficient grant process.

Pricing

£250 per user per month

  • Education pricing available

Service documents

G-Cloud 11

132143800080628

Decision Time Ltd

Geoff Higgins

02894487753

geoff.higgins@decisiontime.co.uk

Service scope

Service scope
Software add-on or extension No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints None
System requirements None - wide range of device and operating systems supported.

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Critical – 1hr response – 1 hr fix

Significant – 1 hr response 6 hr fix

Minor – 4 hr response – 2 day fix

Low – next day response – 5 day fix
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels The system is monitored 24/7 to automatically detect failures of the software or hosting infrastructure and to alert on-call senior staff who respond to investigate to restore functionality immediately.

User support calls are handled by our helpdesk and can be emailed at any time or telephoned during office hours. All requests generate a ticket which is managed to completion and can be monitored and updated by the customer through a web portal.

Tickets raised outside office hours are monitored and if urgent will be dealt with ASAP.

Critical - System failure or critical processes are non-functional: 1 hour response, up to 4 hours fix.

Significant - Major functionality severely impaired while many operations continue: 1 hour response, up to 6 hours fix.

Minor - Partial, non-critical loss of functionality, non-urgent queries or user access issues: 4 hours response, 2 days fix.

Low - Issues not affecting key functionality and general user queries : 1 day response, up to 1 week fix.

Bespoke support packages can be negotiated at an additional cost. A technical account manager will be allocated to customers based on size and complexity or on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Online Training, Onsite Training, Help Documentation, Telephone and Ticketing support
Service documentation Yes
Documentation formats
  • PDF
  • Other
Other documentation formats Stored videos (Vimeo)
End-of-contract data extraction Under our standard terms and conditions we require 30 days notification of termination. Once notified we will arrange an export of the customer data in the format that has been agreed at the contract initiation stage.
End-of-contract process Decision Time will provide export and migration services as may have been expressly agreed by the Parties, and as described in the Service Definition.

The scope and cost of the migration will be agreed at the project initiation stage.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service None - same interface across all platforms.
API Yes
What users can and can't do using the API The API is not provided for normal user access but for integration with other web services or internal systems used by customers.

Standard documentation is not currently provided since the use of the API is specific and tailored to each customer.
API documentation No
API sandbox or test environment Yes
Customisation available Yes
Description of customisation Significant levels of customisation are built into the system from simple branding to the definition of grant forms, scoring and evaluation questions, etc.

The public facing content, grant availability, welcome text, guidance notes etc. are also all customisable.

Email and letter templates are completely customisable including the merging of data from grant forms and the evaluation forms into detailed letters of offer with tables, text, logos etc.

Grant forms are extremely customisable with a detailed forms engine allowing for complex validation and automation of the form as well as several ways to present help and guidance to the applicant.

The system also has facilities for more bespoke tailoring of functionality to a customer specific requirement. These types of feature can be used by our development and support team to configure more complex customisation.

Scaling

Scaling
Independence of resources Using a scalable infrastructure and capacity monitoring and management we are able to stay ahead of user demand. Load balancing solutions are also available and increasingly used.

Analytics

Analytics
Service usage metrics Yes
Metrics types Metrics are available on request including details of who accessed / edited data.

Real-time information dashboards provide information about number of drafts in progress and the numbers submitted etc.
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach ISO 27001 certified data centre appropriate for Official data
Comprehensive CCTV coverage with footage retained for 90 days
Biometric and/or RFID badge controlled access to data halls
Physical access limited to specific necessary personnel.

Also key customer data - documents, and notes, are stored encrypted and obfuscated within the database.
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Reports customised to the customer requirements can be exported as CSV for import into other systems and applications.
Data export formats CSV
Data import formats
  • CSV
  • Other
Other data import formats PDF

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability As a minimum, the standard service will be available for 99.9% of the time between 8.30am and 5pm Monday to Friday, excluding bank/public holidays. With the exception of planned maintenance, the service will be available (but not guaranteed) on a 24x7 basis.
Approach to resilience We use a variety of standard techniques including redundancy to ensure resilience and to continually strengthen and improve availability.

More specific information is available on request.
Outage reporting Outage reports are sent by email and text to the support team and displayed on a private dashboard.

Customers are generally notified by email of any significant outages affecting them.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels In most cases management interfaces such as the creation of users, changing their permissions etc. is carried out by a specified administrative user within the customer's organisation and authorised by their username and password.

The support team are instructed not to make direct changes to, for example, the permissions of a meeting or a user unless absolutely necessary and then only after we have contacted the appropriate meeting organiser by phone or email to confirm.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 6 months and 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 BMTRADA
ISO/IEC 27001 accreditation date July 2016
What the ISO/IEC 27001 doesn’t cover Our certification covers Development and support of web based products for public, private and voluntary sectors.Anything outside of this scope is not covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes As part of our ISO27001 implementation we have developed an Information Security Policy Manual (ISMS). This ISMS applies to all information assets held by Decision Time. It applies to all users who undertake work for Decision Time or use any part of the IT infrastructure whether as an employee, a contractor, partner agency, external consultant or 3rd party IT supplier.

The scope of the Policy applies to the provision of software solutions from the company Head office at Antrim. A separate ISO27001 certification is held by our hosting provider and covers all of their hosting and infrastructure provision.

The ISMS, statements of policy, individual policies are communicated regularly to all staff and are audited both internally by the management team, by third-party consultants and externally by the awarding body.

Policies include:

Acceptable Usage Policy
Access Control Policy
Asset Mgt Policy
Backup Policy
Business Continuity Policy
Change Control Policy
Data Protection Policy
Encryption Policy
Incident Management Policy
Information Retention, Archiving and Disposal policy
Information Security Policy
Maintenance and Capacity
Mobile Device Policy
Project Management and Secure Development Policy
Risk Assessment Process
Screening Policy
Teleworking Policy
Vulnerability Management Policy

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Server and infrastructure information is tracked through a set of secure documents detailing access controls etc and the configuration details. changes to these are agreed by the Technical Director prior to rollout and assessed for their security implications as required.

Changes to software are handled through a distributed revision / version control system that maintains a history of changes and their authors and allows easy reversion and roll-back when necessary.

A "Pull Request" process controls any changes to the master branch of the code ensuring that changes are reviewed by Senior Developers for quality, bugs and security.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our vulnerability management policy sets out a process to ensure that technical vulnerabilities are managed in proactive manner.

This includes periodic penetration testing by our own staff and by external consultants as necessary, Automated update processes Log monitoring and perimeter testing and monitoring tools.

This is an evolving process with additional checks and procedures implemented where identified by the technical team.
Protective monitoring type Undisclosed
Protective monitoring approach There are automated and manual protective monitoring processes in place but it would not be appropriate to disclose them.

More details can be provided to customers on request.
Incident management type Supplier-defined controls
Incident management approach A specific Incident Management policy is in place. The purpose of this policy is as follows:

1) To ensure that incidents are identified and logged;
2) To ensure that incidents are investigated;
3) To ensure that corrective measures are identified and introduced.

All staff are individually responsible for reporting information security incidents.

All incidents are reported to the Technical Director or in his absence the Business Director. He/she will then ensure that an appropriate investigation is undertaken and details communicated to any affected customers.

A full process for investigation and reporting is documented in the policy.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £250 per user per month
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑