TROJAN CONSULTANTS LIMITED

Caspar Cloud

The Caspar Cloud SaaS application is a comprehensive case and financial management solution for Public Deputies, Solicitors, Appointees and their teams to manage the property and financial affairs of their clients under the orders and rules of the Court of Protection.

Features

• Automatic creation of planned income/expenditure facilitating financial planning
• On-screen account reconciliation / optional automation using bank transaction files
• Court of Protection workflow and system generated application forms
• Property/vehicle register with the facility to attach documents
• Letter writer to create bespoke templates populated with data
• User diary plus client notes, visits and funeral functionality
• User defined workflow to document departmental procedures
• Appointee and deputy fee calculation and forecasting
• Report writer to create and save user defined reports
• Pre-populated Office of the Public Guardian annual returns

Benefits

• A complete integrated client record, eliminates the need for spreadsheets
• Centralisation of processes and client data
• Improved caseload allocation and management
• Increased accuracy and efficiency in the account reconciliation process
• Automation of the fee calculation process
• Dramatically reduces time spent collating data for OPG reports
• Facilitates the court application process
• Improves reporting capabilities and data access
• Helps teams meet audit and statutory reporting requirements
• Time savings allow staff to manage more cases

£21,250 a server a year

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at larry.morgan@trojanconsultants.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

166529591911031

Contact

Larry Morgan
01527 882255
larry.morgan@trojanconsultants.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: CasparV is designed to work with the latest versions of Microsoft Edge, Google Chrome, Firefox and Safari or any appropriate browser with HTML5 support and requires access to the system via the internet. There are no other constraints.
• System requirements:
  • Computer with up to date internet browser
  • For 2-Factor Authentication a smartphone (android or iOS) is required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: On receipt, questions are triaged as being business critical, an interruption to normal service or non-serious.; Response and action to fix a business critical issue is provided within 2 hours.; Response to service interruption issues is provided within 4 hours with a 2 day fix time whilst non-serious issues carry a 4 hour response time with a fix in within 5 days.; The standard support service is available from 9am to 5pm, Monday to Friday excluding public holidays. Out of hours support may be arranged at additional cost.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web chat is accessible through the Trojan Consultants Limited website. In the chat users can initiate a live chat session with a support representative. If no representative is available to respond a ticket will automatically be created and the standard SLA will be applicable.
• Web chat accessibility testing: No web chat testing with assistive technology users has been carried out so far.
• Onsite support: Yes, at extra cost
• Support levels: Level 1 Business Critical – the system cannot fulfill its statutory business duties and the system is down - priority response and fix in 2 hours.; Level 2 Interruption to normal service.The system still performs the majority of statutory duties, but the fault prevents aspects of this not to be performed - response in 4 hours with fix in 2 days.; Level 3 Non serious. The system does not perform as per the user manual, is available for normal work but a more manual intervention is required - response in 4 hours with fix in 5 days.; The support service is included in the annual licence charge which covers all support and help desk assistance. The licence and support cost is calculated on a sliding scale based on the number of concurrent user licences held by the customer.; Each site is provided with a dedicated, named technical support contact
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The first stage of the consultancy, training and implementation process is delivered through a Workshop day where managers and operational staff are given a detailed presentation of the system and the underlying processes involved, in order to illustrate the scope of the system and to properly inform the changes in business procedures that may be required to fully realise the benefits and efficiencies offered by the implementation of the software. The session also focuses on data migration and system configuration. ; Detailed user training is provided either online or on-site as part of an agreed programme covering all aspects of system set up and daily use. The exclusive members area on our website also gives users access to the following resources:; • User guides covering all system modules; • Educational ‘how to’ videos focusing on core system functionality; • User forum to ask questions and share best practice; • Online support tool to request advice and guidance
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: Video
• End-of-contract data extraction: On termination of the contract Trojan provides a free of charge data extraction service whereby the data will be ready to be transferred within 1 working week of receipt of the customer request.
• End-of-contract process: Customers will be provided, free of charge, a full copy of their data in CSV format or SQL files in zipped format. If assistance is required to migrate to another system, then this can be provided at the prevailing professional services rate by mutual agreement.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• API: No
• Customisation available: Yes
• Description of customisation: User defined reporting and document production i.e letter and forms; User roles and access levels; Customised field names; ; Customisation is usually limited to a system supervisor with appropriate access permissions.

Scaling

• Independence of resources: Each environment is built separately and dedicated for a single customer. Based on the agreed number of the users, hardware and software configured in a manner to allow at least 20% headroom in case of spikes in user demand from a customer.

Analytics

• Service usage metrics: Yes
• Metrics types: User activity, System Usage, Service availability up-time, Service downtime analysis
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The CasparV application includes a report generator which allows users to build user defined reports to extract data in CSV format. Reports can be automatically output to MS Excel to enable the data to be edited or manipulated by the user into the required reporting format.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • Microsoft Word compatible formats
  • Microsoft Excel compatible formats
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: There is guaranteed level of availability for the Caspar application of 99% based on 24 hours per day. There are no contractual refund allowances under Trojan's current contractual Terms and Conditions of Business.
• Approach to resilience: Full details of the datacentre setup utilised by Trojan Consultants Limited is available upon request.
• Outage reporting: Outage reporting is provided manually via email to the users affected by any downtime.; Due to the nature of the service it is highly unlikely that multiple customers will be affected by a particular outage issue.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Named, per-user administrative accounts. Two Factor Authentication to access all business and administrative resources
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials Plus

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: The Company's security governance policies are written in line with certified standards and best practice. Updates to the policies are issued and staff training is carried out to ensure that all employees are fully aware of their responsibilities and actions required should they recognise a breakdown in the operation of the policies.; The datacentre that provides the application platform adheres to a broad range of information and security certifications & standards including SSAE18 SOC1, SOC2, SOC3, PCI DSS, ISO27001, ISO14001 and ISO9001
• Information security policies and processes: The datacentre is certified to ISO27001. ; Trojan Consultants Limited recognises the importance of excellence in governance and has produced procedure and policy documents that cover all the major areas of good governance from major frameworks although at this time it has not certified to any framework standards.; Policies cover an annual Cyber Essentials Plus audit, identity and access management, data encryption and data retention and protection procedures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All server configuration changes are documented on our Helpdesk and tracked on a client basis. All software changes and updates are tracked and documented in the release notes and the repository, new software is extensively tested in-house on a virtual environment before deploying to production. At this stage, in-house security testing is carried out and release is scheduled after satisfactory results.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Potential threats are assessed via a continual process of in-house vulnerability testing based on the latest intelligence around system attack methods etc.; Updates are applied in 14 days or less from release. ; • Updates that apply to the Windows® operating system (OS) itself. ; • Updates that are installed by default.; • Available add-on roles or services.; • Non-security updates if Datacentre Support and Trojan Consultants determines that they address a specific need that applies to our customer base as a whole, such as cumulative time zone updates.; • The latest definition updates for Windows Defender during monthly patching.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The service is protected by antivirus and real time monitoring.; • Real time protection of file system from malicious code in monitoring mode; • Scanning and neutralization of malicious code at the administrator’s request; • Constant scanning of dangerous VBScript and JavaScript scripts; • Scanning of riskware; • Quarantine of suspicious objects; ; If any of this monitoring is triggered, real time, 24/7 protection is provided.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are reported to Trojan via email from the hosting provider and further actions decided based on the nature of the incident. ; The service is monitored 24/7 for the most common security and service incidents and a team of experts at the hosting site are constantly evaluating the results. ; Trojan's incident response team will investigate reported incidents and initiate CAPA with the hosting provider. All incidents and investigation reports will be recorded in our support system and shared with customers. ; Our hosting partner conforms to the following standards - SSAE18 SOC1 SOC2 SOC3 PCI DSS ISO27001 ISO14001 ISO9001

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £21,250 a server a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The free demonstration version includes :; a single user system made available for 5 working days as standard; a fully functional system excluding document export; a pre-populated demonstration database; The customer is expected to take full responsibility for the data entered, used and viewed in the system

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at larry.morgan@trojanconsultants.com. Tell them what format you need. It will help if you say what assistive technology you use.